Debian Security Advisory DSA 309-2 | security@debian.org |
http://www.debian.org/security/ | Matt Zimmerman |
June 6th, 2003 | http://www.debian.org/security/faq |
Package | : | eterm |
Vulnerability | : | buffer overflow |
Problem-Type | : | local |
Bugtraq ID | : | 7708 |
A buffer overflow was fixed in DSA-309-1, but a different error
was introduced in the handling of the ETERMPATH environment
variable. This bug was not security-related, but would cause this
environment variable not to be recognized correctly. This is now
corrected by an updated version of the package.
For the stable distribution (woody), this problem has been fixed
in version 0.9.2-0pre2002042903.2.
The old stable distribution (potato) is not affected by this
bug.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you update your eterm package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2.dsc
Size/MD5 checksum: 580 5c0ae65bf55b15b1106c3a61a3dca885
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2.tar.gz
Size/MD5 checksum: 669252 5731a6c8b112a4efbc972ed3aa79fda9
Alpha architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_alpha.deb
Size/MD5 checksum: 389946 ff9d406f610da8e9d44acfa3c84d523f
ARM architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_arm.deb
Size/MD5 checksum: 374188 229c86418aefa76f1204c996bf76dbee
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_i386.deb
Size/MD5 checksum: 332428 e7caf3c5d19c4b044d66f1a778dbdab0
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_ia64.deb
Size/MD5 checksum: 450248 973718a70de16cacca8c9eb3544775e3
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_hppa.deb
Size/MD5 checksum: 390280 00e161a913a93c2b11e7ae9c5fde3f65
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_m68k.deb
Size/MD5 checksum: 336910 45114c79be0ae424d232a3e69363bc0b
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_mips.deb
Size/MD5 checksum: 335870 3aa9befa2a9881f5a8fca12b2da57004
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_mipsel.deb
Size/MD5 checksum: 335080 d8f689f223fd20712d080009c82e5313
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_powerpc.deb
Size/MD5 checksum: 365272 2ae5e7b431ea0773be76909b9b904621
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_s390.deb
Size/MD5 checksum: 356198 df740938f6e6eaa9841d03250dfdfee7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.2_sparc.deb
Size/MD5 checksum: 368926 e3df2fa45e0dde1fbf20cd2792459ec9
These files will probably be moved into the stable distribution
on its next revision.
Debian Security Advisory DSA 313-1 | security@debian.org |
http://www.debian.org/security/ | Matt Zimmerman |
June 11th, 2003 | http://www.debian.org/security/faq |
Package | : | ethereal |
Vulnerability | : | buffer overflows, integer overflows |
Problem-Type | : | remote |
Debian-specific | : | no |
CVE Ids | : | CAN-2003-0356 CAN-2003-0357 |
Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer. These include one-byte buffer overflows
in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync,
SMB, SMPP, and TSP dissectors, and integer overflows in the Mount
and PPP dissectors.
For the stable distribution (woody) these problems have been
fixed in version 0.9.4-1woody4.
The old stable distribution (potato) does not appear to contain
these vulnerabilities.
For the unstable distribution (sid) these problems are fixed in
version 0.9.12-1.
We recommend that you update your ethereal package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
Size/MD5 checksum: 679 a6456b3e20f44a3f53256bf722c010cd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
Size/MD5 checksum: 31800 160670a883256ee0d40066424ffc527a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 1939098 67c1fd2e2851976aef3db87a2d128484
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 333810 c239ee7f87136dd0d7750996a702b387
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 221594 9b6bad1bd7d23ec7c54c40ec336e5edd
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 1706008 5ac67ca2d0530676c41563dae337a0e4
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 1633108 73c97178ef157e709fcc36753a1ea85c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 296662 0a9bec8514d203e90c712b12ef19de25
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 205452 9641c7fa333a0ce2f33bf38a78640351
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 1437636 4286845b2a848f4d293c1be807d62446
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 1511802 4e554f6ef3da40ac3215099141e7c10b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 285948 df25b50bfa385f84b091227df926bc0f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 197860 6eb91acb63bd5e3938cdb186b507dd38
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 1324426 96887c970d1725be47988c498708762f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 2148676 f39ffacba60f1f2a132750d76cb972b7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 372650 866ee108f08e625d3981362726d9799a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 233180 e125fa9dc0e59d7d14d43505ffe05368
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 1858536 904fce57cb39662e9560f0143d326bb8
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 1802046 d5114f9632deea43ba5f99ff79a67db3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 321802 33656ff4dbd495d3c8f1dc9ed6c798ff
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 216336 34bbb2832844a7bb83fcff37cae852c0
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 1574474 da9563f1c19e93d7f68caf369540af35
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 1422378 43efc6d431fc6d8c7587e18bd24fe8f2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 282076 2d3fc00fe2260fb85062c0d8697f5a31
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 194600 ffe9f83876b5a9ac1c4527057e76f2a5
