MEPIS This forum is for the discussion of MEPIS Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-15-2007, 12:25 PM
|
#1
|
Member
Registered: Aug 2004
Distribution: Mepis
Posts: 70
Rep:
|
MadWiFi security threat...
It seems a lot of folks here recommend MadWiFi, and I saw this while surfing:
http://www.pcworld.com/article/id,13...1/article.html
I have not seen any updates from Synaptic fixing this security breach.
Conspiracy theory: MSBill is covertly throwing wrenches into the Linux machine just to say, "S-s-se-see! Linux has security problems, t-t-t-too!" Anyone as paranoid as I am?
|
|
|
04-15-2007, 12:59 PM
|
#2
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
AFAIK, this was taken care of last December. You can see the changes here and here.
|
|
|
04-15-2007, 01:37 PM
|
#3
|
Member
Registered: Aug 2004
Distribution: Mepis
Posts: 70
Original Poster
Rep:
|
I see your links show it was fixed, but the article states that some distros could be vulnerable by not adding the fix. Do you know if the fix was included in Mepis, or in the updates distributed via apt-get and synaptic?
|
|
|
04-15-2007, 06:53 PM
|
#4
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
I don’t know any about the repositories for any specific distros, but it seems like the security fix is in version 0.9.2.1 and greater, and the oops fix is in 0.9.3 and greater. Your package manager should use the same version numbers so you should be able to figure it out from there.
|
|
|
04-17-2007, 04:24 PM
|
#5
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
|
For a quick check run:
Code:
$ apt-cache showpkg madwifi-tools
Package: madwifi-tools
Versions:
1:0.9.2+dfsg-1 ...
Note the "1:" before the true ver. #, ignore it -- it is a Debianism that I can't explain.
& BTW, I'm still running 3.3.2 on this box, so of course the ver. looks out of date.
|
|
|
04-18-2007, 10:31 PM
|
#7
|
Member
Registered: Aug 2004
Distribution: Mepis
Posts: 70
Original Poster
Rep:
|
Quote:
Originally Posted by osor
I don’t know any about the repositories for any specific distros, but it seems like the security fix is in version 0.9.2.1 and greater, and the oops fix is in 0.9.3 and greater. Your package manager should use the same version numbers so you should be able to figure it out from there.
|
I did an apt-get policy madwifi-tools and received this:
Code:
madwifi-tools:
Installed: 1:0.9.2+dfsg-1
Candidate: 1:0.9.2+dfsg-1
Version table:
*** 1:0.9.2+dfsg-1 0
990 http://apt.mepis.org mepis/main Packages
100 /var/lib/dpkg/status
So, I tried apt-get install madwifi-tools (after an apt-get update) and received this:
Code:
Reading package lists... Done
Building dependency tree... Done
madwifi-tools is already the newest version.
Is there a way to get 0.9.3 through apt-get or synaptic, or must I download and install the package?
|
|
|
04-19-2007, 09:58 AM
|
#8
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Sorry I haven’t replied in awhile, but I do not think the “madwifi-tools” package contains the affected code…
I don’t know about Mepis, but for Debian, see here. As you can see the version number (1:0.9.2+r1842.20061207-2) states that it is from the 0.9.2 branch, with svn revision 1842 (the aforementioned security fix) and was packaged on 20061207. Why they don’t use the package maintainers’ version number is beyond me. I also don’t know why they split up the code.
Bottom line: if your apt-style distro has the package madwifi-source with version number 1:0.9.2+r1842.20061207-2 or similar, you’re not vulnerable to the mentioned security threat.
|
|
|
04-19-2007, 10:23 AM
|
#9
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
And if you click on Changelog on the page given by osor, you see:
Quote:
madwifi (1:0.9.2+r1842.20061207-2) unstable; urgency=high
* Add upstream revision 1847 as a new dpatch to completely fix
CVE-2006-6332; thanks Luk Claes; closes: #402836.
-- Loic Minier <lool@dooz.org> Thu, 14 Dec 2006 20:44:37 +0100
madwifi (1:0.9.2+r1842.20061207-1) unstable; urgency=medium
* New upstream SVN snapshot
- buffer overflow exploit fixed (CVE-2006-6332)
* Urgency medium to allow security fix to propogate to testing asap.
-- Kel Modderman <kelmo@kanotixguide.org> Fri, 8 Dec 2006 08:06:01 +1000
|
Check your changelog
/usr/share/doc/xxx/changelogxxx
|
|
|
All times are GMT -5. The time now is 08:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|