Articles / Debian: New ganglia-monitor…

Debian: New ganglia-monitor-core packages fix remote code execution

Spike Spiegel discovered a stack-based buffer overflow in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable arbitrary code execution. Updated packages are available from
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1710-1                                   Steffen Joeris
January 25, 2009            
- ------------------------------------------------------------------------

Package        : ganglia-monitor-core
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2009-0241

Spike Spiegel discovered a stack-based buffer overflow in gmetad, the
meta-daemon for the ganglia cluster monitoring toolkit, which could be
triggered via a request with long path names and might enable
arbitrary code execution.

For the stable distribution (etch), this problem has been fixed in
version 2.5.7-3.1etch1.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.7-5.

For the testing distribution (lenny), this problem will be fixed soon.

We recommend that you upgrade your ganglia-monitor-core packages.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
   Size/MD5 checksum:   508535 7b312d76d3f2d0cfe0bafee876337040
   Size/MD5 checksum:   316476 052c6ae45b1d114616ae8a4d04530cfe
   Size/MD5 checksum:      759 cf4c7357786fd423ee1c04a936dfc389

alpha architecture (DEC Alpha)
   Size/MD5 checksum:   150882 e0450d50127c267dbb97d3f27b41603a
   Size/MD5 checksum:   111420 5050aa958bd47ca0202f782989a3f662
   Size/MD5 checksum:   106024 204e913ca281f7698d94c28e0b53fa7d
   Size/MD5 checksum:   168450 5476515111a428a8e13c27437ef9f18c

amd64 architecture (AMD x86_64 (AMD64))
   Size/MD5 checksum:   102418 e4f43cb6911e3b8ebcd38dd400698c70
   Size/MD5 checksum:   132094 ea40ef93a55598d06bbebd6ca297371b
   Size/MD5 checksum:    98228 c7694aad20a0c47144fcf9ed3a8c7005
   Size/MD5 checksum:   153468 c3b2b87c5ccc506aa5294ca7fe4c5c65

arm architecture (ARM)
   Size/MD5 checksum:    92476 58bbe3b2bab165d03c0b4042152b558c
   Size/MD5 checksum:    88620 7eeb57376971a530a8630a31d428f63f
   Size/MD5 checksum:   119844 8b79fdc26c8d936ae851e3eae7782644
   Size/MD5 checksum:   138300 60bd39e5a8c5591d2c81e450a6b410ad

i386 architecture (Intel ia32)
   Size/MD5 checksum:    93078 93bcce44d781f9b6338e563f335487a5
   Size/MD5 checksum:    95864 364689bae05cead30438b1f58ed39254
   Size/MD5 checksum:   141914 1e81a8e3a078e0fbf6c24ced266452d7
   Size/MD5 checksum:   121784 90d9f37ab637f28b48a6fb6f0b998e23

ia64 architecture (Intel ia64)
   Size/MD5 checksum:   204472 b1381b653dff2b87daaf4be97a45f523
   Size/MD5 checksum:   169130 b55ac84f462f0ce2c5f7a3b69e31c24b
   Size/MD5 checksum:   132798 81d721a3aeecc8bb06cf73f48c874acd
   Size/MD5 checksum:   139732 2e54700f561f2ed7b8f1acb64686a679

mips architecture (MIPS (Big Endian))
   Size/MD5 checksum:   157022 a4cac1b65b108a0848d884346b10ce7c
   Size/MD5 checksum:   102688 6c38d2ee954774a593d39d90d85c575d
   Size/MD5 checksum:    93896 c1bc5171b0f7f27590f4109e1d28d0ac
   Size/MD5 checksum:   139260 fd6f02c8c7ccb9f218f935daf71fc9af

mipsel architecture (MIPS (Little Endian))
   Size/MD5 checksum:   102698 14d9237049c3ccd5de3d504fb65992e4
   Size/MD5 checksum:    93616 a23da8a30c21eb50446b9d58b1f5eaab
   Size/MD5 checksum:   156598 5b9220d4cc415af615bc4af2777baf88
   Size/MD5 checksum:   137144 7b3962d8709ea301700146dba7598d0d

powerpc architecture (PowerPC)
   Size/MD5 checksum:   147760 7f28b6ff0bda4b8f6be940426d199ed0
   Size/MD5 checksum:   141300 e5fb16a7d657268026cfbfcde3673c66
   Size/MD5 checksum:    95804 d503894a79aab87327f95c52adad7245
   Size/MD5 checksum:    99410 6509b075f37aed0ad13877e27e8172a5

s390 architecture (IBM S/390)
   Size/MD5 checksum:   152392 3d40c6548564fa0d8fc8dd33687229ae
   Size/MD5 checksum:   100144 4d4658ae90101a1b6d753e85fc6683b2
   Size/MD5 checksum:   130170 6c6383515a8fd0c32dc6f6e340dc0b3b
   Size/MD5 checksum:   100902 992b0c5c312736338ed828e6000ee22c

sparc architecture (Sun SPARC/UltraSPARC)
   Size/MD5 checksum:   137996 3101a44a169bf815df229213987b6a5e
   Size/MD5 checksum:   122076 c0bf7c25aef712f8797ecb167fc0f3d0
   Size/MD5 checksum:    91710 49351379c4b365ef727d7fb3997751ca
   Size/MD5 checksum:    89236 7be347618dbbcd8b5a374f4e7d746730

 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and
Version: GnuPG v1.4.9 (GNU/Linux)


Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.


Project Spotlight


An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.