Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [SECURITY] [DSA 1186-1] New cscope packages fix arbitr

from [Moritz Muehlenhoff] Network Security [Permanent Link]
Subject: [Full-disclosure] [SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution
Date: Sat, 30 Sep 2006 15:42:37 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1186-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 30th, 2006                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cscope
Vulnerability  : buffer overflows
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-4262
Debian Bug     : 385893

Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version cscope_15.5-1.1sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 15.5+cvs20060902-1.

We recommend that you upgrade your cscope package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.dsc
      Size/MD5 checksum:      597 288d126f1a8e75401bec5758d21fca6e
    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.diff.gz
      Size/MD5 checksum:    22685 efce07e2dbfdba7329ec88a143c811ad
    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5.orig.tar.gz
      Size/MD5 checksum:   243793 beb6032a301bb11524aec74bfb5e4840

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_alpha.deb
      Size/MD5 checksum:   164514 0a49e059085c6b7935d19ade91441abf

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_amd64.deb
      Size/MD5 checksum:   152934 a10ede3f65739ef21806fd2eb139c572

  ARM architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_arm.deb
      Size/MD5 checksum:   147224 05f695127f6fcc7a934a4835c18d215c

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_hppa.deb
      Size/MD5 checksum:   158482 faf5225195dcb6b89fb22711ff45547e

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_i386.deb
      Size/MD5 checksum:   143350 94dda40490e976fb3ba9a7aac7ea92d7

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_ia64.deb
      Size/MD5 checksum:   181116 52a1b55bcaa05bfe5731e53c14316620

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_m68k.deb
      Size/MD5 checksum:   140118 762aebb7ffbdee7c6787c750b53cd02e

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mips.deb
      Size/MD5 checksum:   157354 87e2ffcf7dc6ebc10523391b29e1ab27

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mipsel.deb
      Size/MD5 checksum:   155750 a566cbfcd6689dca81b8730148f59965

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_powerpc.deb
      Size/MD5 checksum:   154680 2a959a398cff553b7a7c51ce554b516e

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_s390.deb
      Size/MD5 checksum:   154500 6dd06b7d5ba9b119a1daf0f23fc65d79

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_sparc.deb
      Size/MD5 checksum:   148314 585ad5bb0f6e591e7f54ce8c147d1cfb


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFHnQXXm3vHE4uyloRApoOAJ0R5RwpS5X9HrDUfThRjPkttc9rSACgm/v4
XIfAMzASymPZv4x0KNZWrkU=
=1IlY
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff <=
Previous by Date:  Re: [Full-disclosure] Could InfoSec be Worse than Death?, Pavel Kankovsky
Next by Date:  Re: [Full-disclosure] [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Chris Hofmann
Previous by Thread:  [Full-disclosure] Stealing Search Engine Queries with JavaScript, PERFECT.MATERIAL
Next by Thread:  [Full-disclosure] [MU-200609-01] Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP, noreply
Indexes:  [Date] [Thread] [Top] [All Lists]