Advisories, December 21, 2005

Debian GNU/Linux

Debian Security Advisory DSA 924-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
December 21st, 2005 http://www.debian.org/security/faq

Package : nbd
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3354

Kurt Fitzner discovered a buffer overflow in nbd, the network
block device client and server that could potentially allow
arbitrary cod on the NBD server.

For the old stable distribution (woody) this problem has been
fixed in version 1.2cvs20020320-3.woody.3.

For the stable distribution (sarge) this problem has been fixed
in version 2.7.3-3sarge1.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your nbd-server package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.dsc

Size/MD5 checksum: 687
6dcd2a3baa73279ca4e39ab96c026b60
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.diff.gz

Size/MD5 checksum: 30913
26fa07e9e96cde5132622a7d186a67e1
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320.orig.tar.gz

Size/MD5 checksum: 14493
caf7ed3127aaccf796755f7f87303f08

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_alpha.deb

Size/MD5 checksum: 18748
0a09bbb1b81a822cd7663e0975e9df0b
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_alpha.deb

Size/MD5 checksum: 21634
bdd0c5342eba10189f849886451c6f1c

ARM architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_arm.deb

Size/MD5 checksum: 18560
19baa7bbe2bc5feb6493515cc0d7cc78
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_arm.deb

Size/MD5 checksum: 21788
8cf08aaa0882a4617e90e88dad0bbbdd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_i386.deb

Size/MD5 checksum: 18030
9072cdbea8eb22845b8655866d53ae0a
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_i386.deb

Size/MD5 checksum: 20582
9639c82c93ad346bcaa5f9e087cf2d6f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_ia64.deb

Size/MD5 checksum: 19664
9e1a5b67a2b88f11df4076b180d13844
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_ia64.deb

Size/MD5 checksum: 23444
cb5f35035a5d0b13b5008ef7d594569b

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_hppa.deb

Size/MD5 checksum: 19424
b51c112a2772b794bed9c258eebd9743
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_hppa.deb

Size/MD5 checksum: 23638
93ab54726937a3e6a0b7a42f96289a19

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_m68k.deb

Size/MD5 checksum: 17810
70d63f64779c07ecc9476b977d4cfd9a
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_m68k.deb

Size/MD5 checksum: 20316
6fd61cce211c387a5b5e2dceb507add8

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mips.deb

Size/MD5 checksum: 18476
31c0c19d5e045f29df3c3e847478de4d
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mips.deb

Size/MD5 checksum: 22492
802b13c3789752f8f6f5a0c7f348d236

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mipsel.deb

Size/MD5 checksum: 18600
bfb0a393eca00c3d412b46d5f6a49f64
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mipsel.deb

Size/MD5 checksum: 22614
18dc3085f9fab5b029313245485c2bfd

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_powerpc.deb

Size/MD5 checksum: 18212
9d095527c99f230281e9493045e03ad5
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_powerpc.deb

Size/MD5 checksum: 21640
717a26faa62a0c2f30e2b06a22302f5a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_s390.deb

Size/MD5 checksum: 18576
72fd500fae2aa9da8ceaa19f801012ef
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_s390.deb

Size/MD5 checksum: 21530
8d86811739657d45db21e3e5a6ffd64c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_sparc.deb

Size/MD5 checksum: 20846
75daa235eb13a283694a707d71054799
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_sparc.deb

Size/MD5 checksum: 23606
d2ab7cd4affb84b6bd0c582eb2efeda9

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.dsc

Size/MD5 checksum: 582
5228f8d1d674a497d526da2ab1196fe3
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.diff.gz

Size/MD5 checksum: 33311
eab56e6a399e1d04aff74c38079f5348
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3.orig.tar.gz

Size/MD5 checksum: 131301
dcfe67fce628c1292a0a6900035c34bf

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_alpha.deb

Size/MD5 checksum: 27506
c0fd136965bd1d14800a75a5d729bf74
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_alpha.deb

Size/MD5 checksum: 30876
c41b9c2fc22c9b80a511ee65014f62b5

AMD64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_amd64.deb

Size/MD5 checksum: 26990
df0b97efff9ffe9927f0562d2213b9dd
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_amd64.deb

Size/MD5 checksum: 29754
4ff852c2fe29191683baff854fc06df3

ARM architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_arm.deb

Size/MD5 checksum: 27654
1c93922189a8496aabc4eee69f0b4305
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_arm.deb

Size/MD5 checksum: 31310
484a76530e7b1f0561384d624c66fe58

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_i386.deb

Size/MD5 checksum: 27124
275730b63ee26ef18f731fbeab0925c1
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_i386.deb

Size/MD5 checksum: 30422
55b896c511f5ece40d3cfd2f77165a55

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_ia64.deb

Size/MD5 checksum: 28500
403985e53f8972b82a331693d0500b06
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_ia64.deb

Size/MD5 checksum: 32996
ef27bfdd558d794dd483f54e11633971

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_hppa.deb

Size/MD5 checksum: 28826
60dc0033da1c2c050a7aac6d3a1ff646
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_hppa.deb

