Debian testing security team

	Debian testing security team - Advisory
	Debian testing security team - Advisory

DTSA-32-1

Date Reported:: February 1st, 2007
Affected Package:: bcfg2
Vulnerability:: programming error
Problem-Scope:: local
Debian-specific:: No
CVE:: None so far
More information:: Incorrect permissions for the bcfg2 configuration file could lead to password
disclosure to unprivileged users.

Please note that bcfg2 is not present in sarge.
For the testing distribution (etch) this is fixed in version 0.8.6.1-1.1etch1
For the unstable distribution (sid) this is fixed in version 0.8.7.3-1
This upgrade is recommended if you use bcfg2.

If you have the secure testing lines in your sources.list, you can update by running this command as root:: apt-get update && apt-get install bcfg2
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
: deb http://security.debian.org/ testing/updates main contrib non-free; deb-src http://security.debian.org/ testing/updates main contrib non-free
The archive signing key can be downloaded from
: http://secure-testing.debian.net/ziyi-2005-7.asc