Debian GNU/Linux Advisories: gtetrinet, tcpdump, tetex-bin
Dec 11, 2002, 18:53 (0 Talkback[s])
- ------------------------------------------------------------------------
Debian Security Advisory DSA-205-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
December 10, 2002
- ------------------------------------------------------------------------
Package : gtetrinet
Problem type : buffer overflow
Debian-specific: no
Steve Kemp and James Antill found several buffer overflows in the
gtetrinet (a multiplayer tetris-like game) package as shipped in
Debian GNU/Linux 3.0, which could be abused by a malicious server.
This has been fixed in upstream version 0.4.4 and release
0.4.1-9woody1.1 of the Debian package.
- ------------------------------------------------------------------------
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb http://security.debian.org/ stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at http://www.debian.org/security/
- ------------------------------------------------------------------------
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Potato did not contain a gtetrinet package.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1.dsc
Size/MD5 checksum: 1317 55778a1c25bccb12cbc90c00c15108e9
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.dsc
Size/MD5 checksum: 641 9cc2619b4aedfd4a8a4efaf537e25130
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.diff.gz
Size/MD5 checksum: 19126 ab141cfe86b7c018aec366ac909863e6
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1.diff.gz
Size/MD5 checksum: 19225 ecacb91e1bc4db55fb47c0f0ca281e4f
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1.orig.tar.gz
Size/MD5 checksum: 144162 40c3808a683fcce0bae5c341a7245fa6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_alpha.deb
Size/MD5 checksum: 123156 85348df49da23fce6b7ea384328d35ec
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_arm.deb
Size/MD5 checksum: 110980 00cf7cd6649a1f8dc9b59fac11b855b4
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_hppa.deb
Size/MD5 checksum: 119402 4714cf8d32c80a64d556323dc4703581
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_i386.deb
Size/MD5 checksum: 107954 5303aa820794aabb10e59ff06b837472
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_ia64.deb
Size/MD5 checksum: 135864 f41023f7f365eb3dcf853eb6345b1076
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_m68k.deb
Size/MD5 checksum: 108370 a177457fc6ebcf4d83d612b299706005
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_mips.deb
Size/MD5 checksum: 114322 5d6032d9c88b4b820c9bde4a69ad9674
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_mipsel.deb
Size/MD5 checksum: 111968 f45a1a6b130ae372328ee0a047eed3fe
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_powerpc.deb
Size/MD5 checksum: 114102 0b9840c44188e4262f65002a9b282b45
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_s390.deb
Size/MD5 checksum: 113302 f5e85f1d430094a33c1b74572b9b5342
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_sparc.deb
Size/MD5 checksum: 113772 ccd2017e251db41f6931f866246d61a6
- --
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org
- ------------------------------------------------------------------------
Debian Security Advisory DSA-206-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
December 10, 2002
- ------------------------------------------------------------------------
Package : tcpdump
Problem type : incorrect bounds checking
Debian-specific: no
The BGP decoding routines for tcpdump used incorrect bounds checking
when copying data. This could be abused by introducing malicious traffic
on a sniffed network for a denial of service attack against tcpdump,
or possibly even remote code execution.
This has been fixed in version 3.6.2-2.2.
