Date: Mon, 4 Sep 2000 07:56:27 -0400 (EDT) From: Michael Stone mstone@justice.loyola.edu Reply-To: security@debian.org To: debian-security-announce@lists.debian.org Subject: [SECURITY] new version of screen released Resent-Date: Mon, 4 Sep 2000 11:58:35 GMT Resent-From: debian-security-announce@lists.debian.org ------------------------------------------------------------------------ Debian Security Advisory security@debian.org http://www.debian.org/security/ Michael Stone September 2, 2000 ------------------------------------------------------------------------ Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privileges if screen is setuid. Debian 2.1 (slink) did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and we recommend upgrading. A fixed version of screen is available in version 3.7.4-9.1 for Debian 2.1 (slink) and in version 3.9.5-9 for Debian 2.2 (potato). wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.1 alias slink ------------------------------------ Slink was released for alpha, i386, m68k and sparc architectures. We are releasing binary packages for i386 only at this time. Source archives: http://security.debian.org/dists/slink/updates/source/screen_3.7.4-9.1.diff.gz MD5 checksum: 20af8bde6e87398db100a817ab81c173 http://security.debian.org/dists/slink/updates/source/screen_3.7.4-9.1.dsc MD5 checksum: 8c391f8c6a9af846b60701c6677e4d25 http://security.debian.org/dists/slink/updates/source/screen_3.7.4.orig.tar.gz MD5 checksum: c5ab40b068968075e41e25607dfce543 Intel ia32 archives: http://security.debian.org/dists/slink/updates/binary-i386/screen_3.7.4-9.1_i386.deb MD5 checksum: a62f293aa7e0876cf49d51d3d216c09a Debian GNU/Linux 2.2 alias potato ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. At this moment packages for m68k are not yet available. As soon as they are ready we will put them online and list them on the security pages at http://security.debian.org/. Source archives: http://security.debian.org/dists/stable/updates/main/source/screen_3.9.5-9.diff.gz MD5 checksum: ac7f482241e3d26df3ebe8a77090d862 http://security.debian.org/dists/stable/updates/main/source/screen_3.9.5-9.dsc MD5 checksum: e4b616aed2e0653a60f81a0febdde994 http://security.debian.org/dists/stable/updates/main/source/screen_3.9.5.orig.tar.gz MD5 checksum: ac7dd525b0920bc98e4af75b0f73c73e Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/screen_3.9.5-9_alpha.deb MD5 checksum: beed25398f11afcb8cedb38c9ad0b369 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/screen_3.9.5-9_arm.deb MD5 checksum: d68e85b057eb4d362b4b5421ea0de977 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/screen_3.9.5-9_i386.deb MD5 checksum: 139c65e404139f6681a4e60b4ef708f1 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/screen_3.9.5-9_powerpc.deb MD5 checksum: af26d17cc292797ff1ebeab7fd1c29ae Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/screen_3.9.5-9_sparc.deb MD5 checksum: 05b7392240ca7ed901a47a7f643030d3 For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp:ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Debian: new version of screen released
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis