[Please upgrade if you run nd on any distribution -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [SECURITY] [DSA 412-1] New nd packages fix buffer overflows Date: Tue, 6 Jan 2004 00:13:44 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 412-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman January 5th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nd Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0014 Multiple vulnerabilities were discovered in nd, a command-line WebDAV interface, whereby long strings received from the remote server could overflow fixed-length buffers. This vulnerability could be exploited by a remote attacker in control of a malicious WebDAV server to execute arbitrary code if the server was accessed by a vulnerable version of nd. For the current stable distribution (woody) this problem has been fixed in version 0.5.0-1woody1. For the unstable distribution (sid) this problem has been fixed in version 0.8.2-1. We recommend that you update your nd package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.dsc Size/MD5 checksum: 566 d2e27c164d3544a251804570379eb44c http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.diff.gz Size/MD5 checksum: 3533 4a7b92e2df684bf7f312e3a827764671 http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0.orig.tar.gz Size/MD5 checksum: 52117 d07741e6323fdeb38a6b4549bca02c53 Alpha architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_alpha.deb Size/MD5 checksum: 20650 c67cd2e49a3a61649ce5a452d55b05eb ARM architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_arm.deb Size/MD5 checksum: 18072 3837139e2a5beba99b59984bb748315d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_i386.deb Size/MD5 checksum: 17314 5edd55545dc4a923333a67aea035e095 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_ia64.deb Size/MD5 checksum: 24434 a538a442a1bb1b7c1cd5ee64096a3a1b HP Precision architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_hppa.deb Size/MD5 checksum: 20862 92c12defa016b8a577ddf4fb1d80fdc3 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_m68k.deb Size/MD5 checksum: 16622 f61ea0df91f69157ef653b406af90871 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mips.deb Size/MD5 checksum: 19466 d4d60babdecee2e7612410eb8670b9df Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mipsel.deb Size/MD5 checksum: 19470 e9a1e61cd15011fe1a30da782d3c7da9 PowerPC architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_powerpc.deb Size/MD5 checksum: 18204 fb699d5bb90844990c52495f3863ccfe IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_s390.deb Size/MD5 checksum: 18212 65c7e34f77ddf46ebc4d10656772d055 Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_sparc.deb Size/MD5 checksum: 17420 6d172963ca07e2e6ca0a1ab2bf59f67a These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQE/+m4NArxCt0PiXR4RAvZMAJ4jUgn+mVxT3hJuX4rUP0za5gPuBACgvY62 O+FlgwAMRnktJdDH5h5Q3Ac= =mQ79 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