- ------------------------------------------------------------------------
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb http://security.debian.org/ stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at http://www.debian.org/security/
- ------------------------------------------------------------------------
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
Size/MD5 checksum: 1284 be78c7328fcd439fe7eedf6a54894b28
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
Size/MD5 checksum: 8956 a07ace8578ec5555c87cbfd1faba8ecd
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
Size/MD5 checksum: 213458 72603d37a351d08dfa7af4ab13e6301f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
Size/MD5 checksum: 179464 adb31a1747c0df1f1113454afb3a85f8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
Size/MD5 checksum: 192892 28680f059cab0987ee313b672aa2edca
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
Size/MD5 checksum: 169360 f303ec8777785c742a29469e49a9c63a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
Size/MD5 checksum: 246776 889eb67d84ef3500239a1ad7a721dd9e
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
Size/MD5 checksum: 157340 69ceb0d17d5e9ffca079b0bd7a18d489
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
Size/MD5 checksum: 188714 dbbe0d4eec80daa0f74b83c877064b87
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
Size/MD5 checksum: 176706 5121aa3b8891d1030d1924f1328efcdf
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
Size/MD5 checksum: 172534 1b2b2834af69c169893b5dee4b21eec3
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
Size/MD5 checksum: 179076 31a8382615ac8707b9346bfa9b1d615a
- --
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org
- --------------------------------------------------------------------------
Debian Security Advisory DSA 207-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 11th, 2002 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : tetex-bin
Vulnerability : arbitrary command execution
Problem-type : remote
Debian-specific: no
CVE Id : CAN-2002-0836
The SuSE security team discovered a vulnerability in kpathsea library
(libkpathsea) which is used by xdvi and dvips. Both programs call the
system() function insecurely, which allows a remote attacker to
execute arbitrary commands via cleverly crafted DVI files.
If dvips is used in a print filter, this allows a local or remote
attacker with print permission execute arbitrary code as the printer
user (usually lp).
This problem has been fixed in version 1.0.7+20011202-7.1for the
current stable distribution (woody), in version 1.0.6-7.3 for the old
stable distribution (potato) and in version 1.0.7+20021025-4 for the
unstable distribution (sid). xdvik-ja and dvipsk-ja are vulnerable as
well, but link to the kpathsea library dynamically and will
automatically be fixed after a new libkpathsea is installed.
We recommend that you upgrade your tetex-lib package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.dsc
Size/MD5 checksum: 681 85d39461d6074e345475974700302ca5
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.diff.gz
Size/MD5 checksum: 21219 fc56db28dde023dd14b8dfba2c305ed8
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6.orig.tar.gz
Size/MD5 checksum: 7991177 6cb0539e028dc2629b59364c336e9f02
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_alpha.deb
Size/MD5 checksum: 3345472 92b942291b77f8bb1c51d47e7e442200
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_alpha.deb
Size/MD5 checksum: 86086 ffceb41144a78755652b05e62690503a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_alpha.deb
Size/MD5 checksum: 46436 9a8301c361af3537ce71b671f290d118
ARM architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_arm.deb
Size/MD5 checksum: 3128872 a7d4c2fa53e548b25f3eff5260ce0cba
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_arm.deb
Size/MD5 checksum: 66412 76eea8557db60db134f7e5c69667866e
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_arm.deb
Size/MD5 checksum: 35326 805f9c77405093e812afac2fb151db44
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_i386.deb
Size/MD5 checksum: 2656066 7a84a5905bf56c67a0eaf4d4fbd12ffd
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_i386.deb
Size/MD5 checksum: 63794 262135c0af64616080f10573fb2af29d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_i386.deb
Size/MD5 checksum: 33194 4a042dc080fb61834fea8bd3b5c50123
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_m68k.deb
Size/MD5 checksum: 2470542 b19ef2ede1a49f823b0ce189f010ed71
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_m68k.deb
Size/MD5 checksum: 63010 3f1d9c790839a271e8ad3371a062b99e
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_m68k.deb
Size/MD5 checksum: 33454 6821d66ef900023deb6a125d84f7436a
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_powerpc.deb
Size/MD5 checksum: 3064800 bb353bcc816dd2addc54c3f723a7314d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_powerpc.deb
