2 advisory per Debian Linux
Esistono dei problemi di security che affliggono la versione 1.3 e 2.0 di
Debian Linux. Il primo (per la 1.3) e' un bug del package ftpwatch che
permetterebbe di acquisire privilegi di root e il secondo (per la
2.0) riguarda il bootp server e l'ftp client. Di seguito sono indicate le
azioni da intraprendere.
-----BEGIN PGP SIGNED MESSAGE-----
We have found that the ftpwatch package as distributed in Debian
GNU/Linux 1.3 and later distributions has a security problem which makes
it trivial for users to gain root access.
We recommend that you remove the ftpwatch package immediately.
We will be working on a new version of ftpwatch to address these issues and
will announce that in a new advisory.
- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBNqHg66jZR/ntlUftAQGzgQL8DNAvGsGP3T3oMOuEBlJ2Tu3XkoE8x88e
olp7AML4hjCna/y14uoa+nUsekcZR4uaDoz3pPI+gir4YwA0FP9siwNafTC1Hjj6
nh+5/l0tIjko01xEzr4d9glLG4ygKOJD
=bm2E
-----END PGP SIGNATURE-----
-------------------------------------------------------------------
We have received reports that the netstd suffered from two buffer
overflows. The first problem is an exploitable buffer overflow in the
bootp server. The second problem is an overflow in the FTP client. Both
problems are fixed in a new netstd package, version 3.07-2hamm.4 .
We recommend you upgrade your netstd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian was released only for the Intel and the
Motorola 680x0 architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/stable/main/source/net/netstd_3.07.orig.tar.gz
MD5 checksum: 6f594f125f6eaa168e00c3b2234c34cc
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.diff.gz
MD5 checksum: 157a50142e263a6add4f128e8c40cb74
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.dsc
MD5 checksum: eb6548e15741214ab1d16f55a0b2b53b
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_i386.deb
MD5 checksum: 09e42bdecf569362df94be850605645b
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_m68k.deb
MD5 checksum: a66b5da8f54d382eaaa53586b498c302
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze