Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in bitchx
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in bitchx
ID: DSA-306-1
Distribution: Debian
Plattformen: Debian potato
Datum: Di, 20. Mai 2003, 13:00
Referenzen: Keine Angabe
Applikationen: ircII

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 306-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 19th, 2003                          http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : ircii-pana
Vulnerability  : buffer overflows, integer overflow
Problem-Type   : remote
Debian-specific: no

Timo Sirainen discovered several problems in BitchX, a popular client
for Internet Relay Chat (IRC).  A malicious server could craft special
reply strings, triggering the client to write beyond buffer boundaries
or allocate a negative amount of memory.  This could lead to a denial
of service if the client only crashes, but may also lead to executing
of arbitrary code under the user id of the chatting user.

For the stable distribution (woody) these problems have been fixed in
version 1.0-0c19-1.1.

For the old stable distribution (potato) these problems have been
fixed in version 1.0-0c16-2.1.

For the unstable distribution (sid) these problems have been fixed in
version 1.0-0c19-8.

We recommend that you upgrade your BitchX package.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Source archives:

    ircii-pana_1.0-0c16-2.1.dsc
      Size/MD5 checksum:      742 65eef951e5eae0c78e118cdc61933ec4
    ircii-pana_1.0-0c16-2.1.diff.gz
      Size/MD5 checksum:    38034 7b8484b1ce2450ec0c783647024ee5e7
    ircii-pana_1.0-0c16.orig.tar.gz
      Size/MD5 checksum:  1831273 225135d5f90bf03a1ec820f804d818d2

  Alpha architecture:

    bitchx_1.0-0c16-2.1_alpha.deb
      Size/MD5 checksum:  1545022 19e78356e1fe5e65ac8619eed95e4552
    bitchx-gtk_1.0-0c16-2.1_alpha.deb
      Size/MD5 checksum:   687910 e3cae02b856e5a184939d7b1b90e2c0a

  ARM architecture:

    bitchx_1.0-0c16-2.1_arm.deb
      Size/MD5 checksum:  1354470 eea63662c3e6143af1c97ca402600197
    bitchx-gtk_1.0-0c16-2.1_arm.deb
      Size/MD5 checksum:   527998 a82f08fad8990c5c9df6cb51bf64a60b

  Intel IA-32 architecture:

    bitchx_1.0-0c16-2.1_i386.deb
      Size/MD5 checksum:  1276648 cebb488e14882b504b309ef9a6a19016
    bitchx-gtk_1.0-0c16-2.1_i386.deb
      Size/MD5 checksum:   477004 bd56978d20cc2bd2ca35880e7c86626a

  Motorola 680x0 architecture:

    bitchx_1.0-0c16-2.1_m68k.deb
      Size/MD5 checksum:  1238442 f9775d2fcc46ae522190ce5511db57b5
    bitchx-gtk_1.0-0c16-2.1_m68k.deb
      Size/MD5 checksum:   440760 9fc329b722ebed929d86ae1e27bb8a09

  PowerPC architecture:

    bitchx_1.0-0c16-2.1_powerpc.deb
      Size/MD5 checksum:  1374446 9254327f6a928efb9fe19423cccf850e
    bitchx-gtk_1.0-0c16-2.1_powerpc.deb
      Size/MD5 checksum:   546390 6b2b210be9b8b145867533c33328bfe9

  Sun Sparc architecture:

    bitchx_1.0-0c16-2.1_sparc.deb
      Size/MD5 checksum:  1377964 a31c87ca024f352a02a0a66626cf9216
    bitchx-gtk_1.0-0c16-2.1_sparc.deb
      Size/MD5 checksum:   528902 7cec4b7d84cc36c10c75f9345a8a8970


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    ircii-pana_1.0-0c19-1.1.dsc
      Size/MD5 checksum:      827 b07cbb9042fbdd71cbf407dd6ecdebfd
    ircii-pana_1.0-0c19-1.1.diff.gz
      Size/MD5 checksum:    52566 dd15ba981be495155400c3ef4688e4bd
    ircii-pana_1.0-0c19.orig.tar.gz
      Size/MD5 checksum:  2533621 79431ff0880e7317049045981fac8adc