Size/MD5 checksum: 33710
2fb01540fab2b41ee3a48dc089c868bd

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_m68k.deb

Size/MD5 checksum: 26826
c5428746a99f29b5461bf3a9c3b5f6c6
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_m68k.deb

Size/MD5 checksum: 29430
3336dafb07d97d1813087b57ef761087

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mips.deb

Size/MD5 checksum: 28288
e7d549d6c86d1464bd3bd78ee78404fd
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mips.deb

Size/MD5 checksum: 33158
0bab7d80ae8ac6383629156dcbf57417

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mipsel.deb

Size/MD5 checksum: 28404
f97df7882ca96efa8de68fff5362f793
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mipsel.deb

Size/MD5 checksum: 33264
67ca57992716cbc8db003919971334b5

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_powerpc.deb

Size/MD5 checksum: 27662
36cb66e92206ac2ba53d9a68189c7c6d
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_powerpc.deb

Size/MD5 checksum: 31792
6a54ba55f53d0c2bdacc4671f9e19556

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_s390.deb

Size/MD5 checksum: 28070
9eac3da9c6a3317adbf5f5f13e0474aa
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_s390.deb

Size/MD5 checksum: 32182
465fa1a61067df58bdb040df91cf8500

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_sparc.deb

Size/MD5 checksum: 27242
d5f6043f000bd3da265b878236a5b0ca
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_sparc.deb

Size/MD5 checksum: 30632
fb1a2075636e1cef4a86e56ed0aa11fe

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-1186
2005-12-20

Product : Fedora Core 3
Name : fetchmail
Version : 6.2.5.5
Release : 1.fc3
Summary : A remote mail retrieval and forwarding utility.

Description :
Fetchmail is a remote mail retrieval and forwarding utility
intended for use over on-demand TCP/IP links, like SLIP or PPP
connections. Fetchmail supports every remote-mail protocol
currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all
IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail
forwards the mail through SMTP so you can read it through your
favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

Update Information:

Fetchmail contains a bug where when running in multidrop mode,
a
malicious mail server can crash the client by sending a message
without headers.

This update fixes the issue.

Tue Dec 20 2005 Miloslav Trmac <mitr@redhat.com> –
6.2.5.5-1.fc3
- Update to fetchmail-6.2.5.5 (#176267, CVE-2005-4348)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

daba16d4cbf462e3b1bac38df7bbb892
SRPMS/fetchmail-6.2.5.5-1.fc3.src.rpm
ae0ea3ac26ce62758c407f24858e8ba2
x86_64/fetchmail-6.2.5.5-1.fc3.x86_64.rpm
02257f602e4b1b7367af678e0dcd523c
x86_64/debug/fetchmail-debuginfo-6.2.5.5-1.fc3.x86_64.rpm
a70fcf8a0c625591dcccd53d2c4c004b
i386/fetchmail-6.2.5.5-1.fc3.i386.rpm
fa4640af3727723284cc7e24164fd1ab
i386/debug/fetchmail-debuginfo-6.2.5.5-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-1187
2005-12-20

Product : Fedora Core 4
Name : fetchmail
Version : 6.2.5.5
Release : 1.fc4
Summary : A remote mail retrieval and forwarding utility.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

Update Information:

Fetchmail contains a bug where when running in multidrop mode,
a
malicious mail server can crash the client by sending a message
without headers.

This update fixes the issue.

Tue Dec 20 2005 Miloslav Trmac <mitr@redhat.com> –
6.2.5.5-1.fc4
- Update to fetchmail-6.2.5.5 (#176267, CVE-2005-4348)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

b6ae10bb03c0d7772d77d607045fecc5
SRPMS/fetchmail-6.2.5.5-1.fc4.src.rpm
e1ee3d162be7c26575a7400588178b53
ppc/fetchmail-6.2.5.5-1.fc4.ppc.rpm
ecf46353c5dcdcbda53463687d1d60a0
ppc/debug/fetchmail-debuginfo-6.2.5.5-1.fc4.ppc.rpm
4b7270f4e090b48010102a3291576b56
x86_64/fetchmail-6.2.5.5-1.fc4.x86_64.rpm
9c47aafa233cc0823f4962f71b1eef14
x86_64/debug/fetchmail-debuginfo-6.2.5.5-1.fc4.x86_64.rpm
7ffdaf79e697d2037e8a1e2d681b35bf
i386/fetchmail-6.2.5.5-1.fc4.i386.rpm
635f0b5b65056809db38de02c89c6be9
i386/debug/fetchmail-debuginfo-6.2.5.5-1.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Advisories, December 21, 2005

Debian GNU/Linux

Fedora Core

Get the Free Newsletter!

Must Read

KDE’s X11 Support to Continue Until Plasma 7

CPU Load: Everything You Need To Know to Manage it

How To Install Kernel 6.14 RC6 On Ubuntu, Debian And Derivative Systems

How to Run Windows Software & Games on Linux with CrossOver 25

XPipe: Access and Manage Your Entire Server Infrastructure Locally

Our Brands