Size/MD5 checksum: 74960 86fe8df6b1605a76e98ef435a9b4d94d
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_powerpc.deb
Size/MD5 checksum: 37252 b3c71917f22d84c2bdb97c5b63532e52
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_sparc.deb
Size/MD5 checksum: 3067948 ccbc6c50d89ee3ff1f4b62daf79748e2
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_sparc.deb
Size/MD5 checksum: 71708 01e2610c8d35a7bab8369e5f3ba1df71
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_sparc.deb
Size/MD5 checksum: 40442 6cf1c922eada4a22178a853142c91713
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.dsc
Size/MD5 checksum: 874 8f366565d4f387475f6ef6bb9aa974d7
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.tar.gz
Size/MD5 checksum: 10324253 f450e1704d90950f85bb31eefbf2f45e
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_alpha.deb
Size/MD5 checksum: 84650 d79e3667791a8110019cb2f96c0d0516
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_alpha.deb
Size/MD5 checksum: 52786 db83b6b35fc7b932aaf0e8f59ae7da7a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_alpha.deb
Size/MD5 checksum: 4567604 70774235aa253481147d28d685abbaea
ARM architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_arm.deb
Size/MD5 checksum: 65274 90a77d388e36745006ec0aaa6417491d
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_arm.deb
Size/MD5 checksum: 43402 108a54db3c99b58188cdee22b965c005
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_arm.deb
Size/MD5 checksum: 3703124 8439e1875463efc76cbf58e37e17a33a
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_i386.deb
Size/MD5 checksum: 62628 31a398d458ed0fd5939929f3afcd8e57
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_i386.deb
Size/MD5 checksum: 40500 ade94b526f08f7edb80b7c8126578ad4
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_i386.deb
Size/MD5 checksum: 3136836 98eedd394be628b62bf489ccf4ac7288
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_ia64.deb
Size/MD5 checksum: 89724 acd2ca69f8c92a269ecb53ac10b428dd
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_ia64.deb
Size/MD5 checksum: 63122 56fb6234748eab1261fe6779cc2bd5f9
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_ia64.deb
Size/MD5 checksum: 5597520 b4342bdcba6ea92adfc6fd547246e597
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_hppa.deb
Size/MD5 checksum: 79348 686d1ad04aa6d07ebd33622f78d4c0b3
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_hppa.deb
Size/MD5 checksum: 49110 204b2d736e592c19a864e6edbe013db3
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_hppa.deb
Size/MD5 checksum: 4105546 a4eda30de5ed51e1c75f979a069b0c67
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_m68k.deb
Size/MD5 checksum: 61940 79ae1c797a94286d2571431a387ed410
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_m68k.deb
Size/MD5 checksum: 41130 0ebbbf434a9981d68aadc166bf8ba264
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_m68k.deb
Size/MD5 checksum: 2922476 80cd4093b37cd3f67571d427c270cce7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mips.deb
Size/MD5 checksum: 75094 05006f5ed906f1a154e2f653a7d43d19
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mips.deb
Size/MD5 checksum: 42156 71efe3f47f1cfe1fa94bc977832d14b3
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mips.deb
Size/MD5 checksum: 3941092 22b7964938513694d7665c832b234035
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mipsel.deb
Size/MD5 checksum: 74886 833cc732ed934563f5582b652dc4b056
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mipsel.deb
Size/MD5 checksum: 42350 4e50a31e4f219f53146a7f790bde4747
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mipsel.deb
Size/MD5 checksum: 3899354 17f6313d6073d1557c988e028b5a7bb0
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_powerpc.deb
Size/MD5 checksum: 73934 2a6a193f1acb64784473965cc49ac610
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_powerpc.deb
Size/MD5 checksum: 45040 45b3a8a439e7eb68cc87f24ebe81e945
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_powerpc.deb
Size/MD5 checksum: 3586312 9fa3b7e4c724db99e0214204b791123e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_s390.deb
Size/MD5 checksum: 63928 f45e1a0bd5b9e69a3c8f9db16cd041df
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_s390.deb
Size/MD5 checksum: 43052 489de74e0a77f1269fbd116ddbb922a3
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_s390.deb
Size/MD5 checksum: 3383454 3ada8fc381e60370cdf037e817b3978c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_sparc.deb
Size/MD5 checksum: 70708 a34f6c87173cb0754e435cfd0040f7d3
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_sparc.deb
Size/MD5 checksum: 48512 e80f52795254d7fc3adac437a0898d97
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_sparc.deb
Size/MD5 checksum: 3598374 8b834d6c56cba09cbdb9402f4b263141
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>;
