Please take me off the list
----- Original Message ----- From: "Raj Mathur" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 7:35 AM Subject: [ilugd] (fwd) [SECURITY] [DSA-354-1] New xconq packages fix bufferoverflows > [Please upgrade if you play xconq on any distribution -- Raju] > > This is an RFC 1153 digest. > (1 message) > ---------------------------------------------------------------------- > > Message-ID: <[EMAIL PROTECTED]> > From: [EMAIL PROTECTED] > Sender: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] [SECURITY] [DSA-354-1] New xconq packages fix buffer overflows > Date: Tue, 29 Jul 2003 19:33:10 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ -- > Debian Security Advisory DSA 354-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Matt Zimmerman > July 29th, 2003 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ -- > > Package : xconq > Vulnerability : buffer overflows > Problem-Type : local > Debian-specific: no > CVE Ids : CAN-2003-0607 > > Steve Kemp discovered a buffer overflow in xconq, in processing the > USER environment variable. In the process of fixing this bug, a > similar problem was discovered with the DISPLAY environment > variable. This vulnerability could be exploited by a local attacker > to gain gid 'games'. > > For the current stable distribution (woody) this problem has been fixed > in version 7.4.1-2woody2. > > For the unstable distribution (sid) this problem will be fixed soon. > Refer to Debian bug #202963. > > We recommend that you update your xconq package. > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Source archives: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.dsc > Size/MD5 checksum: 659 21842c8a96442ba3fb5339485c8bc83e > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.dif f.gz > Size/MD5 checksum: 36648 4ad0be0f65d303d85cd15c7b3a0ba2aa > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1.orig.tar.gz > Size/MD5 checksum: 3401768 2b3eaa6ae341f64d32a4d8c361aa0456 > > Architecture independent components: > > http://security.debian.org/pool/updates/main/x/xconq/xconq-common_7.4.1-2woo dy2_all.deb > Size/MD5 checksum: 1243930 a5bf65b7a6f969cc6ea892dcb5561442 > http://security.debian.org/pool/updates/main/x/xconq/xconq-doc_7.4.1-2woody2 _all.deb > Size/MD5 checksum: 1279490 6ad1a14bece922518105dc59e3dec3a2 > > Alpha architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_alp ha.deb > Size/MD5 checksum: 765484 901f3fa5491b5ca3cb6e9c6777d7d7fd > > ARM architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_arm .deb > Size/MD5 checksum: 662772 40e6eebdbc310e9aa41f8d5fa703c42d > > Intel IA-32 architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_i38 6.deb > Size/MD5 checksum: 591832 882d76656a399ff29d682926177eaf18 > > Intel IA-64 architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_ia6 4.deb > Size/MD5 checksum: 1234652 15e58939c9fa6730791ae857432e30e5 > > HP Precision architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_hpp a.deb > Size/MD5 checksum: 647046 59f689429d17a95858157d71ebbabdfe > > Motorola 680x0 architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_m68 k.deb > Size/MD5 checksum: 545314 4f792331fd5a376676e5992b6d7523ee > > Big endian MIPS architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mip s.deb > Size/MD5 checksum: 693316 0e3a8eff3df06a5612d79f49a8a1eab7 > > Little endian MIPS architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mip sel.deb > Size/MD5 checksum: 690160 03a263baebbcaef62ef0ccf329ccc874 > > PowerPC architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_pow erpc.deb > Size/MD5 checksum: 585610 68313a2e1e5a5a1e8b66883894f296e9 > > IBM S/390 architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_s39 0.deb > Size/MD5 checksum: 587336 ef95a0305f193e14ebfcc086381a15f1 > > Sun Sparc architecture: > > http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_spa rc.deb > Size/MD5 checksum: 604292 632d2a38d285c3aea6ca240f9bd9329c > > These files will probably be moved into the stable distribution on > its next revision. > > - ------------------------------------------------------------------------ --------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > > iD8DBQE/JwP4ArxCt0PiXR4RAoh8AJ9Y+CvdSuZw6jqXn0k1PQW5gmTiXgCfb3+x > TkFr+RGj9ZiT9yAJqxh77N0= > =Zo82 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ------------------------------ > > End of this Digest > ****************** > > -- > Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ > GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F > It is the mind that moves > > _______________________________________________ > ilugd mailing list > [EMAIL PROTECTED] > http://frodo.hserus.net/mailman/listinfo/ilugd > > _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
