| Debian Security Advisory DSA 385-1 | [email protected] |
| http://www.debian.org/security/ | Matt Zimmerman |
| September 18th, 2003 | http://www.debian.org/security/faq |
| Package | : | hztty |
| Vulnerability | : | buffer overflows |
| Problem-Type | : | local |
| Debian-specific | : | no |
| CVE Ids | : | CAN-2003-0783 |
Jens Steube reported a pair of buffer overflow vulnerabilities
in hztty, a program to translate Chinese character encodings in a
terminal session. These vulnerabilities could be exploited by a
local attacker to gain root privileges on a system where hztty is
installed.
Additionally, hztty had been incorrectly installed setuid root,
when it only requires the privileges of group utmp. This has also
been corrected in this update.
For the stable distribution (woody) this problem has been fixed
in version 2.0-5.2woody1.
For the unstable distribution (sid) this problem will befixed in
version 2.0-6.
We recommend that you update your hztty package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1.dsc
Size/MD5 checksum: 560 ade09c908df6e49f68b5565bc9deed7b
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1.diff.gz
Size/MD5 checksum: 3799 41baafd52655cf29ba344844b20d5635
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0.orig.tar.gz
Size/MD5 checksum: 229189 7ec5907ad55825780274b8a77b217e21
Alpha architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_alpha.deb
Size/MD5 checksum: 153682 792436d6241caf9ed0f84d46eb7adbf0
ARM architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_arm.deb
Size/MD5 checksum: 149582 5e4f10714ff728bdc78109546e6a471f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_i386.deb
Size/MD5 checksum: 149174 527fcdc48e8fd94db9aeeff1aeae1cfd
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_ia64.deb
Size/MD5 checksum: 156842 4887f3b937c0c19bcbf16f1334fd545c
HP Precision architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_hppa.deb
Size/MD5 checksum: 153142 275d3fd6af0e1c5fcb56115471e832eb
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_m68k.deb
Size/MD5 checksum: 148908 0afe3dc146fe516a090ceeb8efed8310
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_mips.deb
Size/MD5 checksum: 152414 009dfc06d43eddc92829c46c914b2d4e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_mipsel.deb
Size/MD5 checksum: 152488 331b8f3a232024fbbef9a9ad826a2ad9
PowerPC architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_powerpc.deb
Size/MD5 checksum: 150156 1079ca383c253bce3b7949a618cc4d28
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_s390.deb
Size/MD5 checksum: 150668 899a29ef01281669243cc49c6be15b03
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_sparc.deb
Size/MD5 checksum: 153624 fedf0fb0846b7cf7be1a9c1b33d3ee57
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
| Debian Security Advisory DSA 386-1 | [email protected] |
| http://www.debian.org/security/ | Matt Zimmerman |
| September 18th, 2003 | http://www.debian.org/security/faq |
| Package | : | libmailtools-perl |
| Vulnerability | : | input validation |
| Problem-Type | : | local, remote |
| Debian-specific | : | no |
| CVE Ids | : | CAN-2002-1271 |
The SuSE security team discovered during an audit that the
Mail::Mailer module, a Perl module used for sending email, whereby
potentially untrusted input is passed to a program such as mailx,
which may interpret certain escape sequences as commands to be
executed.
This bug has been fixed by removing support for programs such as
mailx as a transport for sending mail. Instead, alternative
mechanisms are used.
For the stable distribution (woody) this problem has been fixed
in version 1.44-1woody1.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you update your libmailtools-perl package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 678 ab509c1bbeae26c200d1fec924dde579
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44-1woody2.diff.gz
Size/MD5 checksum: 4302 6ceda7fb60d34166280705507de7c4d7
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44.orig.tar.gz
Size/MD5 checksum: 41496 4e00dbd04db2dc4a6fdfce6f848be158
Architecture independent components:
Size/MD5 checksum: 77952 bf650f36e83e287f4003386ed5ee62e6
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/mailtools_1.44-1woody2_all.deb
Size/MD5 checksum: 9980 cc6be5da5273b3f8efd4266163fe83f1
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
| Debian Security Advisory DSA 387-1 | [email protected] |
| http://www.debian.org/security/ | Matt Zimmerman |
| September 18th, 2003 | http://www.debian.org/security/faq |
| Package | : | gopher |
| Vulnerability | : | buffer overflows |
| Problem-Type | : | remote |
| Debian-specific | : | no |
| CVE Ids | : | CAN-2003-0805 |
gopherd, a gopher server from the University of Minnesota,
contains a number of buffer overflows which could be exploited by a
remote attacker to execute arbitrary code with the privileges of
the gopherd process (the “gopher” user by default).
For the stable distribution (woody) this problem has been fixed
in version 3.0.3woody1.
This program has been removed from the unstable distribution
(sid). gopherd is deprecated, and users are recommended to use
PyGopherd instead.
We recommend that you update your gopherd package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.dsc
Size/MD5 checksum: 552 76894dc1222e79774f40224324f0ad7f
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.tar.gz
Size/MD5 checksum: 508417 06bc48d36dc86d7b16ff4d3127e6af6b
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_alpha.deb
Size/MD5 checksum: 151236 5218f20b73cf27e24caf8fc096ee6b91
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_alpha.deb
Size/MD5 checksum: 119994 3c11c4950de29f3f9b9657be7280659f
ARM architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_arm.deb
Size/MD5 checksum: 114484 8ee45328aae7009263c4032671b7bf56
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_arm.deb
Size/MD5 checksum: 98494 1890c8e32bd42994a9a1d3042d110e86
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_i386.deb
Size/MD5 checksum: 112374 6b57793273a1bad97d0640a8d01e14b9
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_i386.deb
Size/MD5 checksum: 96740 f8ed5c064754ed584a31eaf1b100825e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_ia64.deb
Size/MD5 checksum: 173530 e6a1b592a571aed9ffaba35068a0495e
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_ia64.deb
Size/MD5 checksum: 139634 64803a5dd1dff2e88fcfc68f6ef9ee11
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_hppa.deb
Size/MD5 checksum: 129748 b5c718e641270c8e1b589135c509a4d5
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_hppa.deb
Size/MD5 checksum: 109600 efcf89e4af0d362d879f24e588883e26
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_m68k.deb
Size/MD5 checksum: 105664 82e0ef414d07be4eea0cb1f747968575
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_m68k.deb
Size/MD5 checksum: 91786 718d9631c2d1824d6e8ef631eadfeb78
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mips.deb
Size/MD5 checksum: 130662 ab224c0de3c08876d55a1f93f2830190
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mips.deb
Size/MD5 checksum: 109360 0a74a8980e0878a7828c2c2466e5d790
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mipsel.deb
Size/MD5 checksum: 130674 1d585c488b273c8bf91399ffb881ed26
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mipsel.deb
Size/MD5 checksum: 109308 aad80866bf9d615a079f70080e4b7c9f
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_powerpc.deb
Size/MD5 checksum: 120924 8b5741c2db865625ff6ed00087d77fa0
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_powerpc.deb
Size/MD5 checksum: 102660 e51128248e56bb60eab6ab4a2974e3d8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_s390.deb
Size/MD5 checksum: 116154 117945606232036f793a9949b9ac0141
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_s390.deb
Size/MD5 checksum: 99710 e7e3cb0d53b024d13be36af41fcf9994
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_sparc.deb
Size/MD5 checksum: 121790 2f6db0257015d8a42230e3e8e95f9f28
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_sparc.deb
Size/MD5 checksum: 102074 dcfd0b3412c55d9d8f911c9f9204fd08
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>