  Alpha architecture:

    bitchx_1.0-0c19-1.1_alpha.deb
      Size/MD5 checksum:  1762768 bcf23496f3142d461bab8e9571f6ff5f
    bitchx-dev_1.0-0c19-1.1_alpha.deb
      Size/MD5 checksum:   196178 bdb8338578c89040035252c8e3598012
    bitchx-gtk_1.0-0c19-1.1_alpha.deb
      Size/MD5 checksum:   654190 dd17cbcd957fa60c62eff6f74a3de7a7
    bitchx-ssl_1.0-0c19-1.1_alpha.deb
      Size/MD5 checksum:   615898 cec7b443b8b96aca4825a3d03eb3d362

  ARM architecture:

    bitchx_1.0-0c19-1.1_arm.deb
      Size/MD5 checksum:  1592266 24975a31357e95e496376e042ec54189
    bitchx-dev_1.0-0c19-1.1_arm.deb
      Size/MD5 checksum:   196188 beb55cb8d06b200e40f8ebb277b946fb
    bitchx-gtk_1.0-0c19-1.1_arm.deb
      Size/MD5 checksum:   522312 69708abc715673b19b73d60993cef7fa
    bitchx-ssl_1.0-0c19-1.1_arm.deb
      Size/MD5 checksum:   494728 594696946be3bce333b1d7f34fe675d9

  Intel IA-32 architecture:

    bitchx_1.0-0c19-1.1_i386.deb
      Size/MD5 checksum:  1467032 92d7bae58665df7d494d40437c730849
    bitchx-dev_1.0-0c19-1.1_i386.deb
      Size/MD5 checksum:   196182 9be1fc9a26ba1acbf8dd9aec524795a9
    bitchx-gtk_1.0-0c19-1.1_i386.deb
      Size/MD5 checksum:   424724 eb87262649962e1dec16a3e31e4326f2
    bitchx-ssl_1.0-0c19-1.1_i386.deb
      Size/MD5 checksum:   399470 f4de847829ab7f2c3c1cbac2b27b954d

  Intel IA-64 architecture:

    bitchx_1.0-0c19-1.1_ia64.deb
      Size/MD5 checksum:  2053932 87b3e753582605c792fe2dc055f918f2
    bitchx-dev_1.0-0c19-1.1_ia64.deb
      Size/MD5 checksum:   196176 ea0edfdd1ac7c407da49ba026caa32f8
    bitchx-gtk_1.0-0c19-1.1_ia64.deb
      Size/MD5 checksum:   897404 2bbb6b80230c8039b62680456c508555
    bitchx-ssl_1.0-0c19-1.1_ia64.deb
      Size/MD5 checksum:   848754 2b239c4c383c666f13844aa54e123d2e

  HP Precision architecture:

    bitchx_1.0-0c19-1.1_hppa.deb
      Size/MD5 checksum:  1744986 772b93bf7f7c2e6ba3d90f114750ceeb
    bitchx-dev_1.0-0c19-1.1_hppa.deb
      Size/MD5 checksum:   196178 b37d796acca2abc1abd54ab3e14d41a6
    bitchx-gtk_1.0-0c19-1.1_hppa.deb
      Size/MD5 checksum:   647490 c8cfc04f5b0cb0840b336cb9ba892431
    bitchx-ssl_1.0-0c19-1.1_hppa.deb
      Size/MD5 checksum:   613858 14d127dc0bccb3463c6a24f13e7effe1

  Motorola 680x0 architecture:

    bitchx_1.0-0c19-1.1_m68k.deb
      Size/MD5 checksum:  1433828 65977e6e7bbbefbc233d2355939ded16
    bitchx-dev_1.0-0c19-1.1_m68k.deb
      Size/MD5 checksum:   196198 751bf1fb26b5934563d6442ea2a0367c
    bitchx-gtk_1.0-0c19-1.1_m68k.deb
      Size/MD5 checksum:   391890 d3ad291d22f599081d2c99445c1f8d28
    bitchx-ssl_1.0-0c19-1.1_m68k.deb
      Size/MD5 checksum:   366952 941ce99a34d200d1fec02df761f58e80

