If you gate debian security announcement into your ticketing system, please don't send auto-acks to debian-security.
thanks -- vbi On Thursday 28 October 2004 09.19, you wrote: > Greetings, > > Please do not reply to this automatically generated email. > > Thank you for your message to fx.net.nz. The ticket number > for this matter is 457. You can automatically > trace this matter at crm.fx.net.nz using the ticket number. > If you are checking via email, then please include the string: > > [fx.net.nz #457] in the subject line > > Also please quote this number in any correspondence. > > Thank you, > The [EMAIL PROTECTED] team. > > ------------------------------------------------------------------------- > ------------------------------------------------------------------------- >- Debian Security Advisory DSA 574-1 > [EMAIL PROTECTED] http://www.debian.org/security/ > Martin Schulze October 28th, 2004 > http://www.debian.org/security/faq > ------------------------------------------------------------------------- >- > > Package : cabextract > Vulnerability : missing directory sanitising > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2004-0916 > Debian Bug : 277522 > > The upstream developers discovered a problem in cabextract, a tool to > extract cabinet files. The program was able to overwrite files in > upper directories. This could lead an attacker to overwrite arbitrary > files. > > For the stable distribution (woody) this problem has been fixed in > version 0.2-2b. > > For the unstable distribution (sid) this problem has been fixed in > version 1.1-1. > > We recommend that you upgrade your cabextract package. > > > Upgrade Instructions > -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b.dsc Size/MD5 checksum: 568 72c81704917abe1f37ae4694392c97e3 > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b.diff.gz Size/MD5 checksum: 2314 d31e74e1186f00a60dc944bec28829f9 > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2. >orig.tar.gz Size/MD5 checksum: 66136 8f59514ec67cfb43658c57c67c864b74 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_alpha.deb Size/MD5 checksum: 20344 2eba57f87ea2348e3e0322eb5d7ce3a5 > > ARM architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_arm.deb Size/MD5 checksum: 16514 0c1b72dfef4454c9a4140d4728b6d56d > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_i386.deb Size/MD5 checksum: 15054 f0b5a915d31a51dbad5df5163c326204 > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_ia64.deb Size/MD5 checksum: 23934 7a180cb2c7321533839d88edfde0664e > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_hppa.deb Size/MD5 checksum: 17784 50e507a1108c883a550f6b14b01238be > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_m68k.deb Size/MD5 checksum: 15034 e576be7c48a6217bc3d04f850b622ea9 > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_mips.deb Size/MD5 checksum: 17948 427396df5074b07059f35d1603512423 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_mipsel.deb Size/MD5 checksum: 17884 de2d86ebeb9fdcaf58f99e403ca4ba86 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_powerpc.deb Size/MD5 checksum: 16572 > f087bc23f1a5ff782ad4a15563482af0 > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_s390.deb Size/MD5 checksum: 16658 44e78328ade15ef1b71fe5fec2738bc7 > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2- >2b_sparc.deb Size/MD5 checksum: 18692 ad98229293a9a753db5d371cab657d06 > > > These files will probably be moved into the stable distribution on > its next update. > > ------------------------------------------------------------------------- >-------- For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main Mailing list: > [EMAIL PROTECTED] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] with a subject of > "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Oops You can view this issue online if you are customer of FX, at http://crm.fx.net.nz/Ticket/Display.html?id=457
pgpybJd55Eb9U.pgp
Description: PGP signature
