|
| Current Newswire:
Debian Security Advisory: New version of jazip releasedJan 23, 2001, 20:59 (0 Talkback[s])(Other stories by Martin Schulze) Date: Tue, 23 Jan 2001 13:30:15 +0100 Debian Security Advisory DSA-017-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 23, 2001
Package : jazip
Vulnerability : local root exploit and buffer overflow
Debian-specific: no
With older versions of jazip a user could gain root access for members
of the floppy group to the local machine. The interface doesn't run
as root anymore and this very exploit was prevented. The program now
also truncates DISPLAY to 256 characters if it is bigger, which closes
the buffer overflow (within xforms).
We recommend you upgrade your jazip package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. This package was not available for arm and powerpc, now a fixed powerpc version is available while there is still no arm version. Source archives: Intel ia32 architecture: Motorola 680x0 architecture: Sun Sparc architecture: Alpha architecture: PowerPC architecture: These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . For apt-get: deb http://security.debian.org/
stable/updates main
0 Talkback[s]
(click to add your comment)
|
