lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071216195443.GA30070@steve.org.uk>
Date: Sun, 16 Dec 2007 19:54:43 +0000
From: Steve Kemp <skx@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1433-1] New centericq packages
	fix execution of code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1433-1                  security@...ian.org
http://www.debian.org/security/                               Steve Kemp
December 16, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : centericq
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-3713

Several remote vulnerabilities have been discovered in centericq,
a text-mode multi-protocol instant messenger client, which could allow
remote attackers to execute arbitary code due to insufficient bounds-testing.

For the stable distribution (etch), this problem has been fixed in version
4.21.0-18etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 4.20.0-1sarge5.

We recommend that you upgrade your centericq package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.dsc
    Size/MD5 checksum:      875 0e3de98bb55d5af241acbb7c42c47cd0
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.diff.gz
    Size/MD5 checksum:   117817 a0d486891cbf0dbafd36acda7d329e7a
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
    Size/MD5 checksum:  1796894 874165f4fbd40e3be677bdd1696cee9d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_alpha.deb
    Size/MD5 checksum:  1651664 69022dfe5342b1056abca9c9b433532d
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_alpha.deb
    Size/MD5 checksum:   337338 b408f37c75ebff4cca8e0fd9bae2a2e2
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_alpha.deb
    Size/MD5 checksum:  1652642 b1e027154c70c15250c131bcd1584c30
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_alpha.deb
    Size/MD5 checksum:  1651712 1fc9e5fbf1d193d8d6ec6c2fa9cf28bf

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_amd64.deb
    Size/MD5 checksum:   335496 e89f821a32c11d314b397ee454da5094
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_amd64.deb
    Size/MD5 checksum:  1355704 f3371f5f48e1057f1fb80714c0ea98bc
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_amd64.deb
    Size/MD5 checksum:  1355942 dbaa8f53bcddceb3828e3b8b857bf833
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_amd64.deb
    Size/MD5 checksum:  1355764 2752c6ff95628f99693521617bc32d73

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_arm.deb
    Size/MD5 checksum:  2184304 34cd68e7c3f0374c40e545a61446f48c
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_arm.deb
    Size/MD5 checksum:  2185094 7cbfa8db84b905a267ddf518415a7553
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_arm.deb
    Size/MD5 checksum:   336124 19e8fc68148e1ebc8dc6a51c2c488689
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_arm.deb
    Size/MD5 checksum:  2184366 b5ac5dffa73e7273a3e03b91e4413be0

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_hppa.deb
    Size/MD5 checksum:  1812692 c21a00400546a5fbf571cf517bd34657
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_hppa.deb
    Size/MD5 checksum:  1813624 f48400ea56e3027d2e828b3353442131
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_hppa.deb
    Size/MD5 checksum:   336228 035a6af70173afb011a9a77631bdab3b
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_hppa.deb
    Size/MD5 checksum:  1812750 10f3220cf0a0334113b4eb6b03e7f63c

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_i386.deb
    Size/MD5 checksum:  1350010 fbf767b42da3ffc738073577afea697a
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_i386.deb
    Size/MD5 checksum:  1350074 9d6774522a6bbf7e84d0f87ce82e9f58
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_i386.deb
    Size/MD5 checksum:   334110 b97efb9fceb7f63e09ef0def30f716cf
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_i386.deb
    Size/MD5 checksum:  1350550 fa68852ebf0a4ecc46b0935469421c38

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_ia64.deb
    Size/MD5 checksum:  1881868 43d4acbfdcb7fe40a37be589e3f1f889
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_ia64.deb
    Size/MD5 checksum:  1881936 77abc6350d8bc87065f52f5f95517661
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_ia64.deb
    Size/MD5 checksum:   335478 059947842bbad6c936d26dad1608f1b7
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_ia64.deb
    Size/MD5 checksum:  1882632 d5697b2646c2e8bfc70132a7bc717a2c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_mips.deb
    Size/MD5 checksum:  1494318 a6ca9d6156ba31fa7cd7ffa86551b415
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_mips.deb
    Size/MD5 checksum:   336222 b36d254b280b4817945617ddf9d08c86
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_mips.deb
    Size/MD5 checksum:  1493754 3935ca3729f8f1a63b734c71ab1082cb
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_mips.deb
    Size/MD5 checksum:  1493802 4bbb63baee483c25d48fb2a45d852d68

