On Monday, April 19, 2004, at 03:06AM, Matt Zimmerman <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- -------------------------------------------------------------------------- >Debian Security Advisory DSA 492-1 [EMAIL PROTECTED] >http://www.debian.org/security/ Matt Zimmerman >April 18th, 2004 http://www.debian.org/security/faq >- -------------------------------------------------------------------------- > >Package : iproute >Vulnerability : denial of service >Problem-Type : local >Debian-specific: no >CVE Ids : CAN-2003-0856 >Debian Bug : 242994 > >Herbert Xu reported that local users could cause a denial of service >against iproute, a set of tools for controlling networking in Linux >kernels. iproute uses the netlink interface to communicate with the >kernel, but failed to verify that the messages it received came from >the kernel (rather than from other user processes). > >For the current stable distribution (woody) this problem has been >fixed in version 20010824-8woody1. > >For the unstable distribution (sid), this problem will be fixed soon. > >We recommend that you update your iproute package. > >Upgrade Instructions >- -------------------- > >wget url > will fetch the file for you >dpkg -i file.deb > will install the referenced file. > >If you are using the apt-get package manager, use the line for >sources.list as given below: > >apt-get update > will update the internal database >apt-get upgrade > will install corrected packages > >You may use an automated update by adding the resources from the >footer to the proper configuration. > >Debian GNU/Linux 3.0 alias woody >- -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1.dsc > Size/MD5 checksum: 583 4ddfda116fcaa5670bd0a395ce62c249 > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1.diff.gz > Size/MD5 checksum: 30926 818c356e9a703804987a99452a5cb5bf > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824.orig.tar.gz > Size/MD5 checksum: 140139 b05a4e375d9468be3a1dd3f0e83daee8 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_alpha.deb > Size/MD5 checksum: 535862 84d99c4199f8ae7eab695f8e06a9de6b > > ARM architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_arm.deb > Size/MD5 checksum: 509116 d4e7b52ca059ab99b67a9f01e07ccb1e > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_i386.deb > Size/MD5 checksum: 499718 194a49253bf81cdcf702f935e2b35534 > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_ia64.deb > Size/MD5 checksum: 570038 180ddee3ed7373989d54a2b3783c58f2 > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_hppa.deb > Size/MD5 checksum: 525956 30b521f7417acb9150cd2b79f065734d > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_m68k.deb > Size/MD5 checksum: 489736 196339f8c47b861aff2c110e5405ecc1 > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_mips.deb > Size/MD5 checksum: 512874 2781925dd48d9bb9cb8b948e397b2947 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_mipsel.deb > Size/MD5 checksum: 513570 b61d21209d3cd1bf6b828396ef347676 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_powerpc.deb > Size/MD5 checksum: 507942 cfa15b75474d3faa2bdaeb1b3c399d99 > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_s390.deb > Size/MD5 checksum: 503396 13e689f21473365267f7f73b44b05c2f > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_sparc.deb > Size/MD5 checksum: 515030 fbc32ebc11a4cb14b98154b6cb257c8c > > These files will probably be moved into the stable distribution on > its next revision. > >- >--------------------------------------------------------------------------------- >For apt-get: deb http://security.debian.org/ stable/updates main >For dpkg-ftp: ftp://security.debian.org/debian-security >dists/stable/updates/main >Mailing list: debian-security-announce@lists.debian.org >Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) > >iD8DBQFAgzQHArxCt0PiXR4RAmmeAKC6eG5pzcPeYNMGnjtntChR8xIooQCg1666 >bo9m3KmiJhGY10i4NcvPt2Q= >=YHs8 >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >