Date: Sun, 17 Jun 2001 17:47:05 +0200
From: Wichert Akkerman <wichert@cistron.nl>
Subject: [SECURITY] [DSA-063-1] two xinetd problems
- ------------------------------------------------------------------------
Debian Security Advisory DSA-063-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
June 17, 2001
- ------------------------------------------------------------------------
Package : xinetd
Problem type : change default umask
buffer overflow
Debian-specific: no
zen-parse reported on bugtraq that there is a possible buffer overflow
in the logging code from xinetd. This could be triggered by using a
fake identd that returns special replies when xinetd does an ident
request.
Another problem is that xinetd sets it umask to 0. As a result any
programs that xinetd start that are not careful with file permissions
will create world-writable files.
Both problems have been fixed in version 2.1.8.8.p3-1.1 .
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.diff.gz
MD5 checksum: 457150cded692f00e76c73c8ae7787d1
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.dsc
MD5 checksum: c3c9764680b907c382904aa1e5ba32b0
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3.orig.tar.gz
MD5 checksum: 5d1f4d5bab29d9e68dc8850b4cb90969
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/xinetd_2.1.8.8.p3-1.1_alpha.deb
MD5 checksum: e43231b79cf899e89b9c8e98cb9a3473
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/xinetd_2.1.8.8.p3-1.1_arm.deb
MD5 checksum: 107e82971903932f9f6deb5b5db53000
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/xinetd_2.1.8.8.p3-1.1_i386.deb
MD5 checksum: 94aff2d70ce4032527b61ef5fe2bf623
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/xinetd_2.1.8.8.p3-1.1_m68k.deb
MD5 checksum: 53627cdca29cfd395b5413bf893652cf
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xinetd_2.1.8.8.p3-1.1_powerpc.deb
MD5 checksum: 0707a506c810aff814acaef7e6188527
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/xinetd_2.1.8.8.p3-1.1_sparc.deb
MD5 checksum: e93d159f968dc41c4244f1b27e023646
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