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_mipsel.deb
    Size/MD5 checksum:  1483882 08845c3905f49deee47a32ec6f141e01
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_mipsel.deb
    Size/MD5 checksum:  1483826 f498fa3e3266fadf9455624b888e3e11
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_mipsel.deb
    Size/MD5 checksum:   335516 90293d75d806c9f0e9e2cb0808be8a03
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_mipsel.deb
    Size/MD5 checksum:  1484294 09f5eecfa682de17906ae9fab9e490cd

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_powerpc.deb
    Size/MD5 checksum:  1385530 66197219a21450010715aa61d5b63026
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_powerpc.deb
    Size/MD5 checksum:   336260 642dc7dc6ca14af4c1c97d0e0f8cb23a
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_powerpc.deb
    Size/MD5 checksum:  1386120 15e00fa3f3c728902fdf6a64b6528ea2
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_powerpc.deb
    Size/MD5 checksum:  1385434 ea1138910698ebef3337537d1932ca42

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_s390.deb
    Size/MD5 checksum:  1194316 5e5f8199585fb6fcf5c8172d2744be03
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_s390.deb
    Size/MD5 checksum:  1194618 b83b1a8b33b8321260af0ac1528c9910
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_s390.deb
    Size/MD5 checksum:   336242 1fc6dda424f7529cc278080d02843034
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_s390.deb
    Size/MD5 checksum:  1194362 68dbcf90234bc1de031663c253a4c416

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_sparc.deb
    Size/MD5 checksum:   336256 0f6b5e98f6540f55f6e8fd7bfa7f3134
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_sparc.deb
    Size/MD5 checksum:  1326176 41af440700265be09e94ca88f59dd96c
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_sparc.deb
    Size/MD5 checksum:  1327002 b801913a67e8bed0765f0ea35e588cac
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_sparc.deb
    Size/MD5 checksum:  1326220 23a77450f96324bc0149b3539b04bb56


Debian GNU/Linux 4.0 alias etch
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1.diff.gz
    Size/MD5 checksum:   185436 0cfb04d3ea4cbb936def1a55d277bd46
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0.orig.tar.gz
    Size/MD5 checksum:  1939915 3dbf6237a19cb41029f3abd90251edc3
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1.dsc
    Size/MD5 checksum:      845 1e9ec88bc80b67c74cea791347f495ea

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_alpha.deb
    Size/MD5 checksum:  1447404 abdaf36313c30551c26c1f6e2ade3c63
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_alpha.deb
    Size/MD5 checksum:   347434 ba0c331c5e59f807b31178a180050201
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_alpha.deb
    Size/MD5 checksum:  1447486 f3c790b99c5249193a7bb13a4bca9abf
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_alpha.deb
    Size/MD5 checksum:  1448152 5a1846dda0eb7f730fdaaaca3fdc0956

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_amd64.deb
    Size/MD5 checksum:  1319574 125526e09da089a1acc58b12b13bf821
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_amd64.deb
    Size/MD5 checksum:  1319614 8d57c2d25e774558bc46da25e3184621
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_amd64.deb
    Size/MD5 checksum:   345972 58379a71cb28fd37f1d99d9f877a4cb1
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_amd64.deb
    Size/MD5 checksum:  1320130 eaf13226ff44e5d0a61623c0b08e83b1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_arm.deb
    Size/MD5 checksum:  1484704 58b23f7ff72aa854a1b6f09fc274be24
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_arm.deb
    Size/MD5 checksum:  1484770 478e9b390addbc5f83c35862e9ca1193
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_arm.deb
    Size/MD5 checksum:   347730 c077ca78734b9656f201bb741ed97352
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_arm.deb
    Size/MD5 checksum:  1485348 8047861c76721623e1f034d378ee8193

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_hppa.deb
    Size/MD5 checksum:  1489964 7e60d63b526943f977528e6b769d85df
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_hppa.deb
    Size/MD5 checksum:  1490676 8ffc3c44154cd5e2977297012d00b03e
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_hppa.deb
    Size/MD5 checksum:   347070 b83af9dfa1e7de5b1e8a14222a76abd1
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_hppa.deb
    Size/MD5 checksum:  1489844 ad8957dcc3347dea84e02d266cf39778

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_i386.deb
    Size/MD5 checksum:  1282994 a26cb9bb5cf16e7a8d7847c50ea254a8
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_i386.deb
    Size/MD5 checksum:  1283536 331b5d45d83256343f64fdf6db5a9f2d
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_i386.deb
    Size/MD5 checksum:   345884 892296a7f62902cdd44f47513a6fad5e
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_i386.deb
    Size/MD5 checksum:  1282938 f675df9fb9ec92a117d6859a63e4b2da

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_ia64.deb
    Size/MD5 checksum:  1675984 f9c7495632ce03291411285880c21f54
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_ia64.deb
    Size/MD5 checksum:   346304 67e37391bcff9bc93dec96de05ac8abe
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_ia64.deb
    Size/MD5 checksum:  1676028 8168a1a1cb494b216dc348dc76e66a2b
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_ia64.deb
    Size/MD5 checksum:  1677266 e992d71565a3362da200a9239a13b519

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_mips.deb
    Size/MD5 checksum:  1353372 41d8186d03ebe4876c962958b93d04e8
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_mips.deb
    Size/MD5 checksum:  1354148 bcd34bee6ae04a282c111dc11235b31f
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_mips.deb
    Size/MD5 checksum:   347072 76f2dce6643296f60bdf822e585ae1d8
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_mips.deb
    Size/MD5 checksum:  1353210 47aa318b680c6ffdac3e6b2a51e81af9

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_mipsel.deb
    Size/MD5 checksum:  1341468 2e5b9b997f984097e0e788182bc6a79d
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_mipsel.deb
    Size/MD5 checksum:   346336 9fec79ae5a9ee9b0f888a5d482a02c9c
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_mipsel.deb
    Size/MD5 checksum:  1340896 6f0720a00c60390fe07e8a84768c1008
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_mipsel.deb
    Size/MD5 checksum:  1340750 83bbf0fb5868a78ba4b42cb4eb8e094b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_powerpc.deb
    Size/MD5 checksum:   347076 372c8622a14a153a335389e03a9204ea
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_powerpc.deb
    Size/MD5 checksum:  1239156 30f6bbd95baf13d52f5ec4da554a57af
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_powerpc.deb
    Size/MD5 checksum:  1238634 9f03f17c7764e0042b77d83dc4ee0049
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_powerpc.deb
    Size/MD5 checksum:  1238614 f773a6de067e613b47a0121a45fe6cb0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_s390.deb
    Size/MD5 checksum:   347046 331a79992eb12d1d1e876e95e5be22f1
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_s390.deb
    Size/MD5 checksum:  1199146 e97261a24e2c274ee00af97e39e05476
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_s390.deb
    Size/MD5 checksum:  1199938 9a37bfddf3c24cef203d4e7b441fc5d6
  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_s390.deb
    Size/MD5 checksum:  1199288 880bd9029a1bc4a727c7d5aa66843422

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_sparc.deb
    Size/MD5 checksum:  1338312 47f7273f5cd63ae579b2fcdc98cfc05e
  http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_sparc.deb
    Size/MD5 checksum:   347064 4062ff8b269db33b0be2ba32f5fa6966
  http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_sparc.deb
    Size/MD5 checksum:  1338862 55f4280f69f3b31e724617af89068d9f
  http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_sparc.deb
    Size/MD5 checksum:  1338296 35a2c1279fef52721c9d16c585c68b86


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHZYJYwM/Gs81MDZ0RAsSaAKChaisvHVtAuA4AlMdinP47TS66NQCfc/qC
eZOpvzOIKBUWID2eD/6vooI=
=KJTc
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