lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 Jan 2010 18:25:45 +0100 (CET)
From: (Steffen Joeris)
Subject: [SECURITY] [DSA 1982-1] New hybserv packages fix denial of service

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1982-1                              Steffen Joeris
January 29, 2010            
- ------------------------------------------------------------------------

Package        : hybserv
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2010-0303
Debian Bug     : 550389

Julien Cristau discovered that hybserv, a daemon running IRC services
for IRCD-Hybrid, is prone to a denial of service attack via the commands

For the stable distribution (lenny), this problem has been fixed in
version 1.9.2-4+lenny2.

Due to a bug in the archive system, it is not possible to release the
fix for the oldstable distribution (etch) simultaneously. Therefore,
etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.2-4.1.

We recommend that you upgrade your hybserv packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   418829 b0ebd0027c2b858ef8db6f06ac0d284b
    Size/MD5 checksum:     1000 1e53e47576f3165f8dff86114b5fbf9d
    Size/MD5 checksum:    12958 5af569d594f3208c96a3e02ee84ec4ba

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   237022 019c98668edd92146beb14cafe275e1d

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   231134 19d0a065dce4f37dba188c114d0d9a23

arm architecture (ARM)
    Size/MD5 checksum:   212804 71c8f8d108effc0576f58cd4f4397d9a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   233400 ec2a527b697dcf1be0c80b3a2622fa42

i386 architecture (Intel ia32)
    Size/MD5 checksum:   210102 3e6afd1df128671cf09fb5ccc0ad475b

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   308362 57b37a7aad8fbdcf803086dc4284798c

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   227240 159f0509fdf4bb3287cdbb4d3fe6415a

powerpc architecture (PowerPC)
    Size/MD5 checksum:   229634 88cdd43d25c11741f33700518a13e16b

s390 architecture (IBM S/390)
    Size/MD5 checksum:   222108 92f96bb22103eac2d1a0f6787329f95f

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.10 (GNU/Linux)


Powered by blists - more mailing lists