---

Home Security

Debian GNU/Linux Advisories: squid, sysstat, oftpd, interchange, fte

By

Debian Security Advisory DSA 474-1 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
April 3rd, 2004 http://www.debian.org/security/faq

Package : squid
Problem-Type : ACL bypass
Debian-specific: no
CVE Ids : CAN-2004-0189

A vulnerability was discovered in squid, an Internet object
cache, whereby access control lists based on URLs could be bypassed
(CAN-2004-0189). Two other bugs were also fixed with patches
squid-2.4.STABLE7-url_escape.patch (a buffer overrun which does not
appear to be exploitable) and squid-2.4.STABLE7-url_port.patch (a
potential denial of service).

For the stable distribution (woody) these problems have been
fixed in version 2.4.6-2woody2.

For the unstable distribution (sid) these problems have been
fixed in version 2.5.5-1.

We recommend that you update your squid package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2.dsc

Size/MD5 checksum: 621 d61b7bf783830f071f5f091db85864aa

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2.diff.gz

Size/MD5 checksum: 224311 e1fbff609b3957f2f0a834fe5ffba8dd

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz

Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228

Alpha architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_alpha.deb

Size/MD5 checksum: 814744 342a3a95c73aa998461bb7519f1b6d6a

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_alpha.deb

Size/MD5 checksum: 75134 574f070f7a7fbd6a43246b42a1db9a39

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_alpha.deb

Size/MD5 checksum: 59926 c93d20eeb1563fb78c5085453abebd4b

ARM architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_arm.deb

Size/MD5 checksum: 724730 3b83ffa98670b7f9fe8eb431cd7e479b

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_arm.deb

Size/MD5 checksum: 72542 efd5e8842815d2928d5bd4033907dce0

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_arm.deb

Size/MD5 checksum: 58278 f436043d4b1139179af520a7a6b1b8d6

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_i386.deb

Size/MD5 checksum: 698508 0aedc49b881f8d780c55290e09924efe

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_i386.deb

Size/MD5 checksum: 72896 3277f9f2a974093b22d85dcbe8fd86ff

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_i386.deb

Size/MD5 checksum: 57538 ccf05d0a3027e2f54253b023f139005e

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_ia64.deb

Size/MD5 checksum: 952742 e4e67ae336927d9816941016eeccccea

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_ia64.deb

Size/MD5 checksum: 78324 19c0e74ae46fe1f158cf7988c4e9bb1b

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_ia64.deb

Size/MD5 checksum: 62594 6cb77e23ac2d571d6e9c9ca9b993ed2b

HP Precision architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_hppa.deb

Size/MD5 checksum: 778878 f39bf46bd07598ba48783eb8ddd392a7

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_hppa.deb

Size/MD5 checksum: 73912 f315c3aba6b2e47f8ab96741cdb0738a

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_hppa.deb

Size/MD5 checksum: 59422 329334888b68fed99760a6f2749010b1

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_m68k.deb

Size/MD5 checksum: 664804 d3e929ea6f786b8791ce20077ef62872

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_m68k.deb

Size/MD5 checksum: 71856 535cd33a38f10d8813bbfab75591b956

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_m68k.deb

Size/MD5 checksum: 57496 63e90d2bda866227a745fcad95c45d5a

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_mips.deb

Size/MD5 checksum: 764688 c6eefe3b6f9b8b4f5df943baa6a7a5dd

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_mips.deb

Size/MD5 checksum: 73436 d5e34594b15e52097a84f5dabd3ec100

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_mips.deb

Size/MD5 checksum: 58584 d9a275f87449d3531c302b531091800c

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody1_mipsel.deb

Size/MD5 checksum: 763980 9f987ecd9a8ff462dbf1263739f1b8f1

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody1_mipsel.deb

Size/MD5 checksum: 73432 e8b9c5bd013b013c6e859dc3af31dd0e

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody1_mipsel.deb

Size/MD5 checksum: 58566 0b4cce0a9c8f989259dae10cf7fe957d

PowerPC architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_powerpc.deb

Size/MD5 checksum: 721636 0d9260b21bca35c26ed15d9a423d469f

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_powerpc.deb

Size/MD5 checksum: 72498 b323cd2d039903ae92c0b433062ef376

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_powerpc.deb

Size/MD5 checksum: 58170 19070ddbd50f03df0d0d9d0a4832781c

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_s390.deb

Size/MD5 checksum: 711180 80e6122e4505a03aa0ebee9993fb5c18

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_s390.deb

Size/MD5 checksum: 72856 0b79555fe254218e3a159b23065f949c

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_s390.deb

Size/MD5 checksum: 58718 de157f9dad34a4f28b2b41c6562ea2f1

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_sparc.deb

Size/MD5 checksum: 723914 f3465e678067c079e1e9e2d4abca0cca

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_sparc.deb

Size/MD5 checksum: 75184 2e49570a56c5741aa3190b473e6ec920

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_sparc.deb

Size/MD5 checksum: 60592 eba58b5789a7eca6c7d91ff4a7f7c2fb

These files will probably be moved into the stable distribution
on its next revision.

Debian Security Advisory DSA 460-2 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
April 3rd, 2004 http://www.debian.org/security/faq

Package : sysstat
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2004-0108

Alan Cox discovered that the isag utility (which graphically
displays data collected by the sysstat tools), creates a temporary
file without taking proper precautions. This vulnerability could
allow a local attacker to overwrite files with the privileges of
the user invoking isag.

The update used in DSA 460-1 did not fix every occurrence of the
bug. DSA 460-2 includes a more complete fix.

For the current stable distribution (woody) this problem has
been fixed in version 4.0.4-1woody2.

For the unstable distribution (sid) this problem has been fixed
in version 5.0.2-1.

We recommend that you update your sysstat package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2.dsc

Size/MD5 checksum: 646 7f580bd95e4beb891308f768d23c8cf7

http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2.diff.gz

Size/MD5 checksum: 9034 84514ad26e9ee46ef816a48cc0130aca

http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4.orig.tar.gz

Size/MD5 checksum: 99410 9bab6bb01949ba36ce0e5520699ebdf2

Architecture independent components:


http://security.debian.org/pool/updates/main/s/sysstat/isag_4.0.4-1woody2_all.deb

Size/MD5 checksum: 15948 51625bb242d8813a5a36b6f46762037d

Alpha architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_alpha.deb

Size/MD5 checksum: 101734 b01b8832667c4b2ccfe1491761ae3262

ARM architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_arm.deb

Size/MD5 checksum: 86348 d1e0b2ce8b9dd2be66127c6de76aad3e

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_i386.deb

Size/MD5 checksum: 78712 3b33e776572470aa69c0d38989277205

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_ia64.deb

Size/MD5 checksum: 115198 d9cc1e755a52348c8cced764616609a5

HP Precision architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_hppa.deb

Size/MD5 checksum: 95478 1fe245a0dfa1660cc15ba98b8f37ee17

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_m68k.deb

Size/MD5 checksum: 74918 f451be4419f98e8d3a2a8698385a64c5

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_mips.deb

Size/MD5 checksum: 87870 85fad1a5a2c7b80860a821ccb72506e3

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_mipsel.deb

Size/MD5 checksum: 87652 d73a29ed3a0bf19d2998276646c73934

PowerPC architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_powerpc.deb

Size/MD5 checksum: 86980 b7e43a983e0bef5525249d76151de17c

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_s390.deb

Size/MD5 checksum: 83140 9741e6555f390f9248b53be845e72376

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody2_sparc.deb

Size/MD5 checksum: 99346 ebfb5cfe81ac719d76bed6f71a232bec

These files will probably be moved into the stable distribution
on its next revision.

Debian Security Advisory DSA 473-1 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
April 3rd, 2004 http://www.debian.org/security/faq

Package : oftpd
Problem-Type : denial of service
Debian-specific: no
CVE Ids : CAN-2004-0376 Debian bug : 216871

A vulnerability was discovered in oftpd, an anonymous FTP
server, whereby a remote attacker could cause the oftpd process to
crash by specifying a large value in a PORT command.

For the stable distribution (woody) this problem has been fixed
in version 0.3.6-6.

For the unstable distribution (sid) these problems have been
fixed in version 20040304-1.

