Uppgraderat och tripwirat. /Micke
-- () Join the ASCII ribbon campaign against HTML email and Microsoft-specific /\ attachments. If I wanted to read HTML, I would have visited your website! Support open standards. On Mon, 18 Oct 2004, Martin Schulze wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 556-2 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > XXXXX 8th, 2004 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : netkit-telnet > Vulnerability : invalid free(3) > Problem-Type : remote > Debian-specific: yes > CVE ID : CAN-2004-0911 > Debian Bug : 273694 > > This is an update for DSA 556-1 which was intended to fix a denial of > service situation in netkit-telnet but didn't. The update for > unstable did fix the problem. For completeness below is the original > advisory text: > > Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) > whereby a remote attacker could cause the telnetd process to free an > invalid pointer. This causes the telnet server process to crash, > leading to a straightforward denial of service (inetd will disable the > service if telnetd is crashed repeatedly), or possibly the execution > of arbitrary code with the privileges of the telnetd process (by > default, the 'telnetd' user). > > For the unstable distribution (sid) this problem has been fixed in > version 0.17-26. > > For the stable distribution (woody) this problem has been fixed in > version 0.17-18woody2. > > We recommend that you upgrade your netkit-telnet-ssl package. > > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.dsc > Size/MD5 checksum: 602 5c4291548c60df2607baabc8af77fe88 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.diff.gz > Size/MD5 checksum: 21969 e29d25caa0138fe87b26f2fee609698d > > http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz > Size/MD5 checksum: 133749 d6beabaaf53fe6e382c42ce3faa05a36 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_alpha.deb > Size/MD5 checksum: 84150 5cd0073e1d87493de0e9347e08b33e4c > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_alpha.deb > Size/MD5 checksum: 45804 4f5924c6b71a716bbae5ff32aebdaee1 > > ARM architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb > Size/MD5 checksum: 69924 8bb25a534f053a693aa971df0e15d71f > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb > Size/MD5 checksum: 39618 2cfc8d96f00bb739333adf0659caceb6 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_i386.deb > Size/MD5 checksum: 70944 f8361dcb79029ba42c929a4eec1c9f2c > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_i386.deb > Size/MD5 checksum: 38594 8619caa3b44632443cde32a032100d3f > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_ia64.deb > Size/MD5 checksum: 102740 d9839694911c708b6e76de4f41434b24 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_ia64.deb > Size/MD5 checksum: 52486 8d7c4b6f977d5f01e93ef2437829202d > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_hppa.deb > Size/MD5 checksum: 69972 f5eb1bcafb1306cad596edc9e177eb7d > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_hppa.deb > Size/MD5 checksum: 43514 00b12715674693c3413dc74393d13cd7 > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_m68k.deb > Size/MD5 checksum: 67156 3a4ba0fc24b5fbdc6cd07dfe369ff051 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_m68k.deb > Size/MD5 checksum: 37452 951df56394fe48d8b2545c9595280307 > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mips.deb > Size/MD5 checksum: 80850 b2b47cef8c63aeae88939319ccffeb4a > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mips.deb > Size/MD5 checksum: 42610 3da3497520b9b63aa76860249ffa19a8 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mipsel.deb > Size/MD5 checksum: 80746 23cc994b10106a96da77b8b4c09db293 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mipsel.deb > Size/MD5 checksum: 42602 eaa443670708c98ca589e8c79b7e130d > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_powerpc.deb > Size/MD5 checksum: 73210 279bd225fed44479f70d231244378a34 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_powerpc.deb > Size/MD5 checksum: 40256 ded106aca9111c910eed3e0c8471f90d > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_s390.deb > Size/MD5 checksum: 73160 4b6a667921fad470fc9cf2ea5a337987 > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_s390.deb > Size/MD5 checksum: 41218 25a8ed701f933546d375626adc5af142 > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_sparc.deb > Size/MD5 checksum: 74160 ec213a37a00451e2c6d7e0ef8867acae > > http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_sparc.deb > Size/MD5 checksum: 45324 8af7b133cbf41eafc21886bed81b1c84 > > > These files will probably be moved into the stable distribution on > its next update. > > - --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (GNU/Linux) > > iD8DBQFBc5uJW5ql+IAeqTIRAqxvAJ9toVvFYlXmTUUQoQzOdbbOp0+CrgCfQAHm > 4XToD3nEV89dH06+YT8jqb8= > =EqQz > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