  Big endian MIPS architecture:

    bitchx_1.0-0c19-1.1_mips.deb
      Size/MD5 checksum:  1634450 1e81f00257a111aa71aaa906c6bd126b
    bitchx-dev_1.0-0c19-1.1_mips.deb
      Size/MD5 checksum:   196182 b0bc131fade3f708dda4c24871f1c149
    bitchx-gtk_1.0-0c19-1.1_mips.deb
      Size/MD5 checksum:   577348 f096553053955f27a9a932c5ab62b319
    bitchx-ssl_1.0-0c19-1.1_mips.deb
      Size/MD5 checksum:   546220 901ca4a9015457d979c1516e2be8bf0b

  Little endian MIPS architecture:

    bitchx_1.0-0c19-1.1_mipsel.deb
      Size/MD5 checksum:  1634336 71c0bd90ad7300b165ffd886f1da9ae6
    bitchx-dev_1.0-0c19-1.1_mipsel.deb
      Size/MD5 checksum:   196188 ecf836f7c50b30d6791fd4209eac6d74
    bitchx-gtk_1.0-0c19-1.1_mipsel.deb
      Size/MD5 checksum:   576110 4740f8ce0df5f38a7d359a6cb5d25d03
    bitchx-ssl_1.0-0c19-1.1_mipsel.deb
      Size/MD5 checksum:   545824 cd9fd89bc340475b14b4967f2bc38746

  PowerPC architecture:

    bitchx_1.0-0c19-1.1_powerpc.deb
      Size/MD5 checksum:  1606938 f1ecbc2af55e9d5f50534fd8a1276864
    bitchx-dev_1.0-0c19-1.1_powerpc.deb
      Size/MD5 checksum:   196178 fd445c5121bb7d880f045b7ad77ec572
    bitchx-gtk_1.0-0c19-1.1_powerpc.deb
      Size/MD5 checksum:   534520 d4a05d08a6b8e2ec40d642994fff0b87
    bitchx-ssl_1.0-0c19-1.1_powerpc.deb
      Size/MD5 checksum:   506680 4e2f2a32e1417fab76b2dd028ffa42d7

  IBM S/390 architecture:

    bitchx_1.0-0c19-1.1_s390.deb
      Size/MD5 checksum:  1551494 bad3049b49862b96144249f5e28a1a56
    bitchx-dev_1.0-0c19-1.1_s390.deb
      Size/MD5 checksum:   196172 bff4b6c07fd2527a302ebd12319c1969
    bitchx-gtk_1.0-0c19-1.1_s390.deb
      Size/MD5 checksum:   492848 c380131ac044f0a558be9294c12de09b
    bitchx-ssl_1.0-0c19-1.1_s390.deb
      Size/MD5 checksum:   465254 4f1d52f85920776dca6943c3f497c006

  Sun Sparc architecture:

    bitchx_1.0-0c19-1.1_sparc.deb
      Size/MD5 checksum:  1619738 fc77f331f59403bd4d6c99f40a8d6736
    bitchx-dev_1.0-0c19-1.1_sparc.deb
      Size/MD5 checksum:   196180 07f9cf646c35fa15044931e5c5b1295e
    bitchx-gtk_1.0-0c19-1.1_sparc.deb
      Size/MD5 checksum:   508480 a1cc7e17a32fccb090fb6f68225bcdd1
    bitchx-ssl_1.0-0c19-1.1_sparc.deb
      Size/MD5 checksum:   479924 d80452a69cb7cd36d12d9b7b86ead700


  These files will probably be moved into the stable distribution on
  its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+yNBjW5ql+IAeqTIRAgniAJ9h7DkdeD3Ho2iixFt2h+ntV5HlBwCgpaMH
ZhV9a/uQ7yzB4+OTUJquN7c=
=09G6
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung