|
 |
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. For the stable distribution (woody) this problem has been fixed in version 2.4.18-1woody3 for the powerpc architecture. For the unstable distribution (sid) this problem will be fixed soon with newly uploaded packages. We recommend that you upgrade your kernel packages. This problem has been fixed in the upstream version 2.4.24 as well. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.dsc
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-12.dsc
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody3.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.1_all.deb
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody3_all.deb Alpha architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-12_alpha.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody3_powerpc.deb These files will probably be moved into the stable distribution on its next revision.
A vulnerability was discovered in BIND, a domain name server, whereby a malicious name server could return authoritative negative responses with a large TTL (time-to-live) value, thereby rendering a domain name unreachable. A successful attack would require that a vulnerable BIND instance submit a query to a malicious nameserver. The bind9 package is not affected by this vulnerability. For the current stable distribution (woody) this problem has been fixed in version 1:8.3.3-2.0woody2. For the unstable distribution (sid) this problem has been fixed in version 1:8.4.3-1. We recommend that you update your bind package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.3.3-2.0woody2_all.deb Alpha architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_sparc.deb These files will probably be moved into the stable distribution on its next revision.
Timo Sirainen reported a vulnerability in screen, a terminal multiplexor with VT100/ANSI terminal emulation, that can lead an attacker to gain group utmp privledges. For the stable distribution (woody) this problem has been fixed in version 3.9.11-5woody1. For the unstable distribution (sid) this problem has been fixed in version 4.0.2-0.1. We recommend that you upgrade your screen package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_sparc.deb These files will probably be moved into the stable distribution on its next revision.
Multiple vulnerabilities were discovered in nd, a command-line WebDAV interface, whereby long strings received from the remote server could overflow fixed-length buffers. This vulnerability could be exploited by a remote attacker in control of a malicious WebDAV server to execute arbitrary code if the server was accessed by a vulnerable version of nd. For the current stable distribution (woody) this problem has been fixed in version 0.5.0-1woody1. For the unstable distribution (sid) this problem has been fixed in version 0.8.2-1. We recommend that you update your nd package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_sparc.deb These files will probably be moved into the stable distribution on its next revision.
A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming). For the current stable distribution (woody) this problem has been fixed in version 0.2.10.2. For the unstable distribution (sid) this problem has been fixed in version 0.2.10.3. We recommend that you update your mpg321 package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_sparc.deb These files will probably be moved into the stable distribution on its next revision.
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.2.x, 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. For the stable distribution (woody) this problem has been fixed in kernel-source version 2.4.18-14.1 and kernel-images versions 2.4.18-12.1 and 2.4.18-5woody6 (bf) for the i386 architecture. For the unstable distribution (sid) this problem will be fixed soon with newly uploaded packages. We recommend that you upgrade your kernel packages. This problem has been fixed in the upstream version 2.4.24 as well. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.dsc
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.1.dsc
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody6.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.1_all.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12.1_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody6_i386.deb These files will probably be moved into the stable distribution on its next revision.
A vulnerability was discovered in libnids, a library used to analyze IP network traffic, whereby a carefully crafted TCP datagram could cause memory corruption and potentially execute arbitrary code with the privileges of the user executing a program which uses libnids (such as dsniff). For the current stable distribution (woody) this problem has been fixed in version 1.16-3woody1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your libnids package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16-3woody1.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_sparc.deb These files will probably be moved into the stable distribution on its next revision. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
