Debian Security Advisory DSA 697-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq
Package : netkit-telnet
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0469
iDEFENSE researchers discovered a buffer overflow in the
handling of the LINEMODE suboptions in telnet clients. This can
lead to the execution of arbitrary code when connected to a
malicious server.
For the stable distribution (woody) this problem has been fixed
in version 0.17-18woody3.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you upgrade your telnet package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.dsc
Size/MD5 checksum: 602 2fe6640e0719f7aa44a7815a89a12a41
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.diff.gz
Size/MD5 checksum: 22327 943fcd9a5048df83ce6d4f00c5b64853
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
Size/MD5 checksum: 133749 d6beabaaf53fe6e382c42ce3faa05a36
Alpha architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_alpha.deb
Size/MD5 checksum: 84292 0b84a10dfc8714c16dbbb022f3344616
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_alpha.deb
Size/MD5 checksum: 45876 7a1893a937dd23489c45cc31d0e1605b
ARM architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb
Size/MD5 checksum: 69924 8bb25a534f053a693aa971df0e15d71f
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb
Size/MD5 checksum: 39618 2cfc8d96f00bb739333adf0659caceb6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_i386.deb
Size/MD5 checksum: 70736 838259bf5d62e438959162e53aad0fa0
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_i386.deb
Size/MD5 checksum: 38616 b70a384a508e0405e91f3790f0668081
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_ia64.deb
Size/MD5 checksum: 102868 70da46fb55cb87eb86e926ffbd9d0bb2
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_ia64.deb
Size/MD5 checksum: 52542 8a459f0368d5f861f9bf4ab35ce6a8c3
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_hppa.deb
Size/MD5 checksum: 70048 f14aa30e55f6ea4d40f6c4164d3db8bb
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_hppa.deb
Size/MD5 checksum: 43568 11ecc34f1825ceecda70fb89265b688e
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_m68k.deb
Size/MD5 checksum: 67226 572135d4d9d8978bc0a1ea6202f7c1be
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_m68k.deb
Size/MD5 checksum: 37524 1c061c7ee5e3879b88eadda2b21eb463
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mips.deb
Size/MD5 checksum: 80896 7de7f5ad30e0f95a5661b2cfe44f95ab
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mips.deb
Size/MD5 checksum: 42678 a77278475feb6cb0ec3b605a5a904218
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mipsel.deb
Size/MD5 checksum: 80828 70c559a8b71a8c03350eeccf53f3e25d
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mipsel.deb
Size/MD5 checksum: 42670 51cb8ffb5f3c4b525682e78d7ae1481e
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_powerpc.deb
Size/MD5 checksum: 73288 38517e77c45ed6c66fddb4d817b4829a
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_powerpc.deb
Size/MD5 checksum: 40326 9ca930698e43c7bf55865fca839d57e4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_s390.deb
Size/MD5 checksum: 73250 e2f4333b7dc6bf55dd3c46ed98734499
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_s390.deb
Size/MD5 checksum: 41272 7cce38638c1e4a9564369ff5e7e68a69
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_sparc.deb
Size/MD5 checksum: 74240 5a83b9953328c8de75a76682ce30da35
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_sparc.deb
Size/MD5 checksum: 45374 167f760979a1eb531461178ed576b82c
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 698-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq
Package : mc
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0763
An unfixed buffer overflow has been discovered by Andrew V.
Samoilov in mc, the midnight commander, a file browser and manager.
This update also fixes a regression from DSA 497.
For the stable distribution (woody) this problem has been fixed
in version 4.5.55-1.2woody6.
For the unstable distribution (sid) this problem has already
been fixed.
We recommend that you upgrade your mc packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.dsc
Size/MD5 checksum: 798 8e99dd740d8ffae2c41a90a6b116f229
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.diff.gz
Size/MD5 checksum: 52176 73bc0707bc6bda5e3ba6066985dc774e
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
Size/MD5 checksum: 4850321 82772e729bb2ecfe486a6c219ebab09f
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 1186538 9239cbf4199a6544b3ca6332fd52db6f
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 562996 72dbc715e7a7283e11e29fea64552f30
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 1351898 63a8e1afcbba209db727d92d4955a8c9
ARM architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 1028408 8826cb0c5a44b5af496dfeba6d607d55
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 480688 f6a09cce37d13577e92b373b75cc574c
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 1352032 5dfd20bcf483f407c6731773070c87c3
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 994490 459f7317ab45b42d003116efacfa196e
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 455232 aab393d3264175b8575cfaf66220f753
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 1351810 e1471d6e5f49bcd92e12ca9a73b74c33
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 1435522 a3a000b0de5e6fa4cafaaf58263e47f7
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 689234 441e904cc527473e05b47b78d5c4bd2f
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 1351796 3e61ead9025a69305e554d63d7abf636
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 1144534 4c2c57ec173ceed338bc9e44c882f670
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 541246 2dbf858ac3c53d54baccca0ca3d04031
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 1352288 cea79758caf2b6f33f989614d924c965
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 957858 d7028898ea3a35f85f78a7f087e694b2
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 437062 cd05897db0003c22f7bb18aecd1eec27
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 1352326 367211fbc6fa342d715416b958ec07b1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 1087190 3216349530cf0a9b2b73902084fea281
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 536944 281b9d6b996d040e2664355571bd0c7a
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 1352256 1ca47ba59015ff24fc0d324db184de31
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 1081322 02bdddc905c6d80ebcc17b746a5f47b7
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 535794 c59f3a0071d2c751a1f5f320fd03c932
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 1352084 5ad918e829a9a31725de8dd687d7a742
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 1043086 6d6cb89274647fb8eb0a8f8d089dd7bd
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 490208 716ce6d995b02f20452afaf96185fa59
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 1352208 3fe36051681012611989f15301b13e1a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 1030020 7d9b20ece50fd41ee2de10cb79826bc3
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 479574 5be9988d0c5fb89e1061fa06d5256327
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 1352116 bdcdd74197972f260d0aced37f324751
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 1029098 aadd9cfef3188c17de809a51c2c11037
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 483630 176d603f21a2cc5253facafc5d86dcb2
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 1352214 5dfcd273857ed952157083c4d33fbcba
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 699-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq
Package : netkit-telnet-ssl
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0469
iDEFENSE researchers discovered a buffer overflow in the
handling of the LINEMODE suboptions in telnet clients. This can
lead to the execution of arbitrary code when connected to a
malicious server.
For the stable distribution (woody) this problem has been fixed
in version 0.17.17+0.1-2woody4.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you upgrade your telnet-ssl package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 669 edcae9a56571c23861cc772d116f6d9b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.diff.gz
Size/MD5 checksum: 9099 0c6a68a7522269cb7c7f18e08e9f3228
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
Size/MD5 checksum: 167658 faf2d112bc4d44f522bad3bc73da8d6d
Alpha architecture:
Size/MD5 checksum: 101196 46f45337d4a60eb738b077770e3aa2a4
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_alpha.deb
Size/MD5 checksum: 57024 b2a33f4b5143da8a36ee78b75850c6c2
ARM architecture:
Size/MD5 checksum: 85194 1db7e7432d8025531b869ae5c737014b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
Size/MD5 checksum: 48596 ad29db7a35ad3ee4e3d2c5c411b0edb9
Intel IA-32 architecture:
Size/MD5 checksum: 85608 6b9e94d7acf3274a62a78e98b069060b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_i386.deb
Size/MD5 checksum: 46730 09bf8699c1af6a5f4f9e913d7ef92759
Intel IA-64 architecture:
Size/MD5 checksum: 123272 d81d94ec52c655bb8496bf126c9077aa
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_ia64.deb
Size/MD5 checksum: 66728 e1879d40f611846bb7f787245feb8fee
HP Precision architecture:
Size/MD5 checksum: 86624 677730710e0adac9cb6cbe1d1cca742b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_hppa.deb
Size/MD5 checksum: 54054 df3349ebb866ada9bc08a3dabf681bcc
Motorola 680×0 architecture:
Size/MD5 checksum: 81534 9007bc1b9ce71d54eda4da588269e39b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_m68k.deb
Size/MD5 checksum: 45494 8bd015cf665ed260e8943aaf9a88d5a9
Big endian MIPS architecture:
Size/MD5 checksum: 97454 ad228bd9d0353478740fde78095b8332
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mips.deb
Size/MD5 checksum: 52346 b22cdea93cc2d406144f7797918ba348
Little endian MIPS architecture:
Size/MD5 checksum: 97292 fe280b5296350918ef3f99bd86c1e3e8
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mipsel.deb
Size/MD5 checksum: 52334 816d5bce2968f676d3261a1d3e9e5e21
PowerPC architecture:
Size/MD5 checksum: 88238 c0b09580e81ff24c5e04d7ae0e859645
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_powerpc.deb
Size/MD5 checksum: 48882 f1ab39899f6b2892cae81b8b4dfb2d16
IBM S/390 architecture:
Size/MD5 checksum: 88746 b4a754f74fe3bc462488c62a137fa422
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_s390.deb
Size/MD5 checksum: 50562 fe91806b369af4ff31030c1079b7b9bd
Sun Sparc architecture:
Size/MD5 checksum: 89356 dd5d9462b3b86d40f0f67a9ec86adc57
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_sparc.deb
Size/MD5 checksum: 54646 5d694a26621ef73ce5d2c0e6ed9bc887
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Update Notification
FEDORA-2005-270
2005-03-29
Product : Fedora Core 3
Name : krb5
Version : 1.3.6
Release : 5
Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the
insecure practice of cleartext passwords.
Update Information:
Updated krb5 packages which fix two buffer overflow
vulnerabilities in the included Kerberos-aware telnet client are
now available.
Kerberos is a networked authentication system which uses a
trusted third party (a KDC) to authenticate clients and servers to
each other.