We recommend that you update your oftpd package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6.dsc

Size/MD5 checksum: 582 ec0796ba52c95ba4ee83414917b656c4

http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6.diff.gz

Size/MD5 checksum: 49463 329930f2d835f6c754b6c79a496f038a

http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6.orig.tar.gz

Size/MD5 checksum: 77201 78b4139bb0108297b9814564db986852

Alpha architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_alpha.deb

Size/MD5 checksum: 46166 cea2315f6960525ac9c113510f20dfbc

ARM architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_arm.deb

Size/MD5 checksum: 40084 28fb6ba5082855444980ca611e8429c0

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_i386.deb

Size/MD5 checksum: 38442 32cacf8eb9d37a8406302811ac3d62ac

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_ia64.deb

Size/MD5 checksum: 53688 3142a68ecc08c448e082d339812796c8

HP Precision architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_hppa.deb

Size/MD5 checksum: 42828 eef0881c474cce76cdf012ac797b8203

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mips.deb

Size/MD5 checksum: 39898 316629cf18ed8906ea09b84140ecf64c

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mipsel.deb

Size/MD5 checksum: 39976 1e6fc0b5f9c402d15541f8d5bd6a36a9

PowerPC architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_powerpc.deb

Size/MD5 checksum: 39434 a712ef00a8bc169f4bfd319583367f59

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_s390.deb

Size/MD5 checksum: 38824 eb1405f335b5344b43b7617ee9b1ecfd

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_sparc.deb

Size/MD5 checksum: 42250 15668b00038e349cbf6b0331d791532d

These files will probably be moved into the stable distribution
on its next revision.

Debian Security Advisory DSA 471-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 2nd, 2004 http://www.debian.org/security/faq

Package : interchange
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0374

A vulnerability was discovered recently in Interchange, an
e-commerce and general HTTP database display system. This
vulnerability can be exploited by an attacker to expose the content
of arbitrary variables. An attacker may learn SQL access
information for your Interchange application and use this
information to read and manipulate sensitive data.

For the stable distribution (woody) this problem has been fixed
in version 4.8.3.20020306-1.woody.2.

For the unstable distribution (sid) this problem has been fixed
in version 5.0.1-1.

We recommend that you upgrade your interchange package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2.dsc

Size/MD5 checksum: 841 94b0e9195fba3134ea48470348c4011a

http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2.diff.gz

Size/MD5 checksum: 1033 3a26a6f4bf24dce7fc38a5a14e8c5f6d

http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306.orig.tar.gz

Size/MD5 checksum: 1858749 660c7e65732a052a81d2ae6e4c6ed2b5

Architecture independent components:


http://security.debian.org/pool/updates/main/i/interchange/interchange-cat-foundation_4.8.3.20020306-1.woody.2_all.deb

Size/MD5 checksum: 636148 6d026419d3b15190084c5132d1f23831

http://security.debian.org/pool/updates/main/i/interchange/interchange-ui_4.8.3.20020306-1.woody.2_all.deb

Size/MD5 checksum: 443894 f92de9f0d14e3eec42e5aa026b0aebb0

Alpha architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_alpha.deb

Size/MD5 checksum: 856628 7cbe87e177b5301b8a4dc65a660b4cb7

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_alpha.deb

Size/MD5 checksum: 13948 957f5459ba925c58bd8051f57a3a73e5

ARM architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_arm.deb

Size/MD5 checksum: 855318 d38304316bbe9ea7d4393cd239da5720

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_arm.deb

Size/MD5 checksum: 13336 683949f1e2771a3820e7fe022939e0f6

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_i386.deb

Size/MD5 checksum: 854816 109adbb0c0b312266cbf40f61f069e66

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_i386.deb

Size/MD5 checksum: 13290 e0beca510155188aee6fd844194df9c6

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_ia64.deb

Size/MD5 checksum: 858690 0ab2a74ee31c14fa5d13b18cecffc511

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_ia64.deb

Size/MD5 checksum: 15810 221b180c0ee922bb6b52bbfa18a9da45

HP Precision architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_hppa.deb

Size/MD5 checksum: 856400 e3d30cc487ddb668fb12e58a3015e233

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_hppa.deb

Size/MD5 checksum: 14050 3b75f8a9a1c1cac6696b3d1a6b08f890

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_m68k.deb

Size/MD5 checksum: 855446 5cd7687a310f7f7d31c4ccc531f71728

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_m68k.deb

Size/MD5 checksum: 13298 c7bcc87f7942cdaa629a845a4b7f2235

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_mips.deb

Size/MD5 checksum: 856194 f8ff381f65390d33405edf0c2ae621e8

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_mips.deb

Size/MD5 checksum: 13372 60cad3c65165d107113cb0753ee8c94d

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_mipsel.deb

Size/MD5 checksum: 856134 bd1274309cff939e3b9adce8e29e3349

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_mipsel.deb

Size/MD5 checksum: 13388 7703855991403f9464c93a4250df13d4

PowerPC architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_powerpc.deb

Size/MD5 checksum: 855548 14d5d8074d0b018a90b20053544767a5

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_powerpc.deb

Size/MD5 checksum: 13270 3dbc5939e4069e95dc0d5e55e87322cc

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_s390.deb

Size/MD5 checksum: 855872 ca6ec24a4760fcb83b7313a2e3e5aa15

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_s390.deb

Size/MD5 checksum: 13568 cfa8f946a9fcb65870c8245afe84b75d

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_sparc.deb

Size/MD5 checksum: 858448 00048ba18cc57fa5dbaa1356efccca52

http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_sparc.deb

Size/MD5 checksum: 13402 dfea5e9879849be66d83f3c4796c888c

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 472-1 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
April 3rd, 2004 http://www.debian.org/security/faq

Package : fte
Vulnerability : several
Problem-Type : buffer overflows
Debian-specific: no
CVE Ids : CAN-2003-0648
Debian bug : #203871

Steve Kemp and Jaguar discovered a number of buffer overflow
vulnerabilities in vfte, a version of the fte editor which runs on
the Linux console, found in the package fte-console. This program
is setuid root in order to perform certain types of low-level
operations on the console.

Due to these bugs, setuid privilege has been removed from vfte,
making it only usable by root. We recommend using the terminal
version (in the fte-terminal package) instead, which runs on any
capable terminal including the Linux console.

For the stable distribution (woody) these problems have been
fixed in version 0.49.13-15woody1.

For the unstable distribution (sid) these problems have been
fixed in version 0.50.0-1.1.

We recommend that you update your fte package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.dsc

Size/MD5 checksum: 609 4ce3f8d5ce68e70d8f5800171eb3b4b2

http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.tar.gz

Size/MD5 checksum: 559912 4e35205cf4256fbac041ba290e633f30

Alpha architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_alpha.deb

Size/MD5 checksum: 74102 83dedc8a780725dbe8073b081a653828

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_alpha.deb

Size/MD5 checksum: 199602 ab0c0c86670e4f2f64651f52f7a0403a

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_alpha.deb

Size/MD5 checksum: 122700 7be26dee16c2d2938b4f8273562c56b3

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_alpha.deb

Size/MD5 checksum: 197942 5d6ee59128a9360e1c0dc62805c0e100

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_alpha.deb

Size/MD5 checksum: 207180 b85e97f12de35cee17d68ede3e933ba2

ARM architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_arm.deb

Size/MD5 checksum: 71608 5e8d77bf80748f3607a99301d111c507

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_arm.deb

Size/MD5 checksum: 150768 22e3b88059d61140e81222a043bc0e55

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_arm.deb

Size/MD5 checksum: 122718 e99955a854dbd95537b885921d2b20b5

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_arm.deb

Size/MD5 checksum: 148560 022486dd73f78054855e55efe3a90b3b

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_arm.deb

Size/MD5 checksum: 156664 86d50122eb5b823bcb30a1d37ba351c5

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_i386.deb

Size/MD5 checksum: 71626 16729e271bb38948ae89ba3766dc8491

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_i386.deb

Size/MD5 checksum: 141516 1645111f30e339cbed6ef4bb13cb803f

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_i386.deb

Size/MD5 checksum: 124322 d8fd1efd66cd696a88c6e403bdff0d2b

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_i386.deb

Size/MD5 checksum: 140162 ff1d2c613b40834b5f23411a61560ead

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_i386.deb

Size/MD5 checksum: 146778 385b06d99a0150e187dd98e94e29fe36

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_ia64.deb

Size/MD5 checksum: 78128 c6eb92920b98887390928b1655502b9d

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_ia64.deb

Size/MD5 checksum: 264434 d2ac6731be692ba2498107ef5d9cc6bc

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_ia64.deb

Size/MD5 checksum: 122696 9ae248e75e671bc03a2964e3b7bb2cae

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_ia64.deb

Size/MD5 checksum: 261032 2e18827c056d7f99993db4d0bebfe4fb

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_ia64.deb

Size/MD5 checksum: 273122 60b262caccd4290008e40cb149b8301e

HP Precision architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_hppa.deb

Size/MD5 checksum: 73998 ac99b815a02e58311c53e1f8cb068c1c

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_hppa.deb

Size/MD5 checksum: 207580 4ac741368c8ee3c9951c038a4eec914c

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_hppa.deb

Size/MD5 checksum: 122706 d651c44366bda7660ad08b9c346c7a2e

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_hppa.deb

Size/MD5 checksum: 205592 e52154184595ef322973d5f95772863c

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_hppa.deb

Size/MD5 checksum: 214532 2e6bd1b6e35b6e5c84574495262698dc

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_m68k.deb

Size/MD5 checksum: 70378 6655c66baab59b983f77f30ef3f16bb3

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_m68k.deb

Size/MD5 checksum: 126710 f69dcd049d92ff4dac8494989c5cbede

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_m68k.deb

Size/MD5 checksum: 122714 aadab6ad515ec1acfc39044cfc3d6c5b

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_m68k.deb

Size/MD5 checksum: 125352 e6c5588ebd0808b3069ac09b1a8e7c7f

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_m68k.deb

Size/MD5 checksum: 131720 2c15fec4f2e5234907a2e78f63f2cf8d

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mips.deb

Size/MD5 checksum: 71976 edf9be1182ff20fb63c34dd7bca5911d

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mips.deb

Size/MD5 checksum: 189068 a58b831e5b5dcce139df5243ab9cfab9

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mips.deb

Size/MD5 checksum: 122808 2a9de827c427cd7b44223096c1b6fa53

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mips.deb

Size/MD5 checksum: 186822 f68f2e7bc58495a3d7a87e449e14ea7f

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mips.deb

Size/MD5 checksum: 195160 47c26ca11949aad7dcbe5c7c1c6dff20

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mipsel.deb

Size/MD5 checksum: 71926 65757722fa2cb9df9e6139037bd7603b

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mipsel.deb

Size/MD5 checksum: 188276 8de060e1f996b7aa6847180430286c3b

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mipsel.deb

Size/MD5 checksum: 122690 f7f79c453c5b94f111a3aa73c17dc9c0

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mipsel.deb

Size/MD5 checksum: 186174 3c1cda10c450f4694a950bfb3d818876

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mipsel.deb

Size/MD5 checksum: 194628 b9bde5aa9ac546bc44dc7c3e73cc65a8

PowerPC architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_powerpc.deb

Size/MD5 checksum: 72144 f2e256f4e7802a8c65f4f0159d27851a

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_powerpc.deb

Size/MD5 checksum: 153434 f6b1ad3a7e77af9daac9114f00e62b7c

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_powerpc.deb

Size/MD5 checksum: 122704 20fa2128e9d5d6456cfafe399d876d9e

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_powerpc.deb

Size/MD5 checksum: 151558 716c7bcdefe356a338341c08fcf4ea59

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_powerpc.deb

Size/MD5 checksum: 159448 2b7e59957df4ff0d66bf46b481c0de46

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_s390.deb

Size/MD5 checksum: 70960 e9d119f457361dc983eab526ad826143

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_s390.deb

Size/MD5 checksum: 149092 5012101938d0597fc421ac09c2b10c66

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_s390.deb

Size/MD5 checksum: 122702 0a6176acf340fc75396c89d64e891675

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_s390.deb

Size/MD5 checksum: 147520 8245176bfb3c5ffaa1aff525ddc9f50b

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_s390.deb

Size/MD5 checksum: 155422 cca9f5f4fdafcb89bdee5afb117bf125

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_sparc.deb

Size/MD5 checksum: 72158 26de448213afdbaf9dae2920448f7370

http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_sparc.deb

Size/MD5 checksum: 142988 1612dd5fc622aeb1de19dbec8840e457

http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_sparc.deb

Size/MD5 checksum: 122710 1c3903d536725137443aa9680cd3500f

http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_sparc.deb

Size/MD5 checksum: 141242 0c7d30f936f0f86e11beea711977fb77

http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_sparc.deb

Size/MD5 checksum: 149172 5723b04f45c2d3a8ed480c34a683af34

These files will probably be moved into the stable distribution
on its next revision.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.