[SECURITY] [DSA 527-1] New pavuk packages fix buffer overflow

From: Matt Zimmerman (mdz_at_debian.org)
Date: 07/03/04

  • Next message: Gregory Duchemin: "Re: DLINK 614+ - SOHO routers, system DOS"
    Date: Sat, 3 Jul 2004 12:10:05 -0700
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 527-1 security@debian.org
    http://www.debian.org/security/ Matt Zimmerman
    July 3rd, 2004 http://www.debian.org/security/faq
    - --------------------------------------------------------------------------

    Package : pavuk
    Vulnerability : buffer overflow
    Problem-Type : remote
    Debian-specific: no
    CVE Ids : CAN-2004-0456

    Ulf Härnhammar discovered a vulnerability in pavuk, a file retrieval
    program, whereby an oversized HTTP 305 response sent by a malicious
    server could cause arbitrary code to be executed with the privileges
    of the pavuk process.

    For the current stable distribution (woody), this problem has been
    fixed in version 0.9pl28-1woody1.

    pavuk is no longer included in the unstable distribution of Debian.

    We recommend that you update your pavuk package.

    Upgrade Instructions
    - --------------------

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 3.0 alias woody
    - --------------------------------

      Source archives:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1.dsc
          Size/MD5 checksum: 707 8c039288254bd756409cab54b6ca7cfc
        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1.diff.gz
          Size/MD5 checksum: 13610 c824a2921a9791a8d840447062643d0b
        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28.orig.tar.gz
          Size/MD5 checksum: 968336 d0f7b77bd11322add1f7d52d62afbf78

      Alpha architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_alpha.deb
          Size/MD5 checksum: 630654 9d0d364a20448a4113e07d0e40745d63

      ARM architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_arm.deb
          Size/MD5 checksum: 568730 8dcb6be6111bab1194bb70b668659a6a

      Intel IA-32 architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_i386.deb
          Size/MD5 checksum: 562284 eb47253f87db9ade4748d5e2d01bd701

      Intel IA-64 architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_ia64.deb
          Size/MD5 checksum: 700588 0a76ba2d4d8aa4db408bf3546a7c4775

      HP Precision architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_hppa.deb
          Size/MD5 checksum: 608290 5858310a6a9902a6d796c6bbcb527e83

      Motorola 680x0 architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_m68k.deb
          Size/MD5 checksum: 540248 9b5e9a7d2a98f7aacb5dbefeb2ac5f81

      Big endian MIPS architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_mips.deb
          Size/MD5 checksum: 565172 134a4284c713a2faca228ca0086fffd0

      Little endian MIPS architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_mipsel.deb
          Size/MD5 checksum: 560950 ea00112b42beec9797c7cac4125541c7

      PowerPC architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_powerpc.deb
          Size/MD5 checksum: 577756 d6a276f698025c5d2851c0f2d256082f

      IBM S/390 architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_s390.deb
          Size/MD5 checksum: 556910 3a8f996cc7123dfb8d789ebcfa3b8026

      Sun Sparc architecture:

        http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_sparc.deb
          Size/MD5 checksum: 573834 f0473eea31b3d870e54649431867c9c4

      These files will probably be moved into the stable distribution on
      its next revision.

    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announce@lists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFA5wR4ArxCt0PiXR4RAiyiAJsGy936Lx0cplJ3ZzQSAstz1oROeACeIFv0
    ug8HGJMeDecWZ2Dh7DJgKQk=
    =GfUe
    -----END PGP SIGNATURE-----


  • Next message: Gregory Duchemin: "Re: DLINK 614+ - SOHO routers, system DOS"

    Relevant Pages