[Full-Disclosure] [SECURITY] [DSA 472-1] New fte packages fix buffer overflows

debian-security-announce_at_lists.debian.org
Date: 04/04/04

  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 474-1] New squid packages fix ACL bypass"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 3 Apr 2004 21:16:35 -0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 472-1 security@debian.org
    http://www.debian.org/security/ Matt Zimmerman
    April 3rd, 2004 http://www.debian.org/security/faq
    - --------------------------------------------------------------------------

    Package : fte
    Vulnerability : several
    Problem-Type : buffer overflows
    Debian-specific: no
    CVE Ids : CAN-2003-0648
    Debian bug : #203871

    Steve Kemp and Jaguar discovered a number of buffer overflow
    vulnerabilities in vfte, a version of the fte editor which runs on the
    Linux console, found in the package fte-console. This program is
    setuid root in order to perform certain types of low-level operations
    on the console.

    Due to these bugs, setuid privilege has been removed from vfte, making
    it only usable by root. We recommend using the terminal version (in
    the fte-terminal package) instead, which runs on any capable terminal
    including the Linux console.

    For the stable distribution (woody) these problems have been fixed in
    version 0.49.13-15woody1.

    For the unstable distribution (sid) these problems have been fixed in
    version 0.50.0-1.1.

    We recommend that you update your fte package.

    Upgrade Instructions
    - --------------------

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 3.0 alias woody
    - --------------------------------

      Source archives:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.dsc
          Size/MD5 checksum: 609 4ce3f8d5ce68e70d8f5800171eb3b4b2
        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.tar.gz
          Size/MD5 checksum: 559912 4e35205cf4256fbac041ba290e633f30

      Alpha architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_alpha.deb
          Size/MD5 checksum: 74102 83dedc8a780725dbe8073b081a653828
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_alpha.deb
          Size/MD5 checksum: 199602 ab0c0c86670e4f2f64651f52f7a0403a
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_alpha.deb
          Size/MD5 checksum: 122700 7be26dee16c2d2938b4f8273562c56b3
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_alpha.deb
          Size/MD5 checksum: 197942 5d6ee59128a9360e1c0dc62805c0e100
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_alpha.deb
          Size/MD5 checksum: 207180 b85e97f12de35cee17d68ede3e933ba2

      ARM architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_arm.deb
          Size/MD5 checksum: 71608 5e8d77bf80748f3607a99301d111c507
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_arm.deb
          Size/MD5 checksum: 150768 22e3b88059d61140e81222a043bc0e55
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_arm.deb
          Size/MD5 checksum: 122718 e99955a854dbd95537b885921d2b20b5
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_arm.deb
          Size/MD5 checksum: 148560 022486dd73f78054855e55efe3a90b3b
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_arm.deb
          Size/MD5 checksum: 156664 86d50122eb5b823bcb30a1d37ba351c5

      Intel IA-32 architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_i386.deb
          Size/MD5 checksum: 71626 16729e271bb38948ae89ba3766dc8491
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_i386.deb
          Size/MD5 checksum: 141516 1645111f30e339cbed6ef4bb13cb803f
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_i386.deb
          Size/MD5 checksum: 124322 d8fd1efd66cd696a88c6e403bdff0d2b
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_i386.deb
          Size/MD5 checksum: 140162 ff1d2c613b40834b5f23411a61560ead
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_i386.deb
          Size/MD5 checksum: 146778 385b06d99a0150e187dd98e94e29fe36

      Intel IA-64 architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_ia64.deb
          Size/MD5 checksum: 78128 c6eb92920b98887390928b1655502b9d
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_ia64.deb
          Size/MD5 checksum: 264434 d2ac6731be692ba2498107ef5d9cc6bc
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_ia64.deb
          Size/MD5 checksum: 122696 9ae248e75e671bc03a2964e3b7bb2cae
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_ia64.deb
          Size/MD5 checksum: 261032 2e18827c056d7f99993db4d0bebfe4fb
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_ia64.deb
          Size/MD5 checksum: 273122 60b262caccd4290008e40cb149b8301e

      HP Precision architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_hppa.deb
          Size/MD5 checksum: 73998 ac99b815a02e58311c53e1f8cb068c1c
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_hppa.deb
          Size/MD5 checksum: 207580 4ac741368c8ee3c9951c038a4eec914c
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_hppa.deb
          Size/MD5 checksum: 122706 d651c44366bda7660ad08b9c346c7a2e
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_hppa.deb
          Size/MD5 checksum: 205592 e52154184595ef322973d5f95772863c
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_hppa.deb
          Size/MD5 checksum: 214532 2e6bd1b6e35b6e5c84574495262698dc

      Motorola 680x0 architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_m68k.deb
          Size/MD5 checksum: 70378 6655c66baab59b983f77f30ef3f16bb3
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_m68k.deb
          Size/MD5 checksum: 126710 f69dcd049d92ff4dac8494989c5cbede
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_m68k.deb
          Size/MD5 checksum: 122714 aadab6ad515ec1acfc39044cfc3d6c5b
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_m68k.deb
          Size/MD5 checksum: 125352 e6c5588ebd0808b3069ac09b1a8e7c7f
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_m68k.deb
          Size/MD5 checksum: 131720 2c15fec4f2e5234907a2e78f63f2cf8d

      Big endian MIPS architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mips.deb
          Size/MD5 checksum: 71976 edf9be1182ff20fb63c34dd7bca5911d
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mips.deb
          Size/MD5 checksum: 189068 a58b831e5b5dcce139df5243ab9cfab9
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mips.deb
          Size/MD5 checksum: 122808 2a9de827c427cd7b44223096c1b6fa53
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mips.deb
          Size/MD5 checksum: 186822 f68f2e7bc58495a3d7a87e449e14ea7f
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mips.deb
          Size/MD5 checksum: 195160 47c26ca11949aad7dcbe5c7c1c6dff20

      Little endian MIPS architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mipsel.deb
          Size/MD5 checksum: 71926 65757722fa2cb9df9e6139037bd7603b
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mipsel.deb
          Size/MD5 checksum: 188276 8de060e1f996b7aa6847180430286c3b
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mipsel.deb
          Size/MD5 checksum: 122690 f7f79c453c5b94f111a3aa73c17dc9c0
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mipsel.deb
          Size/MD5 checksum: 186174 3c1cda10c450f4694a950bfb3d818876
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mipsel.deb
          Size/MD5 checksum: 194628 b9bde5aa9ac546bc44dc7c3e73cc65a8

      PowerPC architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_powerpc.deb
          Size/MD5 checksum: 72144 f2e256f4e7802a8c65f4f0159d27851a
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_powerpc.deb
          Size/MD5 checksum: 153434 f6b1ad3a7e77af9daac9114f00e62b7c
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_powerpc.deb
          Size/MD5 checksum: 122704 20fa2128e9d5d6456cfafe399d876d9e
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_powerpc.deb
          Size/MD5 checksum: 151558 716c7bcdefe356a338341c08fcf4ea59
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_powerpc.deb
          Size/MD5 checksum: 159448 2b7e59957df4ff0d66bf46b481c0de46

      IBM S/390 architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_s390.deb
          Size/MD5 checksum: 70960 e9d119f457361dc983eab526ad826143
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_s390.deb
          Size/MD5 checksum: 149092 5012101938d0597fc421ac09c2b10c66
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_s390.deb
          Size/MD5 checksum: 122702 0a6176acf340fc75396c89d64e891675
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_s390.deb
          Size/MD5 checksum: 147520 8245176bfb3c5ffaa1aff525ddc9f50b
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_s390.deb
          Size/MD5 checksum: 155422 cca9f5f4fdafcb89bdee5afb117bf125

      Sun Sparc architecture:

        http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_sparc.deb
          Size/MD5 checksum: 72158 26de448213afdbaf9dae2920448f7370
        http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_sparc.deb
          Size/MD5 checksum: 142988 1612dd5fc622aeb1de19dbec8840e457
        http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_sparc.deb
          Size/MD5 checksum: 122710 1c3903d536725137443aa9680cd3500f
        http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_sparc.deb
          Size/MD5 checksum: 141242 0c7d30f936f0f86e11beea711977fb77
        http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_sparc.deb
          Size/MD5 checksum: 149172 5723b04f45c2d3a8ed480c34a683af34

      These files will probably be moved into the stable distribution on
      its next revision.

    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announce@lists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFAb5ohArxCt0PiXR4RAiFzAJ9fmHuMD68iw2eEYI2WTpY3u9ol3QCcC6xy
    Y00d4Fd8MKjBCr8+c2oVeUs=
    =nnVM
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter:
    http://lists.netsys.com/full-disclosure-charter.html


  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 474-1] New squid packages fix ACL bypass"

    Relevant Pages