-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ist'n this like spam ......i guess blindly forwarding these security
notifications and creating unnecessary mailing list traffic (an apt
update or yum will automatically solve this issue)
- -------- Original Message --------
Subject: [ilugd] (fwd) [SECURITY] [DSA 859-1] New xli packages fix
arbitrarycode execution
Date: Tue, 11 Oct 2005 09:34:01 +0530
From: Raj Mathur <[EMAIL PROTECTED]>
Reply-To: The Linux-Delhi mailing list <ilugd@lists.linux-delhi.org>
To: ilugd@lists.linux-delhi.org,
linux-india-help@lists.sourceforge.net
[Please upgrade xloadimage and xli on all distributions -- Raju]
This is an RFC 1153 digest.
(1 message)
- ----------------------------------------------------------------------
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Martin Schulze)
Sender: [EMAIL PROTECTED]
To: debian-security-announce@lists.debian.org (Debian Security
Announcements)
Cc:
Subject: [Full-disclosure] [SECURITY] [DSA 859-1] New xli packages fix
~ arbitrary code execution
Date: Mon, 10 Oct 2005 20:13:01 +0200 (CEST)
- --------------------------------------------------------------------------
Debian Security Advisory DSA 859-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 10th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : xli
Vulnerability : buffer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CAN-2005-3178
Debian Bug : 332524
Ariel Berkman discovered several buffer overflows in xloadimage, which
are also present in xli, a command line utility for viewing images in
X11, and could be exploited via large image titles and cause the
execution of arbitrary code.
For the old stable distribution (woody) these problems have been fixed in
version 1.17.0-11woody2.
For the stable distribution (sarge) these problems have been fixed in
version 1.17.0-18sarge1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your xli package.
Upgrade Instructions
- --------------------
wget url
~ will fetch the file for you
dpkg -i file.deb
~ will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
~ will update the internal database
apt-get upgrade
~ will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
~ Source archives:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.dsc
~ Size/MD5 checksum: 620 0276fa4de8addea1ba22891082860983
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.diff.gz
~ Size/MD5 checksum: 17956 71eaa54284c5a94cd1da8eeb84640158
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
~ Size/MD5 checksum: 200070 504f916c9a7d062c8f856f1625634ba8
~ Alpha architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_alpha.deb
~ Size/MD5 checksum: 173180 ba2b9b41fa851741ea382df36b26ead5
~ ARM architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_arm.deb
~ Size/MD5 checksum: 143240 bb55d1eb150836db14551c04cb0b15fc
~ Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_i386.deb
~ Size/MD5 checksum: 137188 17e8de575f30f20cbe8292d1ff899729
~ Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_ia64.deb
~ Size/MD5 checksum: 210274 622334c2eb4efa212fd78282a688f0e2
~ HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_hppa.deb
~ Size/MD5 checksum: 158510 7ab39258d6c4f55e98fe4d7fe7dc81dc
~ Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_m68k.deb
~ Size/MD5 checksum: 128356 42de21e615cd7a4b622e388b418ed2e3
~ Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mips.deb
~ Size/MD5 checksum: 149176 0cea90548325feb1f50b2f28f35c200e
~ Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mipsel.deb
~ Size/MD5 checksum: 149818 5a5d0f95b11da6a778ec98860e82cc4c
~ PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_powerpc.deb
~ Size/MD5 checksum: 143426 1e28cdcecad96ef5b829eaa95f259c40
~ IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_s390.deb
~ Size/MD5 checksum: 144772 7f44ced90c12a66de0a84e1788c72f38
~ Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_sparc.deb
~ Size/MD5 checksum: 146070 a1fce9f8274de0e57fb4a2f450eb811f
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
~ Source archives:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.dsc
~ Size/MD5 checksum: 634 a2fd32a5051dad8dc882897a615b9462
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.diff.gz
~ Size/MD5 checksum: 20929 313416fd297acf9834132bdaff96f709
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
~ Size/MD5 checksum: 200070 504f916c9a7d062c8f856f1625634ba8
~ Alpha architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_alpha.deb
~ Size/MD5 checksum: 181518 16e84cff74982374df62cc98011df088
~ AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_amd64.deb
~ Size/MD5 checksum: 150698 8f92258dd675c00ea4c4c2eddb07f5b3
~ ARM architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_arm.deb
~ Size/MD5 checksum: 148536 12dd6271ad28a1860423279dd7852259
~ Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_i386.deb
~ Size/MD5 checksum: 146218 33f60fadc36dbf592ffdd9a1a74bd3bf
~ Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_ia64.deb
~ Size/MD5 checksum: 209528 7fa18dbaaf15d0243704128f9b1cebf9
~ HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_hppa.deb
~ Size/MD5 checksum: 160864 61539793dedeae923155793af6c464eb
~ Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_m68k.deb
~ Size/MD5 checksum: 132676 a64f97b331a9e017b68315a2c2b58d36
~ Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mips.deb
~ Size/MD5 checksum: 159334 f38217f9558ec4c103a0d1c9bfe02bf4
~ Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mipsel.deb
~ Size/MD5 checksum: 160156 4b32d4438b1995a7cc24976758fb62f1
~ PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_powerpc.deb
~ Size/MD5 checksum: 153006 24b2ee9faa345b0ba56be739fba058da
~ IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_s390.deb
~ Size/MD5 checksum: 154356 7d2c1c3c0ddb85fa15e641f89a931584
~ Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_sparc.deb
~ Size/MD5 checksum: 145736 3d10b9672a0f48b0b3d06d14060203d5
~ These files will probably be moved into the stable distribution on
~ its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- ------------------------------
End of this Digest
******************
- --
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
~ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
~ It is the mind that moves
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
- --
"Innovation is not absolutely necessary, but then neither is survival."
- -- Andrew Papageorge
**********************************************************************************
pl ignore anything beyond this ;-)
**********************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFDS07xVAO9KHA2KWcRAgciAJwOyEFRKCIL0pA6bASabvEF2hExRQCfYXB0
sthiMVTGGTfkVt1r3Aliym4=
=bTEh
-----END PGP SIGNATURE-----
DISCLAIMER:
--------------------------------------------------------------------------------------------------------------
This e-mail contains confidential and/or privileged information. If you are not the intended recipient
(or have received this e-mail in error)please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure, use or distribution of the material in
this e-mail is strictly forbidden.
---------------------------------------------------------------------------------------------------------------
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