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 1246858 b9e8b7a88e11032e86697ca1570322f4
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 1615618 6075fa7c13fa8ca8f3dc7258be8352d7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 304780 9f9632fc4b81f7091a3d06821188f8d1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 213104 f006c9731d11e3a04dbeca5c3590a15f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 1420708 45f88bb1c3af5021ecc06cce889cc752
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 1596150 3448b7e38f8cb465b10e24aff4cf0194
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 304294 eb86e3592b8d655e6365e3633784eed1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 212736 27602ffe5022eaa068cb72d2df940d13
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 1404954 3e5de4a79c1b139c3b2f0ae179469be7
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 1616730 f14611ce9d14d7dd4bdb68f944ff9d1b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 301440 2c0628a56ff3695877daf9f31dffc1ee
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 208310 fce4f437ba8aaf2e258eaf322de1d070
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 1417094 0d39172de87a53c1f048113606acaa01
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 1573090 d6aa9760cfcf8e50085fbad1ac1c519a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 300270 17aee5bcac8c012541f30dc6fb594563
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 203304 c6a7ea1eacb1d13748eaeeb54357b203
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 1385758 d529f4ca3dd4c9275947beb24b462057
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 1580628 d29f917e447c05e878dc0d5133a6253e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 317574 64bff1a09c7120f16d1ace0857b285d7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 204094 1af2856d9cb07f3fb680a6891217b4b7
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 1387272 1b9ce45f55bdbf9ce990a058b0318c12
Debian Security Advisory DSA 314-1 | security@debian.org |
http://www.debian.org/security/ | Matt Zimmerman |
June 11th, 2003 | http://www.debian.org/security/faq |
Package | : | atftp |
Vulnerability | : | buffer overflow |
Problem-Type | : | remote |
CVE Id | : | CAN-2003-0380 |
Rick Patel discovered that atftpd is vulnerable to a buffer
overflow when a long filename is sent to the server. An attacker
could exploit this bug remotely to execute arbitrary code on the
server.
For the stable distribution (woody), this problem has been fixed
in version 0.6.1.1.0woody1.
The old stable distribution (potato) does not contain an atftp
package.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you update your atftp package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.dsc
Size/MD5 checksum: 536 a0b516e6b71c6b7ff35a89c300b8451d
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.tar.gz
Size/MD5 checksum: 120030 3e13c279692acd04b788ab338a8f98b6
Alpha architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_alpha.deb
Size/MD5 checksum: 23212 48c56c36241df8284fdca8d2d71702d0
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_alpha.deb
Size/MD5 checksum: 54940 f0fc2063cd745c32204e77c30e938899
ARM architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_arm.deb
Size/MD5 checksum: 19682 1f527a8d04ed3248aabe1b2168708a04
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_arm.deb
Size/MD5 checksum: 50374 0364e44465182ad53f862aec756ab4e7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_i386.deb
Size/MD5 checksum: 18768 6216d16fbeb35a13925bdebdc5f289a6
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_i386.deb
Size/MD5 checksum: 50124 6314bc6b3ce39a9d4e833e815104f2ec
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_ia64.deb
Size/MD5 checksum: 28730 648c0faaa7faf4eb7eb7f2e779305142
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_ia64.deb
Size/MD5 checksum: 60528 dac6b2998a7587fad971e46f931b72b2
HP Precision architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_hppa.deb
Size/MD5 checksum: 21652 842811b46564d9d16d7cc886bf590809
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_hppa.deb
Size/MD5 checksum: 52346 4b61ca7c9b716cb310c2e7a0f9eb89da
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_m68k.deb
Size/MD5 checksum: 17802 0f9a42fce1c748b5020541cf7fe7b9b0
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_m68k.deb
Size/MD5 checksum: 48992 0d136433ad240228be0490d37a41a93c
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mips.deb
Size/MD5 checksum: 21564 143d3c2829ca1e947fa310f0fe82ad36
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mips.deb
Size/MD5 checksum: 53050 a28cb70fdea9c53494dc5d84ec0ada46
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mipsel.deb
Size/MD5 checksum: 21584 5ce8ef541c20dfbcb67e6aa20f7bc25d
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mipsel.deb
Size/MD5 checksum: 52954 1317dc82412ab1adcf888fafea9787bd
PowerPC architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_powerpc.deb
Size/MD5 checksum: 19748 fa53333f1cca83ff2b63cb02df470790
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_powerpc.deb
Size/MD5 checksum: 51044 9e0e47221a2169c7887e427bce4884c7
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_s390.deb
Size/MD5 checksum: 20006 3163cb7ae374796ee77531db72c26564
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_s390.deb
Size/MD5 checksum: 50670 3819659a18c3b54afcdc87763946f5b7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_sparc.deb
Size/MD5 checksum: 19370 16ea3477d14468cb9c2faf8bf6748f6a
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_sparc.deb
Size/MD5 checksum: 53314 81894df752b8a59a03d1ad07bd4f16ca
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>