-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thijs Kinkhorst wrote: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-1573-1 > [EMAIL PROTECTED] http://www.debian.org/security/ > Thijs Kinkhorst May 11, 2008 > http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > > Package : rdesktop Vulnerability : several Problem type : > remote Debian-specific: no CVE Id(s) : CVE-2008-1801 > CVE-2008-1802 CVE-2008-1803 Debian Bug : 480133 480134 480135 > > Several remote vulnerabilities have been discovered in rdesktop, a > Remote Desktop Protocol client. The Common Vulnerabilities and > Exposures project identifies the following problems: > > CVE-2008-1801 > > Remote exploitation of an integer underflow vulnerability allows > attackers to execute arbitrary code with the privileges of the > logged-in user. > > CVE-2008-1802 > > Remote exploitation of a BSS overflow vulnerability allows > attackers to execute arbitrary code with the privileges of the > logged-in user. > > CVE-2008-1803 > > Remote exploitation of an integer signedness vulnerability allows > attackers to execute arbitrary code with the privileges of the > logged-in user. > > > For the stable distribution (etch), these problems have been fixed > in version 1.5.0-1etch2. > > For the unstable distribution (sid), these problems have been fixed > in version 1.5.0-4+cvs20071006. > > We recommend that you upgrade your rdesktop package. > > > Upgrade instructions -------------------- > > wget url will fetch the file for you dpkg -i file.deb will install > the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update will update the internal database apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 4.0 alias etch ------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.diff.gz > Size/MD5 checksum: 20213 2f0174a7cec7a431f82234c9cebaadd5 > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz > Size/MD5 checksum: 245137 433546f60fc0f201e99307ba188369ed > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.dsc > Size/MD5 checksum: 932 ea3849b040a1fecdbca046458b5c4e22 > > alpha architecture (DEC Alpha) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_alpha.deb > Size/MD5 checksum: 182160 30e6bc460bdfcc99e0d71b6171f90238 > > amd64 architecture (AMD x86_64 (AMD64)) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_amd64.deb > Size/MD5 checksum: 137356 0cefb8fb94740fbc46feae4f8d8dd888 > > arm architecture (ARM) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_arm.deb > Size/MD5 checksum: 141908 5f350550c2f54138d9fc2f7f8af24626 > > hppa architecture (HP PA RISC) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_hppa.deb > Size/MD5 checksum: 145270 9153febda46b7c6a9e892880e0eacc90 > > i386 architecture (Intel ia32) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_i386.deb > Size/MD5 checksum: 123872 608524d02a24a20f4eb4c34ae101d87c > > ia64 architecture (Intel ia64) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_ia64.deb > Size/MD5 checksum: 194538 69b2707d0ee990acd980e9dbd44d4a00 > > mipsel architecture (MIPS (Little Endian)) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_mipsel.deb > Size/MD5 checksum: 146580 c030489088218b9ef271d75c469d50f1 > > powerpc architecture (PowerPC) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_powerpc.deb > Size/MD5 checksum: 141286 dc62405a5d851c189248d23044ce17e6 > > s390 architecture (IBM S/390) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_s390.deb > Size/MD5 checksum: 144540 aa95e6306a2c643465cc4514463cd967 > > sparc architecture (Sun SPARC/UltraSPARC) > > > http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_sparc.deb > Size/MD5 checksum: 127814 7a8fd0a99fe22dd98f6bd64bdcd9ce48 > > > These files will probably be moved into the stable distribution on > its next update. > > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main Mailing list: > [EMAIL PROTECTED] Package info: `apt-cache > show <pkg>' and http://packages.debian.org/<pkg> wrong header?
Cheers -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIJxjdV8GyuTwyskMRAuuUAJ9cF5wkcTgPNy0fk3wsHsFOFcvbHwCgn6FG o8A7BbjdVEf5tfEO/bBBcs8= =U6Pz -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
