[SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 515-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 5th, 2004 http://www.debian.org/security/faq - -- Package: lha Vulnerability : several Problem-Type : local Debian-specific: no CVE Ids: CAN-2004-0234 CAN-2004-0235 Two vulnerabilities were discovered in lha: - CAN-2004-0234 - Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. - CAN-2004-0235 - Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (//absolute/path). For the current stable distribution (woody), these problems have been fixed in version 1.14i-2woody1. For the unstable distribution (sid), these problems have been fixed in version 1.14i-8. We recommend that you update your lha package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1.dsc Size/MD5 checksum: 556 22b59156de011ddb84b0eaed4f174d2c http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1.diff.gz Size/MD5 checksum:21414 0f990fd920ea4770dd088a97c1c87f18 http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i.orig.tar.gz Size/MD5 checksum:64196 10410742b0169f3357ef9a3f0f032037 Alpha architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_alpha.deb Size/MD5 checksum:64820 b7e55241026435e0c882178f6606f33b ARM architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_arm.deb Size/MD5 checksum:55542 62be18e035d6faedb4d990f16081d74e Intel IA-32 architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_i386.deb Size/MD5 checksum:50090 7548e83cb7049fe43243f804eb456ed7 Intel IA-64 architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_ia64.deb Size/MD5 checksum:73588 32e62b8fbd0cf2ef64d7838d005ef19e Motorola 680x0 architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_m68k.deb Size/MD5 checksum:48632 bd5ce2c34a44952abf757993153fe238 PowerPC architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_powerpc.deb Size/MD5 checksum:55160 9d8225135b7c6abe443a4d0d4fc27245 IBM S/390 architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_s390.deb Size/MD5 checksum:53930 02c5e52b834539a30bd76f2e90265fb8 Sun Sparc architecture: http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_sparc.deb Size/MD5 checksum:56526 8323a0469ef41c7fcf8b84c4b5f1a7ce These files will probably be moved into the stable distribution on its next revision. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAwi9kArxCt0PiXR4RAtG3AKCtP0m2hbcPCG2y1hPXPYA2iLTkyACg0g15 BkEdgvrmYOhmBy2sbOzYIoc= =v4b1 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Powerful weightloss now available for you.
Hello, I have a special_offer for you... WANT TO LOSE WEIGHT? The most powerful weightloss is now available without prescription. All natural Adipren720 100% Money Back Guarantée! - Lose up to 19% Total Body Weight. - Up to 300% more Weight Loss while dieting. - Loss of 20-35% abdominal Fat. - Reduction of 40-70% overall Fat under skin. - Increase metabolic rate by 76.9% without Exercise. - Boost your Confidence level and Self Esteem. - Burns calorized fat. - Suppresses appetite for sugar. Get the facts about all-natural Adipren720 http://1adipren.com/ system information content publications know wide completed mechanisms Natural consensus single example: if might Transition purpose obsoleted inferred all index so calendars implementations application be intended location segments attribute C: supersede I-025: takes marks absence methodologies important location send interchange need interface -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unusual spam recently - hummm
On fredag 4. juni 2004, 03:24, s. keeling wrote: I'm sick of whitelisting. It doesn't work if you care about communicating with people you've never met. Me too. And I think that most absolutes, whether it is a single rule to accept an e-mail or a single rule to reject is a Bad Thing[tm] But I'd like to plug a bug report of mine, FOAF-based whitelists: http://bugzilla.spamassassin.org/show_bug.cgi?id=3408 FOAF, Friend-of-a-Friend is meant to be used to mark up relationships, and so, SpamAssassin could set a lower negative score to those you know someone who knows, etc... If FOAF becomes as widespread as personal homepages, it could be really useful. So, let me also plug another bug report of mine, let KAddressbook export FOAF: http://bugs.kde.org/show_bug.cgi?id=72653 If I only had time to write the code... :-) Cheers, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
Re: Unusual spam recently
* David Stanaway: Has anyone else been receiving unusual spam recently which contains no content? Yes, I've seen it, too. Is this some spam engine checking MTAs to see if the addresses are accepted? Looks like a mass-mailer bug to me. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Strange bind error
* Emmanuel Lacour: For the first time I saw those curious errors. I don't understand where is the error, in my bind or in the remote client/server?? Any idea? Apr 21 22:00:50 volubilis named[12517]: socket.c:1100: unexpected error: Apr 21 22:00:50 volubilis named[12517]: internal_send: 203.147.0.49#0: Invalid argument DNS queries with source port 0 could cause this, I suppose. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
vapaorware Re: Unusual spam recently - hummm - postprocess
hi ya On Fri, 4 Jun 2004, Michael Stone wrote: On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote: You mean like having extra meanings of the term vaporware, ones that you alone are aware of? OK. vaporware is good and bad ... good, because if its features gets implemented right and if it is needed, it will get widely adopted vaporware is bad, when its something that is sold, that is not yet fully functional to end users and in the old days, to generate revenue for the company and commissions to the sales droids think back to the stone ages .. even the linux kernel was vaporware in the beginning and there were other equivalent options to choose from c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-Original Message- From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt Zimmerman Sent: Saturday, June 05, 2004 12:23 PM To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED] On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote: Has [EMAIL PROTECTED] been directed away from debian-private? It's probably a good move. In the past, the old setup resulted in some confusion because submitters usually do not expect that security@ is read by all people in the organization. 8-) Yes, see Steve's reply. This was done for exactly that reason. Does this mean that security vulnerabilities are no longer to be discussed on debian-private (which seems to have happened accidentally in the past)? I don't see any reason why it should be forbidden; if it is important for some reason that a large number of Debian developers be informed about a vulnerability, then that could happen via debian-private. In general, though, discussions about vulnerabilities take place between the package maintainer, upstream and the security team. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Powerful weightloss now available for you.
