---------------------------------------------------------------------------- Debian Security Advisory DSA-045-2 security@debian.org http://www.debian.org/security/ Michael Stone April 9, 2001 ----------------------------------------------------------------------------
Package: ntp Vulnerability: remote root exploit Debian-specific: no
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2.
We recommend you upgrade your ntp package immediately.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato ------------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures.