lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1CFYNf-000okRC__44094.2577239641$1097165478$gmane$org@finlandia.Infodrom.North.DE>
Date: Thu, 7 Oct 2004 15:32:27 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 560-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
October 7th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : lesstif1-1
Vulnerability  : integer and stack overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0687 CAN-2004-0688
CERT advisory  : VU#537878 VU#882750

Chris Evans discovered several stack and integer overflows in the
libXpm library which is included in LessTif.

For the stable distribution (woody) this problem has been fixed in
version 0.93.18-5.

For the unstable distribution (sid) this problem has been fixed in
version 0.93.94-10.

We recommend that you upgrade your lesstif packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18-5.dsc
      Size/MD5 checksum:      692 a1757aae53924ec16a8582d60acfa5ec
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18-5.diff.gz
      Size/MD5 checksum:    18115 9fa1574040e20fcc8f9db88b142dfd5d
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18.orig.tar.gz
      Size/MD5 checksum:  3600427 74bce66719adb680009f145ef801bce2

  Architecture independent components:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-doc_0.93.18-5_all.deb
      Size/MD5 checksum:   339348 86aaf17c6eccbac85ec4e194b62d05b7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_alpha.deb
      Size/MD5 checksum:   183756 aaa375321301bf45ec95fcd7e376a925
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_alpha.deb
      Size/MD5 checksum:  7399496 6c8839d9a882ccaf3bc99d6c88685b41
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_alpha.deb
      Size/MD5 checksum:  1100714 fc5b0393ea458073ffd29eddcae4dd0d
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_alpha.deb
      Size/MD5 checksum:   713120 e9bd9d63307eef50c29a1fc48f9f1e1e

  ARM architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_arm.deb
      Size/MD5 checksum:   158462 0bb887e815c83842d879be197e41c426
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_arm.deb
      Size/MD5 checksum:  6214936 86810e278a8c46a27cb98ee0444b1024
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_arm.deb
      Size/MD5 checksum:   894320 d94f7f15ade5cc03e0ac419a921fa335
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_arm.deb
      Size/MD5 checksum:   620784 78d6a08103ad50220119de9bdd218acc

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_i386.deb
      Size/MD5 checksum:   148112 c464f618bda90bcfc8ddf09d59070c4b
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_i386.deb
      Size/MD5 checksum:  5954758 300ea20ec0af04d67aecd0a9e68cccbb
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_i386.deb
      Size/MD5 checksum:   738430 fa48592fe8b3b345e4df8c56ec4e8b10
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_i386.deb
      Size/MD5 checksum:   536492 ca45180dbbaf3537e2aad5405942ac17

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_ia64.deb
      Size/MD5 checksum:   222072 6b1def7a98cd201e991dae273b93988a
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_ia64.deb
      Size/MD5 checksum: 10756100 fb15b36bd10dcffe1fdcc5b2658d430a
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_ia64.deb
      Size/MD5 checksum:  1249232 f4c80e2ce686e59fc9f5960674059c30
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_ia64.deb
      Size/MD5 checksum:   944234 4e78634a4c817273d5c293590708548d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_hppa.deb
      Size/MD5 checksum:   172516 63e479b669cf3b38f9d4c62c75ca5d3c
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_hppa.deb
      Size/MD5 checksum:  6313042 62f017141dc0c3fe4748472f825588db
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_hppa.deb
      Size/MD5 checksum:  1008430 8c34690e5f70886daf81a8fef2f451a1
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_hppa.deb
      Size/MD5 checksum:   723070 0a38a179efc3fe6009796b539f49cb64

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_m68k.deb
      Size/MD5 checksum:   141456 10da8908854abbb0c98d1a95207626a4
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_m68k.deb
      Size/MD5 checksum:  6076914 42ce3b01e32ac3ca9cf3900d7927938d
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_m68k.deb
      Size/MD5 checksum:   712328 9b6fc7bb8e15d6c5967fa880a3302316
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_m68k.deb
      Size/MD5 checksum:   532364 50f567b4cd787a935f0decea5b3b7141

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_mips.deb
      Size/MD5 checksum:   170248 eea62a3e4b445ca3755d364ea5c7b097
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_mips.deb
      Size/MD5 checksum:  7144190 6d8bb7146c18e45682044e875740ec86
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_mips.deb
      Size/MD5 checksum:   938112 4b291f18eb34a21a967a0aa052a433df
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_mips.deb
      Size/MD5 checksum:   592742 a9295f6110af40b67057701950ab367c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_mipsel.deb
      Size/MD5 checksum:   169158 d110da7fced1a57038be236d0b81ef4f
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_mipsel.deb
      Size/MD5 checksum:  6904756 237e7efdab8bd85abbf159efce715817
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_mipsel.deb
      Size/MD5 checksum:   934608 e0e2fbaa3892e373bd6586df59f90f53
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_mipsel.deb
      Size/MD5 checksum:   585130 5572e58387954127dd5e7e7c78bb3a29

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_powerpc.deb
      Size/MD5 checksum:   157670 d9a39f6138425b73745adbb77c4d5482
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_powerpc.deb
      Size/MD5 checksum:  6233274 5cf38ef3779dab2b224d5e79fa2c4997
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_powerpc.deb
      Size/MD5 checksum:   899064 eda6deb97f58702ceef1286953aa1c3e
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_powerpc.deb
      Size/MD5 checksum:   616680 c2814eb4ca67f3bec571fd2e6bae55dd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_s390.deb
      Size/MD5 checksum:   156348 deff9c2433184aa5276b0cc9b10a6fa2
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_s390.deb
      Size/MD5 checksum:  6192754 42b8296ce9e90a70a250d1279ff9277f
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_s390.deb
      Size/MD5 checksum:   797050 860d1bd8aa96e531a2f7a9c88aee6ad7
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_s390.deb
      Size/MD5 checksum:   618298 63d480480acba05a1e1bbc6e54f18998

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_sparc.deb
      Size/MD5 checksum:   154114 c694390b6176b315c44e64cc247c2dc5
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_sparc.deb
      Size/MD5 checksum:  6195404 32a85c66271baf22813f17c586207d6c
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_sparc.deb
      Size/MD5 checksum:   834710 7863befa290ccf691640d44bd7b569b1
    http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_sparc.deb
      Size/MD5 checksum:   602214 41f094d53f20658690c295b60a8b7177


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBZUVrW5ql+IAeqTIRApGrAJ9PNYlVNab7d7wwNgAVRMWDMfuz5wCeKz+E
9XAptj3+eWdOJUqOXlbkfgk=
=vppc
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