Hello, I have a special_offer for you... WANT TO LOSE WEIGHT? The most powerful weightloss is now available without prescription. All natural Adipren720 100% Money Back Guarantée! - Lose up to 19% Total Body Weight. - Up to 300% more Weight Loss while dieting. - Loss of 20-35% abdominal Fat. - Reduction of 40-70% overall Fat under skin. - Increase metabolic rate by 76.9% without Exercise. - Boost your Confidence level and Self Esteem. - Burns calorized fat. - Suppresses appetite for sugar. Get the facts about all-natural Adipren720 http://1adipren.com/ system information content publications know wide completed mechanisms Natural consensus single example: if might Transition purpose obsoleted inferred all index so calendars implementations application be intended location segments attribute C: supersede I-025: takes marks absence methodologies important location send interchange need interface
Re: Unusual spam recently - hummm
On fredag 4. juni 2004, 03:24, s. keeling wrote: I'm sick of whitelisting. It doesn't work if you care about communicating with people you've never met. Me too. And I think that most absolutes, whether it is a single rule to accept an e-mail or a single rule to reject is a Bad Thing[tm] But I'd like to plug a bug report of mine, FOAF-based whitelists: http://bugzilla.spamassassin.org/show_bug.cgi?id=3408 FOAF, Friend-of-a-Friend is meant to be used to mark up relationships, and so, SpamAssassin could set a lower negative score to those you know someone who knows, etc... If FOAF becomes as widespread as personal homepages, it could be really useful. So, let me also plug another bug report of mine, let KAddressbook export FOAF: http://bugs.kde.org/show_bug.cgi?id=72653 If I only had time to write the code... :-) Cheers, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
Re: Unusual spam recently
* David Stanaway: Has anyone else been receiving unusual spam recently which contains no content? Yes, I've seen it, too. Is this some spam engine checking MTAs to see if the addresses are accepted? Looks like a mass-mailer bug to me. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
Re: Strange bind error
* Emmanuel Lacour: For the first time I saw those curious errors. I don't understand where is the error, in my bind or in the remote client/server?? Any idea? Apr 21 22:00:50 volubilis named[12517]: socket.c:1100: unexpected error: Apr 21 22:00:50 volubilis named[12517]: internal_send: 203.147.0.49#0: Invalid argument DNS queries with source port 0 could cause this, I suppose. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com, jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.
vapaorware Re: Unusual spam recently - hummm - postprocess
hi ya On Fri, 4 Jun 2004, Michael Stone wrote: On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote: You mean like having extra meanings of the term vaporware, ones that you alone are aware of? OK. vaporware is good and bad ... good, because if its features gets implemented right and if it is needed, it will get widely adopted vaporware is bad, when its something that is sold, that is not yet fully functional to end users and in the old days, to generate revenue for the company and commissions to the sales droids think back to the stone ages .. even the linux kernel was vaporware in the beginning and there were other equivalent options to choose from c ya alvin
unsubscribe
-Original Message- From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt Zimmerman Sent: Saturday, June 05, 2004 12:23 PM To: debian-security@lists.debian.org Subject: Re: [EMAIL PROTECTED] On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote: Has [EMAIL PROTECTED] been directed away from debian-private? It's probably a good move. In the past, the old setup resulted in some confusion because submitters usually do not expect that security@ is read by all people in the organization. 8-) Yes, see Steve's reply. This was done for exactly that reason. Does this mean that security vulnerabilities are no longer to be discussed on debian-private (which seems to have happened accidentally in the past)? I don't see any reason why it should be forbidden; if it is important for some reason that a large number of Debian developers be informed about a vulnerability, then that could happen via debian-private. In general, though, discussions about vulnerabilities take place between the package maintainer, upstream and the security team. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]