The krb5-workstation package includes a Kerberos-aware telnet
client. Two buffer overflow flaws were discovered in the way the
telnet client handles messages from a server. An attacker may be
able to execute arbitrary code on a victim’s machine if the victim
can be tricked into connecting to a malicious telnet server. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2005-0468 and CAN-2005-0469 to these issues.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
15bad9c44ba4da14de7d5527a02c1a90 SRPMS/krb5-1.3.6-5.src.rpm
41314d054ab13a935cd57466a99bb03e
x86_64/krb5-devel-1.3.6-5.x86_64.rpm
c99ffb83d090d156e59a0348e8162b6e
x86_64/krb5-libs-1.3.6-5.x86_64.rpm
9ed53c214ae3b20aa8cb3a3f339b46ad
x86_64/krb5-server-1.3.6-5.x86_64.rpm
1f03b24107cb22cfca368d59fb9c40ee
x86_64/krb5-workstation-1.3.6-5.x86_64.rpm
0c354d4e12fcfe83c2cd6fbfb96abc16
x86_64/debug/krb5-debuginfo-1.3.6-5.x86_64.rpm
f07344531de5e52ff9b5a0d20bdc91be
x86_64/krb5-libs-1.3.6-5.i386.rpm
0af73edbe1464ecceaf3a30789c5d400
i386/krb5-devel-1.3.6-5.i386.rpm
f07344531de5e52ff9b5a0d20bdc91be
i386/krb5-libs-1.3.6-5.i386.rpm
d737538d9eb42347efc297930f17241c
i386/krb5-server-1.3.6-5.i386.rpm
92a3d0a3000bd0a78abcf11da80009ba
i386/krb5-workstation-1.3.6-5.i386.rpm
d8b1635e05c1b0bb6d76cb9f7a810d78
i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Update Notification
FEDORA-2005-269
2005-03-29
Product : Fedora Core 2
Name : krb5
Version : 1.3.6
Release : 4
Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the
insecure practice of cleartext passwords.
Update Information:
Updated krb5 packages which fix two buffer overflow
vulnerabilities in the included Kerberos-aware telnet client are
now available.
Kerberos is a networked authentication system which uses a
trusted third party (a KDC) to authenticate clients and servers to
each other.
The krb5-workstation package includes a Kerberos-aware telnet
client. Two buffer overflow flaws were discovered in the way the
telnet client handles messages from a server. An attacker may be
able to execute arbitrary code on a victim’s machine if the victim
can be tricked into connecting to a malicious telnet server. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2005-0468 and CAN-2005-0469 to these issues.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
3c210dbdcfb5f01a35f52632abbd3e58 SRPMS/krb5-1.3.6-4.src.rpm
2b4e4f7ffe208989572b173efa18c4b4
x86_64/krb5-devel-1.3.6-4.x86_64.rpm
67a3ffb77c8f92b235d503380ff54b32
x86_64/krb5-libs-1.3.6-4.x86_64.rpm
5d8e752002f27ca2ea7c8f40a6247b37
x86_64/krb5-server-1.3.6-4.x86_64.rpm
b01504865b91a46e9f6dab345a939bf6
x86_64/krb5-workstation-1.3.6-4.x86_64.rpm
72def6a5e69a30e63ab071f581ad1729
x86_64/debug/krb5-debuginfo-1.3.6-4.x86_6= 4.rpm
891e77b16aa127543976583a0b134464
x86_64/krb5-libs-1.3.6-4.i386.rpm
e26b5c97144daa666babf9e01bc90b25
i386/krb5-devel-1.3.6-4.i386.rpm
891e77b16aa127543976583a0b134464
i386/krb5-libs-1.3.6-4.i386.rpm
16a523103910c903de48a8c2e33c6524
i386/krb5-server-1.3.6-4.i386.rpm
f36537a81b6330e72c01de759196fb35
i386/krb5-workstation-1.3.6-4.i386.rpm
123d9371167ecbe81399b256ece22399
i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Ubuntu Security Notice USN-102-1 March 29, 2005
sharutils vulnerabilities
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242597
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
sharutils
The problem can be corrected by upgrading the affected package
to version 1:4.2.1-10ubuntu0.1. In general, a standard system
upgrade is sufficient to effect the necessary changes.
Details follow:
Shaun Colley discovered a buffer overflow in “shar” that was
triggered by output files (specified with -o) with names longer
than 49 characters. This could be exploited to run arbitrary
attacker specified code on systems that automatically process
uploaded files with shar.
Ulf Harnhammar discovered that shar does not check the data
length returned by the ‘wc’ command. However, it is believed that
this cannot actually be exploited on real systems.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.diff.gz
Size/MD5: 7692 7d0ac5f9d30e814f3bb8a920a384efd0
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.dsc
Size/MD5: 634 400f8c2b587de06d80b961f416069c40
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1.orig.tar.gz
Size/MD5: 306022 b8ba1d409f07edcb335ff72a27bd9828
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_4.2.1-10ubuntu0.1_all.deb
Size/MD5: 27834 f95e85a0a3bc6b8998161e4ae0e19020
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_amd64.deb
Size/MD5: 113868 20cc7d70f9c93d46772bd8a2eaceaa80
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_i386.deb
Size/MD5: 110696 c96e763f35d05965f189cf97b9d7a323
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_powerpc.deb
Size/MD5: 112594 d458759940e4a6396622b3da7866ef84
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.