lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070622213923.GA23048@galadriel.inutil.org>
Date: Fri, 22 Jun 2007 23:39:23 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1318-1] New ekg packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1318-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
June 22nd, 2007                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ekg
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665

Several remote vulnerabilities have been discovered in ekg, a console
Gadu Gadu client. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2005-2370

    It was discovered that memory alignment errors may allow remote
    attackers to cause a denial of service on certain architectures
    such as sparc. This only affects Debian Sarge.

CVE-2005-2448

    It was discovered that several endianess errors may allow remote
    attackers to cause a denial of service. This only affects 
    Debian Sarge.

CVE-2007-1663

    It was discovered that a memory leak in handling image messages may
    lead to denial of service. This only affects Debian Etch.

CVE-2007-1664

    It was discovered that a null pointer deference in the token OCR code
    may lead to denial of service. This only affects Debian Etch.

CVE-2007-1665

    It was discovered that a memory leak in the token OCR code may lead
    to denial of service. This only affects Debian Etch.

For the oldstable distribution (sarge) these problems have been fixed in
version 1.5+20050411-7. This updates lacks updated packages for the m68k
architecture. They will be provided later.

For the stable distribution (etch) these problems have been fixed
in version 1:1.7~rc2-1etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1:1.7~rc2-2.

We recommend that you upgrade your ekg packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc
      Size/MD5 checksum:      755 c13c5003913b5a6826a2318ff6457466
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz
      Size/MD5 checksum:    43213 bbcdcf5b7acf8df37c6557fb3caf65f2
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
      Size/MD5 checksum:   495079 bc246779de6f6c97f289e60b60db6c14

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:   313386 5f9e1df11e20416d456550fbc7272b6b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:   154124 fbfb2b2dac00fd0b8f8d520a034808e1
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:    70480 bbc1774ca41b284d7077075b2e54e094

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:   280046 8afce052b5a90e52d98bb5056b4c3677
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:   129478 cb4c07f3a023501dc4282a949ae6f0c3
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:    64766 91cb2126b68ad573beb3cf71a10a4862

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb
      Size/MD5 checksum:   268022 8e83e14d2221e43e0f84d21004ecdc6e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb
      Size/MD5 checksum:   129516 75f62242848fcd8c04a769d8b2b70fb3
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb
      Size/MD5 checksum:    62650 9f1005a1902d5f088f8916113da1d9fa

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:   288256 2f760288780881eff8c000a7d5287ab7
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:   135902 42d5b64ede073387c03f914c2f3b9a7d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:    69330 31208354bcb32e72e812f773cb5bd582

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb
      Size/MD5 checksum:   269760 fee79fac0639b2b80cb8e29df80b267c
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb
      Size/MD5 checksum:   126480 a428c99fb8b13a9ae1c691cc5d65420e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb
      Size/MD5 checksum:    63604 be480904f42852892049fa980a8ba521

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:   355486 6425e823262700c3d06d6dc28bd5a889
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:   150436 02a50df61a2fe956ba62e76367c169c7
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:    80364 1fef77a49dd87394b691b5623c72607b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb
      Size/MD5 checksum:   281056 d819d23c9ef923a282e74af566013761
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb
      Size/MD5 checksum:   132178 1d2366458dd2e9c7d6d507adde131308
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb
      Size/MD5 checksum:    61982 83ae72d761312226134db573f078ab83

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:   280690 314d213d4296f1a231e8534becff7405
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:   132164 8d7c1227c0f36c33a0952765e9f2dca4
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:    61972 f1b286a5c481f1ea487af4c6c9864d23

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:   280810 a123142acdbf773bfbcff1a55584aa19
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:   131878 0635d337c8bae23f613448d560acc61d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:    65974 2736e6c7114bcd6a281f5a7e2e43351a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb
      Size/MD5 checksum:   279310 3a9db64ccd003295eadd2c1d0b9b640e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb
      Size/MD5 checksum:   128964 9d7752770b05bafdf8e8ea09eb58a15f
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb
      Size/MD5 checksum:    64442 729126714688fa21a339b8d22a545bd2

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:   269676 a07e3241c1d7cb106bfb8e3002665757
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:   128524 2b66271a6ef4c18fc040832145a1e83b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:    64668 90418a7aeea9c7ce980de5c46e871a9f

Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc
      Size/MD5 checksum:      750 f776cbffc3c5757239311f68cbb06863
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
      Size/MD5 checksum:    36873 1ed9055534fa44d865262b14f8b30341
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
      Size/MD5 checksum:   514073 b4ea482130e163af1456699e2e6983d9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:   319638 61b5664b0460876546de510fbd0059a9
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:   160798 6d3bdb00bb1432e45423f832337f6087
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:    74902 46be93166fa4c5a293ac71d89777fed8

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:   299404 03a5d6a3e922b849f20029a8ff7998f4
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:   135146 41b387de4cf01fe6da695594c94b20aa
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:    69188 a463fefd5a7ba02d63d2ce30274d4aa1

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:   286656 b54c96a818dd03ca8495fdf695344b3d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:   131622 91543dea78bcd279f0bff1e19e75822b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:    67496 83b69e379ed35e86555c5dda94ce7a63

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:   309102 6d63580fbeff38010fc50c41e8586ead
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:   141536 aaac39e76b748763e8fd0cfa98d8dde8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:    73240 ad652a0bf5df9f67dd3836af637d89f2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:   282332 cea1b184efefb7454b6c0b25a3e8d875
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:   131262 ab42291b25f3501983ea1fa3e61e5832
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:    67370 28242d8c48f5cf14b7cdd1dff1c8f44d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:   394586 75bf8f5b8890dffbc539d79105f31896
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:   157904 d2891a73971207417313c5217cba4641
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:    86568 d760ad9563615e5a76f46f50ba87b94e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:   297038 8bf5b347f3b25110a7fe7e0b9a171899
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:   140652 6cb382cf6a63b5b02701b60b9ca0d6a2
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:    66324 8bd8e1c3a08ef2f59a4127c60bccae7a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:   297042 f5b2271e9e64c0fd2de08569b7a4fcae
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:   140598 ab9c505c30d97a14e92d283f4e42a861
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:    66384 7ac15a45f175d9e7dd0d9e9ff7387a27

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:   297622 22e279870a880ac1c6dfc71ac42f30bb
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:   136040 fdd5e885773c0dcf69f25e810f2e4bbc
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:    69932 49df2e6b8d5435e12d8eb6ff2881ab4a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:   302738 1653f57ea628f86c96568c64847dc176
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:   134614 6801cc3c2cfbf17f41284ef351d6d6c8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:    69440 d63382b49cb1f66af8f9bac116a701f5

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:   286648 93f735711c69d3add89f6c58050b426c
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:   133128 515716db148f7292a7793672bc6cff1f
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:    67892 59f7df3b28746ba3943b465cfaa8f7b1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfEFhXm3vHE4uyloRAv9/AKDEte+fsrFBf4A/G+1mPImx3XUpKACguq0+
MjOH56NLrMDywrUd1VZovL8=
=pKfV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