[Please upgrade sharutils on all distributions -- Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q"
Content-Disposition: inline
Message-ID: <[EMAIL PROTECTED]>
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [USN-102-1] shar vulnerabilities
Date: Tue, 29 Mar 2005 14:13:20 +0200
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
===========================================================
Ubuntu Security Notice USN-102-1 March 29, 2005
sharutils vulnerabilities
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242597
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
sharutils
The problem can be corrected by upgrading the affected package to
version 1:4.2.1-10ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Shaun Colley discovered a buffer overflow in "shar" that was triggered
by output files (specified with -o) with names longer than 49
characters. This could be exploited to run arbitrary attacker
specified code on systems that automatically process uploaded files
with shar.
Ulf Harnhammar discovered that shar does not check the data length
returned by the 'wc' command. However, it is believed that this cannot
actually be exploited on real systems.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.diff.gz
Size/MD5: 7692 7d0ac5f9d30e814f3bb8a920a384efd0
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.dsc
Size/MD5: 634 400f8c2b587de06d80b961f416069c40
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1.orig.tar.gz
Size/MD5: 306022 b8ba1d409f07edcb335ff72a27bd9828
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_4.2.1-10ubuntu0.1_all.deb
Size/MD5: 27834 f95e85a0a3bc6b8998161e4ae0e19020
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_amd64.deb
Size/MD5: 113868 20cc7d70f9c93d46772bd8a2eaceaa80
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_i386.deb
Size/MD5: 110696 c96e763f35d05965f189cf97b9d7a323
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_powerpc.deb
Size/MD5: 112594 d458759940e4a6396622b3da7866ef84
--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCSUZgDecnbV4Fd/IRAjS9AKC0yzqy0586k43l71N99PFv9KCthACfdgfL
lbL7IYj3xB63Cr+pBqA7498=
=akGo
-----END PGP SIGNATURE-----
--Q68bSM7Ycu6FN28Q--
------------------------------
End of this Digest
******************
--
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
linux-india-help mailing list
linux-india-help@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-india-help
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
