Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5977-1] aide security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5977-1] aide security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5977-1] aide security update
  • Date: Thu, 14 Aug 2025 14:31:31 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1umYzL-001uCm-1N AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=VcftVra3rEKopluLSe/RWP3YSE0MPzszvsAVJIWwRlM=; b=Gb GHemzKjDFFSacYGohJ6O3DCCETCYg7hdd8nH6R5nXldZF48LdownS3CUVB2Pkw6YYkgvf6h9nUp/F 6xwGW/uOEeBhBorZHG6wn9Dch5JUKPhtEAVdsgUllQtd8lXS761NET001TH4nKTqUuxUqVJ+rPkPy HPrJC+cM7vsmiB2JA+mW1COELj5KKtqLVBLGHjZtsWQS6ZDxBlpQtp/piXS3elkmmTZ38QJgFKVsU CDKU2qwJ7UL73pzkXAurBEMJMVsX6EfOolIR1AXQxh/6hDmURUhyFQLmP5/7PWVqgU6AX3FfU/qqE dw9gDyWW19GqXfex2+n53bNTshAqb8YQ==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 14 Aug 2025 14:31:53 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <yLTGwGqm3vP.A.Bj7G.ZNfnoB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5977-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : aide
CVE ID : CVE-2025-54389 CVE-2025-54409

Rajesh Pangare discovered two vulnerabilities in aide, an advanced
intrusion detection system. A local attacker can take advantage of these
flaws to hide the addition or removal of a file from the the report,
tamper with the log output, or cause aide to crash during report
printing or database listing.

For the oldstable distribution (bookworm), these problems have been fixed
in version 0.18.3-1+deb12u4.

For the stable distribution (trixie), these problems have been fixed in
version 0.19.1-2+deb13u1.

We recommend that you upgrade your aide packages.

For the detailed security status of aide please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/aide

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmid8d9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SOkQ/8CCVyn30GzN64Y0w/w9ywGX+dgoCf6+eyofQFQXyoM+sNWYqZZHArL/pP
eRkQ6hIVy/B6W2u9gbWjdcDl7TPNiMX0J7oO7qXpwUpkiXntzjTRJxZZI1nUI0oi
t+pOAAD+6jyJHe6LE43SoWgv01RJh/z63+exG/NK4Je4UGofJ+FgStF7vkloMCYT
d+s+dFL5zw+laysgkk5cOhODdJ+VOcEpdLW2KrAnuwf96SDdNvMkbOcgaPnEXKII
pXJHyomRszFxyFB3hXrJdmToRzTvH4pvXL5MAffIqTAMSAh2lx+8RuqXE4hcY4Gs
go47CGUAhAfQyegd5dOzLE7xs8x7XyfH3tcj8DInw5WT1kCSrTl1ujkimg0fEVrX
w2qs1oZP80lSdkoHRAXKARcO3IwKEouseIVhV9NeXTUWEUrBx2n+dDl5yuJEgb+s
a1e+JFEz/wttDsoBFXptvPWoU09dq+PpBpYNTwhkk+IyVD8AXSnPZvkeJbQ3zCWl
fHHixIgn1EGS0gDbZtlQumNF6yfoQXUsCtaXurQ6WaertYL0QScpnyUwA8Atv5ZC
BDCIAl9UzU+/bgqzLUNoQ6Y/ciF8qFgADGFjzw4sEDxI/c+AtZdwB4zQ4yAMTPQO
yI/iRftHwdtBRDTLct7dW+SN+jbFkRxnuIkhDHM0i6hUxt1RfGQ=
=7bY5
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5977-1] aide security update, Salvatore Bonaccorso, 14.08.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang