Please take me off the list

----- Original Message -----
From: "Raj Mathur" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 7:35 AM
Subject: [ilugd] (fwd) [SECURITY] [DSA-354-1] New xconq packages fix
bufferoverflows


> [Please upgrade if you play xconq on any distribution -- Raju]
>
> This is an RFC 1153 digest.
> (1 message)
> ----------------------------------------------------------------------
>
> Message-ID: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> Sender: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] [SECURITY] [DSA-354-1] New xconq packages fix
buffer overflows
> Date: Tue, 29 Jul 2003 19:33:10 -0400
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
--
> Debian Security Advisory DSA 354-1                     [EMAIL PROTECTED]
> http://www.debian.org/security/                             Matt Zimmerman
> July 29th, 2003                         http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
--
>
> Package        : xconq
> Vulnerability  : buffer overflows
> Problem-Type   : local
> Debian-specific: no
> CVE Ids        : CAN-2003-0607
>
> Steve Kemp discovered a buffer overflow in xconq, in processing the
> USER environment variable.  In the process of fixing this bug, a
> similar problem was discovered with the DISPLAY environment
> variable.  This vulnerability could be exploited by a local attacker
> to gain gid 'games'.
>
> For the current stable distribution (woody) this problem has been fixed
> in version 7.4.1-2woody2.
>
> For the unstable distribution (sid) this problem will be fixed soon.
> Refer to Debian bug #202963.
>
> We recommend that you update your xconq package.
>
> Upgrade Instructions
> - --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
>   Source archives:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.dsc
>       Size/MD5 checksum:      659 21842c8a96442ba3fb5339485c8bc83e
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.dif
f.gz
>       Size/MD5 checksum:    36648 4ad0be0f65d303d85cd15c7b3a0ba2aa
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1.orig.tar.gz
>       Size/MD5 checksum:  3401768 2b3eaa6ae341f64d32a4d8c361aa0456
>
>   Architecture independent components:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq-common_7.4.1-2woo
dy2_all.deb
>       Size/MD5 checksum:  1243930 a5bf65b7a6f969cc6ea892dcb5561442
>
http://security.debian.org/pool/updates/main/x/xconq/xconq-doc_7.4.1-2woody2
_all.deb
>       Size/MD5 checksum:  1279490 6ad1a14bece922518105dc59e3dec3a2
>
>   Alpha architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_alp
ha.deb
>       Size/MD5 checksum:   765484 901f3fa5491b5ca3cb6e9c6777d7d7fd
>
>   ARM architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_arm
.deb
>       Size/MD5 checksum:   662772 40e6eebdbc310e9aa41f8d5fa703c42d
>
>   Intel IA-32 architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_i38
6.deb
>       Size/MD5 checksum:   591832 882d76656a399ff29d682926177eaf18
>
>   Intel IA-64 architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_ia6
4.deb
>       Size/MD5 checksum:  1234652 15e58939c9fa6730791ae857432e30e5
>
>   HP Precision architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_hpp
a.deb
>       Size/MD5 checksum:   647046 59f689429d17a95858157d71ebbabdfe
>
>   Motorola 680x0 architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_m68
k.deb
>       Size/MD5 checksum:   545314 4f792331fd5a376676e5992b6d7523ee
>
>   Big endian MIPS architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mip
s.deb
>       Size/MD5 checksum:   693316 0e3a8eff3df06a5612d79f49a8a1eab7
>
>   Little endian MIPS architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mip
sel.deb
>       Size/MD5 checksum:   690160 03a263baebbcaef62ef0ccf329ccc874
>
>   PowerPC architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_pow
erpc.deb
>       Size/MD5 checksum:   585610 68313a2e1e5a5a1e8b66883894f296e9
>
>   IBM S/390 architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_s39
0.deb
>       Size/MD5 checksum:   587336 ef95a0305f193e14ebfcc086381a15f1
>
>   Sun Sparc architecture:
>
>
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_spa
rc.deb
>       Size/MD5 checksum:   604292 632d2a38d285c3aea6ca240f9bd9329c
>
>   These files will probably be moved into the stable distribution on
>   its next revision.
>
> - ------------------------------------------------------------------------
---------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
> Mailing list: [EMAIL PROTECTED]
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQE/JwP4ArxCt0PiXR4RAoh8AJ9Y+CvdSuZw6jqXn0k1PQW5gmTiXgCfb3+x
> TkFr+RGj9ZiT9yAJqxh77N0=
> =Zo82
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> ------------------------------
>
> End of this Digest
> ******************
>
> --
> Raj Mathur                [EMAIL PROTECTED]      http://kandalaya.org/
>        GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
>                       It is the mind that moves
>
> _______________________________________________
> ilugd mailing list
> [EMAIL PROTECTED]
> http://frodo.hserus.net/mailman/listinfo/ilugd
>
>


_______________________________________________
ilugd mailing list
[EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd

Reply via email to