| Debian Security Advisory DSA 321-1 | [email protected] |
| http://www.debian.org/security/ | Matt Zimmerman |
| June 13th, 2003 | http://www.debian.org/security/faq |
| Package | : | radiusd-cistron |
| Vulnerability | : | buffer overflow |
| Problem-Type | : | remote |
| Debian-specific | : | no |
radiusd-cistron contains a bug allowing a buffer overflow when a
long NAS-Port attribute is received. This could allow a remote
attacker to execute arbitrary code on the with the privileges of
the RADIUS daemon (usually root).
For the stable distribution (woody) this problem has been fixed
in version 1.6.6-1woody1.
For the old stable distribution (potato), this problem will be
fixed in a later advisory.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you update your radiusd-cistron package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.dsc
Size/MD5 checksum: 611 b6a3c69ca08b1f6984147e64f7ddcaab
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.diff.gz
Size/MD5 checksum: 4221 ad563e14d3f3da713973cd23e97dcef5
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6.orig.tar.gz
Size/MD5 checksum: 194154 16084870890fd2ec577dbe183b51a379
Alpha architecture:
Size/MD5 checksum: 262652 b541753d08f0d124a9f48133eeac381e
ARM architecture:
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_arm.deb
Size/MD5 checksum: 235578 6277971c73bf52c22b5623f9131a8d9f
Intel IA-32 architecture:
Size/MD5 checksum: 231960 9ca72ec922c0fd80e22d05a06176b265
Intel IA-64 architecture:
Size/MD5 checksum: 365566 ea7299686e6629039ecdf81abdebd5ee
HP Precision architecture:
Size/MD5 checksum: 235502 886c9f6006c80dcf3c4c5305c76411b7
Motorola 680×0 architecture:
Size/MD5 checksum: 225678 39c53545d15bb167550fd462a139fc35
Big endian MIPS architecture:
Size/MD5 checksum: 246130 3d98988fb2128bc26735c1c5b7a41cde
Little endian MIPS architecture:
Size/MD5 checksum: 245672 88e63e2d94973aa7e65176b81184ed80
PowerPC architecture:
Size/MD5 checksum: 229238 eb1d0a109bb66e3d39c902f561779afc
IBM S/390 architecture:
Size/MD5 checksum: 238530 396c1a07cc893b3d77a1ecfcbc0ee57a
Sun Sparc architecture:
Size/MD5 checksum: 248882 0e39dd1a1310e1afedc4d39e2b8d2794
These files will probably be moved into the stable distribution
on its next revision.
| Debian Security Advisory DSA 320-1 | [email protected] |
| http://www.debian.org/security/ | Matt Zimmerman |
| June 13th, 2003 | http://www.debian.org/security/faq |
| Package | : | mikmod |
| Vulnerability | : | buffer overflow |
| Problem-Type | : | local |
| Debian-specific | : | no |
| CVE Id | : | CAN-2003-0427 |
Ingo Saitz discovered a bug in mikmod whereby a long filename
inside an archive file can overflow a buffer when the archive is
being read by mikmod.
For the stable distribution (woody) this problem has been fixed
in version 3.1.6-4woody3.
For old stable distribution (potato) this problem has been fixed
in version 3.1.6-2potato3.
For the unstable distribution (sid) this problem is fixed in
version 3.1.6-6.
We recommend that you update your mikmod package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Source archives:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3.dsc
Size/MD5 checksum: 595 d0a811016b5025b327eea822373f12d5
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3.diff.gz
Size/MD5 checksum: 6207 2ce7c29ac4c12632de56a1db093982f7
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6.orig.tar.gz
Size/MD5 checksum: 134827 71d8142ae3ae27034535913e906b1384
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_alpha.deb
Size/MD5 checksum: 62968 0c0d4ff734a7c02e4d8c862bb3745713
ARM architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_arm.deb
Size/MD5 checksum: 52588 7d5da70323e8549fc7cf5528173f3d1d
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_i386.deb
Size/MD5 checksum: 50666 f00f6100852c6a25be4909e861368877
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_m68k.deb
Size/MD5 checksum: 48942 390d71cc5d5f98e84e077961740b9608
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_powerpc.deb
Size/MD5 checksum: 53578 ef6419433633f01244eafeb7b61d0e6c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_sparc.deb
Size/MD5 checksum: 54836 ca9367c16507f4ed6d247cc7001d777a
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3.dsc
Size/MD5 checksum: 608 b52405fb77329efddae915e145a9751d
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3.diff.gz
Size/MD5 checksum: 9726 35080e8530e9924be4d86aafbd31b84d
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6.orig.tar.gz
Size/MD5 checksum: 134827 71d8142ae3ae27034535913e906b1384
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_alpha.deb
Size/MD5 checksum: 62712 fe5456aa0ca7a1819fd1bb87b82bde1a
ARM architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_arm.deb
Size/MD5 checksum: 52602 d75974481a2b2e23c47a7f700bf878e5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_i386.deb
Size/MD5 checksum: 50578 fde5b864a91bdddf1b07720af26cf5d5
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_ia64.deb
Size/MD5 checksum: 76108 ad1cbef734d43f5e0fa5bad3c7f1cd72
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_hppa.deb
Size/MD5 checksum: 58482 9edb50e45214bc0b3225f5070df2b59f
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_m68k.deb
Size/MD5 checksum: 48554 a52f8913418501bf6a4b103e14636436
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_mips.deb
Size/MD5 checksum: 57352 4edbef3712ec7220cdbe410c61aa8406
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_mipsel.deb
Size/MD5 checksum: 57538 f0846374f89bc626f6ed29fd82bbd4af
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_powerpc.deb
Size/MD5 checksum: 53758 9a8e2a41cf260e5eecfd0472f2f574e6
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_s390.deb
Size/MD5 checksum: 53038 bddc8a9dcdea2b4386b5d5a4b3d281e1
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_sparc.deb
Size/MD5 checksum: 52786 9da2c9dc87e8c9d742483e5929c2e90f
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>