Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [SECURITY] [DSA 1622-1] New newsx packages fix arbitra

from [Thijs Kinkhorst] Network Security [Permanent Link]
Subject: [Full-disclosure] [SECURITY] [DSA 1622-1] New newsx packages fix arbitrary code execution
Date: Thu, 31 Jul 2008 10:56:14 +0200 (CEST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1622-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 31, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : newsx
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-3252
Debian Bug     : 492742

It was discovered that newsx, an NNTP news exchange utility, was affected
by a buffer overflow allowing remote attackers to execute arbitrary code
via a news article containing a large number of lines starting with a period.

For the stable distribution (etch), this problem has been fixed in version
1.6-2etch1.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 1.6-3.

We recommend that you upgrade your newsx package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.dsc
    Size/MD5 checksum:      601 a96fab9796a6947419d0fa8b116117d1
  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6.orig.tar.gz
    Size/MD5 checksum:   302553 45d7b7655c7e30c22321f41d701bb6f4
  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.diff.gz
    Size/MD5 checksum:   105510 6d0b8e91489284a99d7e3d1d1a18438a

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_alpha.deb
    Size/MD5 checksum:   179232 a1e5978150fdc4e85ae5429df50dce14

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_amd64.deb
    Size/MD5 checksum:   159000 36120414520dabbe24a603535483d627

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_arm.deb
    Size/MD5 checksum:   148522 f86262e52e3cfe57f9149cd7d03b9792

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_hppa.deb
    Size/MD5 checksum:   166048 3664074d8015308faacfdc24813cbe2e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_i386.deb
    Size/MD5 checksum:   149314 0d0223be6ec9375b11a29271e14f0ba0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_ia64.deb
    Size/MD5 checksum:   229656 d9525b17ed531e7f94bf795016559ab0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mips.deb
    Size/MD5 checksum:   169628 9902b13a40be1f8839ea6553bebda796

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mipsel.deb
    Size/MD5 checksum:   169130 082f47df05acf04de8a1590acad38124

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_powerpc.deb
    Size/MD5 checksum:   158742 f172b7b889f111cc2090082878f80816

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_s390.deb
    Size/MD5 checksum:   161132 8e5ca0412a29bd03dfbdf1dd8e88df30

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_sparc.deb
    Size/MD5 checksum:   147978 511f9a433c89f3fe114ebe04158d65ab


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSJF9zmz0hbPcukPfAQLpcgf/b+hkHHAgxRqfcHtb4bcXLFl4ZQdoue4h
kMerbdNuJugmcnhzay6cFbyvh/2iH4cmHQ00dqJF5XO+QwFGFqC3j6UTao9U66j6
6NU7zIvqxOGHJgDcpyZR+faSz4EdWfcJrM8byNj8oZaeOBSLFmDRRk9ud8mzzOg1
tCX4zoHZPOZ7VCQN86DOQ17qv/qp0KWzEoN/IDbQfpwFu+3QOf5hOIIW/bmOWxEZ
n+P1sdxLWOSNxC8tD0LuUQj4Egm25j5j71bJL9fdhXvCwO4cwbIH5BZZ0/zeulgB
gyEDtmPXiz64G2XJiOJa1wU9HUE6HuoRTbpShVC11NdryvabQBnb1Q==
=GJat
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [SECURITY] [DSA 1622-1] New newsx packages fix arbitrary code execution, Thijs Kinkhorst <=
Previous by Date:  [Full-disclosure] rPSA-2008-0241-1 openssl openssl-scripts, rPath Update Announcements
Next by Date:  Re: [Full-disclosure] Tool: PorkBind Nameserver Security Scanner, Jost Krieger
Previous by Thread:  [Full-disclosure] rPSA-2008-0241-1 openssl openssl-scripts, rPath Update Announcements
Next by Thread:  [Full-disclosure] Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow, Secunia Research
Indexes:  [Date] [Thread] [Top] [All Lists]