lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040404051635.GA799__9188.65835196829$1081179525@alcor.net>
Date: Sat, 3 Apr 2004 21:16:35 -0800
From: Matt Zimmerman <mdz@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 472-1] New fte packages fix buffer overflows


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 472-1                     security@...ian.org
http://www.debian.org/security/                             Matt Zimmerman
April 3rd, 2004                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : fte
Vulnerability  : several
Problem-Type   : buffer overflows
Debian-specific: no
CVE Ids        : CAN-2003-0648
Debian bug     : #203871

Steve Kemp and Jaguar discovered a number of buffer overflow
vulnerabilities in vfte, a version of the fte editor which runs on the
Linux console, found in the package fte-console.  This program is
setuid root in order to perform certain types of low-level operations
on the console.

Due to these bugs, setuid privilege has been removed from vfte, making
it only usable by root.  We recommend using the terminal version (in
the fte-terminal package) instead, which runs on any capable terminal
including the Linux console.

For the stable distribution (woody) these problems have been fixed in
version 0.49.13-15woody1.

For the unstable distribution (sid) these problems have been fixed in
version 0.50.0-1.1.

We recommend that you update your fte package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.dsc
      Size/MD5 checksum:      609 4ce3f8d5ce68e70d8f5800171eb3b4b2
    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.tar.gz
      Size/MD5 checksum:   559912 4e35205cf4256fbac041ba290e633f30

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_alpha.deb
      Size/MD5 checksum:    74102 83dedc8a780725dbe8073b081a653828
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_alpha.deb
      Size/MD5 checksum:   199602 ab0c0c86670e4f2f64651f52f7a0403a
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_alpha.deb
      Size/MD5 checksum:   122700 7be26dee16c2d2938b4f8273562c56b3
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_alpha.deb
      Size/MD5 checksum:   197942 5d6ee59128a9360e1c0dc62805c0e100
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_alpha.deb
      Size/MD5 checksum:   207180 b85e97f12de35cee17d68ede3e933ba2

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_arm.deb
      Size/MD5 checksum:    71608 5e8d77bf80748f3607a99301d111c507
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_arm.deb
      Size/MD5 checksum:   150768 22e3b88059d61140e81222a043bc0e55
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_arm.deb
      Size/MD5 checksum:   122718 e99955a854dbd95537b885921d2b20b5
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_arm.deb
      Size/MD5 checksum:   148560 022486dd73f78054855e55efe3a90b3b
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_arm.deb
      Size/MD5 checksum:   156664 86d50122eb5b823bcb30a1d37ba351c5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_i386.deb
      Size/MD5 checksum:    71626 16729e271bb38948ae89ba3766dc8491
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_i386.deb
      Size/MD5 checksum:   141516 1645111f30e339cbed6ef4bb13cb803f
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_i386.deb
      Size/MD5 checksum:   124322 d8fd1efd66cd696a88c6e403bdff0d2b
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_i386.deb
      Size/MD5 checksum:   140162 ff1d2c613b40834b5f23411a61560ead
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_i386.deb
      Size/MD5 checksum:   146778 385b06d99a0150e187dd98e94e29fe36

