|
| Current Newswire:
Debian Security Advisory: New version of jazip releasedJan 23, 2001, 20:59 (0 Talkback[s])(Other stories by Martin Schulze) Date: Tue, 23 Jan 2001 13:30:15 +0100 Debian Security Advisory DSA-017-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 23, 2001 Package : jazip Vulnerability : local root exploit and buffer overflow Debian-specific: no With older versions of jazip a user could gain root access for members of the floppy group to the local machine. The interface doesn't run as root anymore and this very exploit was prevented. The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms). We recommend you upgrade your jazip package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file.You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. This package was not available for arm and powerpc, now a fixed powerpc version is available while there is still no arm version. Source archives: Intel ia32 architecture: Motorola 680x0 architecture: Sun Sparc architecture: Alpha architecture: PowerPC architecture: These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . For apt-get: deb http://security.debian.org/
stable/updates main |