Debian Security Advisory: Package: canna

Date: Sun, 2 Jul 2000 15:34:41 +0200
From: Wichert Akkerman wichert@cistron.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of canna released.

Debian Security Advisory                             security@debian.org
http://www.debian.org/security/                           Wichert Akkerman 
July  2, 2000

Package        : canna
Problem type   : remote exploit
Debian-specific: no

The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by
overflowing a buffer by sending a SR_INIT command with a very long
usernamd or groupname.

This has been fixed in version 3.5b2-24slink1, and recommend
that you upgrade your canna package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680×0, the alpha and the Sun sparc architecture.

The packages for the Sun sparc architecture are not available at
this moment; they will be announced on
http://security.debian.org/ when
they are.

Source archives:

http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.diff.gz
MD5 checksum: 7220bdad24aa3be2fdfc4f1bfd978235

http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.dsc
MD5 checksum: b62f0558dc852ed61930157236622e3d

http://security.debian.org/dists/stable/updates/source/canna_3.5b2.orig.tar.gz
MD5 checksum: 5e1d8527d397c3914ce6104dac3db466

Alpha architecture:

http://security.debian.org/dists/stable/updates/binary-alpha/canna-utils_3.5b2-24slink1_alpha.deb
MD5 checksum: b9318bb7dcb1936c3d16c54f8c799564

http://security.debian.org/dists/stable/updates/binary-alpha/canna_3.5b2-24slink1_alpha.deb
MD5 checksum: 1bcbbd1c4ad3146d66b2ca10b4914ccf

http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g-dev_3.5b2-24slink1_alpha.deb
MD5 checksum: 05df65c96e2adfc6d1cde593ef76ca33

http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g_3.5b2-24slink1_alpha.deb
MD5 checksum: b1e30d11faaccbf0014c42e56949c87c

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/binary-i386/canna-utils_3.5b2-24slink1_i386.deb
MD5 checksum: 45705fd8a8d230d3dd0094707eb2fac3

http://security.debian.org/dists/stable/updates/binary-i386/canna_3.5b2-24slink1_i386.deb
MD5 checksum: c15a54507be2fc745d55718efbae4f74

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/binary-m68k/canna-utils_3.5b2-24slink1_m68k.deb
MD5 checksum: aa0ef7ffe8ca29a99ba882513dd29888

http://security.debian.org/dists/stable/updates/binary-m68k/canna_3.5b2-24slink1_m68k.deb
MD5 checksum: 4069ed58591b44a5c670fd0a91e77ae1

http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g-dev_3.5b2-24slink1_m68k.deb
MD5 checksum: 005a4f8f6dbdafc1f1ccdc8443ddc8ad

http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g_3.5b2-24slink1_m68k.deb
MD5 checksum: 5aff2c0b7b089900faff113ce8a0abab

These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/
soon.

Debian GNU/Linux 2.2 alias potato

Please note that potato has not been released yet. However since
it is in the final stages of the release process security updates
are already being distributed.

The updated packages for potato have already been installed in
the archive.

For not yet released architectures please refer to the
appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/
.

For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org