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_ia64.deb
      Size/MD5 checksum:    78128 c6eb92920b98887390928b1655502b9d
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_ia64.deb
      Size/MD5 checksum:   264434 d2ac6731be692ba2498107ef5d9cc6bc
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_ia64.deb
      Size/MD5 checksum:   122696 9ae248e75e671bc03a2964e3b7bb2cae
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_ia64.deb
      Size/MD5 checksum:   261032 2e18827c056d7f99993db4d0bebfe4fb
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_ia64.deb
      Size/MD5 checksum:   273122 60b262caccd4290008e40cb149b8301e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_hppa.deb
      Size/MD5 checksum:    73998 ac99b815a02e58311c53e1f8cb068c1c
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_hppa.deb
      Size/MD5 checksum:   207580 4ac741368c8ee3c9951c038a4eec914c
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_hppa.deb
      Size/MD5 checksum:   122706 d651c44366bda7660ad08b9c346c7a2e
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_hppa.deb
      Size/MD5 checksum:   205592 e52154184595ef322973d5f95772863c
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_hppa.deb
      Size/MD5 checksum:   214532 2e6bd1b6e35b6e5c84574495262698dc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_m68k.deb
      Size/MD5 checksum:    70378 6655c66baab59b983f77f30ef3f16bb3
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_m68k.deb
      Size/MD5 checksum:   126710 f69dcd049d92ff4dac8494989c5cbede
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_m68k.deb
      Size/MD5 checksum:   122714 aadab6ad515ec1acfc39044cfc3d6c5b
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_m68k.deb
      Size/MD5 checksum:   125352 e6c5588ebd0808b3069ac09b1a8e7c7f
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_m68k.deb
      Size/MD5 checksum:   131720 2c15fec4f2e5234907a2e78f63f2cf8d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mips.deb
      Size/MD5 checksum:    71976 edf9be1182ff20fb63c34dd7bca5911d
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mips.deb
      Size/MD5 checksum:   189068 a58b831e5b5dcce139df5243ab9cfab9
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mips.deb
      Size/MD5 checksum:   122808 2a9de827c427cd7b44223096c1b6fa53
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mips.deb
      Size/MD5 checksum:   186822 f68f2e7bc58495a3d7a87e449e14ea7f
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mips.deb
      Size/MD5 checksum:   195160 47c26ca11949aad7dcbe5c7c1c6dff20

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mipsel.deb
      Size/MD5 checksum:    71926 65757722fa2cb9df9e6139037bd7603b
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mipsel.deb
      Size/MD5 checksum:   188276 8de060e1f996b7aa6847180430286c3b
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mipsel.deb
      Size/MD5 checksum:   122690 f7f79c453c5b94f111a3aa73c17dc9c0
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mipsel.deb
      Size/MD5 checksum:   186174 3c1cda10c450f4694a950bfb3d818876
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mipsel.deb
      Size/MD5 checksum:   194628 b9bde5aa9ac546bc44dc7c3e73cc65a8

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_powerpc.deb
      Size/MD5 checksum:    72144 f2e256f4e7802a8c65f4f0159d27851a
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_powerpc.deb
      Size/MD5 checksum:   153434 f6b1ad3a7e77af9daac9114f00e62b7c
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_powerpc.deb
      Size/MD5 checksum:   122704 20fa2128e9d5d6456cfafe399d876d9e
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_powerpc.deb
      Size/MD5 checksum:   151558 716c7bcdefe356a338341c08fcf4ea59
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_powerpc.deb
      Size/MD5 checksum:   159448 2b7e59957df4ff0d66bf46b481c0de46

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_s390.deb
      Size/MD5 checksum:    70960 e9d119f457361dc983eab526ad826143
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_s390.deb
      Size/MD5 checksum:   149092 5012101938d0597fc421ac09c2b10c66
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_s390.deb
      Size/MD5 checksum:   122702 0a6176acf340fc75396c89d64e891675
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_s390.deb
      Size/MD5 checksum:   147520 8245176bfb3c5ffaa1aff525ddc9f50b
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_s390.deb
      Size/MD5 checksum:   155422 cca9f5f4fdafcb89bdee5afb117bf125

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_sparc.deb
      Size/MD5 checksum:    72158 26de448213afdbaf9dae2920448f7370
    http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_sparc.deb
      Size/MD5 checksum:   142988 1612dd5fc622aeb1de19dbec8840e457
    http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_sparc.deb
      Size/MD5 checksum:   122710 1c3903d536725137443aa9680cd3500f
    http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_sparc.deb
      Size/MD5 checksum:   141242 0c7d30f936f0f86e11beea711977fb77
    http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_sparc.deb
      Size/MD5 checksum:   149172 5723b04f45c2d3a8ed480c34a683af34

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAb5ohArxCt0PiXR4RAiFzAJ9fmHuMD68iw2eEYI2WTpY3u9ol3QCcC6xy
Y00d4Fd8MKjBCr8+c2oVeUs=
=nnVM
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