[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201007112103.18478.geissert@debian.org>
Date: Sun, 11 Jul 2010 21:03:07 -0500
From: Raphael Geissert <geissert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA-2069-1] New znc packages fix
denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2069-1 security@...ian.org
http://www.debian.org/security/ Raphael Geissert
Jul 11, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : znc
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2448
Debian Bug : 584929
It was discovered that znc, an IRC bouncer, is vulnerable to denial
of service attacks via a NULL pointer dereference when traffic
statistics are requested while there is an unauthenticated connection.
For the stable distribution (lenny), the problem has been fixed in
version 0.058-2+lenny4.
For the testing distribution (squeeze) and the unstable distribution (sid),
the problem has been fixed in version 0.090-2.
We recommend that you upgrade your znc packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 (stable) alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4.dsc
Size/MD5 checksum: 1038 46f176d6370f395b9166832d839f667c
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4.diff.gz
Size/MD5 checksum: 9957 f83f0daa62de96ddd125a57e355997f7
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
Size/MD5 checksum: 340741 c02fd740c55d5b3a7912f7584344103e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_alpha.deb
Size/MD5 checksum: 1097004 aad70b861a881acc07b62fba1828a987
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_amd64.deb
Size/MD5 checksum: 1028912 73e5648afac01653d63993c78f814166
arm architecture (ARM)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_arm.deb
Size/MD5 checksum: 1151388 a75400496739ef59b8f04369c11adae1
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_armel.deb
Size/MD5 checksum: 964152 db8f9e2dd72860c5fc113cdf2d9ffa23
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_hppa.deb
Size/MD5 checksum: 1164930 833ebba997cafa8d98de64f02af58257
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_i386.deb
Size/MD5 checksum: 1012740 8e9428972501db9a05d6f8012a1b58c2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_ia64.deb
Size/MD5 checksum: 1183340 5ec39e62dde31f9198db0f34ec12b95d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_mips.deb
Size/MD5 checksum: 916252 c19f7c926422278d2fc29dc3999d837a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_mipsel.deb
Size/MD5 checksum: 907810 14096b5353a78f6966577c23773d218a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_powerpc.deb
Size/MD5 checksum: 1036902 dbd1e736e3fe1d8f5e9dddba22166279
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_s390.deb
Size/MD5 checksum: 972040 2ea3615c32521cd15cc5eae7516f85f8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_sparc.deb
Size/MD5 checksum: 1000438 8838f85e71e4d0057b21505c8fcb0b39
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw6d90ACgkQYy49rUbZzlofHwCdGWUbDUQbagGycwqolpNV/lMa
if8An2ptwioT/tBrZjBRN28UQi1BE2Os
=ulRd
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists