---

Debian Security Advisory: New version of amd fixes remote exploit, take 2

Date: Mon, 18 Oct 1999 02:51:48 +0200
From: Wichert Akkerman wichert@liacs.nl
To: debian-security-announce@lists.debian.org
Reply to: security@debian.org


Debian Security Advisory security@debian.org
http://www.debian.org/security/
Wichert Akkerman
October 18, 1999


The version of amd that was distributed with Debian GNU/Linux
2.1 isvulnerable to a remote exploit. This was fixed in version
23.0slink1. However that fix contained an error which has been
fixed in version upl102-23.slink2.

Here is the problem description from the previous fix: Passing a
big directory name to amd its logging code would overflow a buffer
which could be exploited. This has been fixed in version
23.0slink1.

We recommand that you upgrade your amd package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink


This version of Debian was released only for Intel, the Motorola
680×0, the alpha and the Sun sparc architecture.

Source archives:

http://security.debian.org/dists/stable/updates/source/amd_upl102-23.slink2.diff.gz

MD5 checksum: 30a6710a9e3fb6dcf46ec7491d157807

http://security.debian.org/dists/stable/updates/source/amd_upl102-23.slink2.dsc

MD5 checksum: 290f37dc51c2ed86400176fa9bef15ea

http://security.debian.org/dists/stable/updates/source/amd_upl102.orig.tar.gz

MD5 checksum: 76c61a893523001961437475ee2f79c5

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/binary-i386/amd_upl102-23.slink2_i386.deb

MD5 checksum: c732a6033245daf368fc1cf77718113e

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/binary-m68k/amd_upl102-23.slink2_m68k.deb

MD5 checksum: fe4f88cb3db1c18aeb132d2f60c6e732

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/binary-sparc/amd_upl102-23.slink2_sparc.deb

MD5 checksum: 9f05a455a3be2d237f4bcf093e1696b9


For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates

Mailing list: debian-security-announce@lists.debian.org

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis