OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: debian-security-announceLISTS.DEBIAN.ORG
Date: Mon Jan 22 2001 - 16:08:40 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ----------------------------------------------------------------------------
    Debian Security Advisory DSA-012-1 securitydebian.org
    http://www.debian.org/security/ Martin Schulze
    January 22, 2001
    - ----------------------------------------------------------------------------

    Package : micq
    Vulnerability : remote buffer overflow
    Debian-specific: no

    PkC has reported that there is a buffer overflow in sprintf() in micq
    versions 0.4.6, that allows to a remote attacker able to sniff packets
    to the ICQ server to execute arbitrary code on the victim system.

    We recommend you upgrade your micq package immediately.

    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.

    You may use an automated update by adding the resources from the
    footer to the proper configuration.

    Debian GNU/Linux 2.2 alias potato
    - ------------------------------------

      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.

      Source archives:

        http://security.debian.org/dists/stable/updates/main/source/micq_0.4.3-4.dsc
          MD5 checksum: b564dd2d8e937611bd90d73096d4a138
        http://security.debian.org/dists/stable/updates/main/source/micq_0.4.3.orig.tar.gz
          MD5 checksum: ddc011d3509d593284bf9336e0a9f829
        http://security.debian.org/dists/stable/updates/main/source/micq_0.4.3-4.diff.gz
          MD5 checksum: f86304bdbec4d1cf86fb991fc8355f39

      Intel ia32 architecture:

        http://security.debian.org/dists/stable/updates/main/binary-i386/micq_0.4.3-4_i386.deb
          MD5 checksum: b5a2d7327ffc35ab49a1e4f64c6f2567

      Motorola 680x0 architecture:

        http://security.debian.org/dists/stable/updates/main/binary-m68k/micq_0.4.3-4_m68k.deb
          MD5 checksum: a07906bae588eaec0b20974a8a871704

      Sun Sparc architecture:

        http://security.debian.org/dists/stable/updates/main/binary-sparc/micq_0.4.3-4_sparc.deb
          MD5 checksum: 59d5b78bea7f4cce3ea4ca7b5b28d005

      Alpha architecture:

        http://security.debian.org/dists/stable/updates/main/binary-alpha/micq_0.4.3-4_alpha.deb
          MD5 checksum: 06264f9d8a99edfcc43fac35080cc544

      PowerPC architecture:

        http://security.debian.org/dists/stable/updates/main/binary-powerpc/micq_0.4.3-4_powerpc.deb
          MD5 checksum: fbd7bb304918dad6f59d75c5a220dd31

      ARM architecture:

        http://security.debian.org/dists/stable/updates/main/binary-arm/micq_0.4.3-4_arm.deb
          MD5 checksum: 492b4162cc8f59c5dae6e56860ae6bfe

      These files will be moved into
      ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

    For not yet released architectures please refer to the appropriate
    directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

    - ----------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announcelists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see     http://www.gnupg.org

    iD8DBQE6bK4rW5ql+IAeqTIRAiMpAJwJSCw++1gi200ZdlN3s2dY8eiM4QCdEv1q
    OCg4/8B3PhZLbcmy+9zVAKg=
    =OUwR
    -----END PGP SIGNATURE----- 

    --
To UNSUBSCRIBE, email to debian-security-announce-requestlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org