7721922 2001-12-27 21:22 +0100 /120 rader/ Robert van der Meulen <rvdm@debian.org> Sänt av: joel@lysator.liu.se Importerad: 2001-12-27 23:01 av Brevbäraren Extern mottagare: debian-security-announce@lists.debian.org Externa svar till: security@debian.org Mottagare: Bugtraq (import) <20295> Ärende: [SECURITY] [DSA-095-1] gpm (gpm-root) format string vulnerabilities ------------------------------------------------------------ From: Robert van der Meulen <rvdm@debian.org> To: debian-security-announce@lists.debian.org Message-ID: <20011227202210.GA21531@wiretrip.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-095-1 security@debian.org http://www.debian.org/security/ Robert van der Meulen December 27, 2001 - ------------------------------------------------------------------------ Package : gpm Problem type : local root vulnerability Debian-specific: no The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade your 1.17.8-18 package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz MD5 checksum: 8c48aa1656391d3755c289a87db13bf0 http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc MD5 checksum: bafbe8ffe73d3b5783e9841f1894af77 http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz MD5 checksum: 9d50c299bf925996546efaf32de1db7b Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb MD5 checksum: 0e50705cadfd58777d02fa6806c10bdf http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb MD5 checksum: cbeeeac3795318255126814d71b7b945 http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb MD5 checksum: f5dd9e395259b037d20e013e112a55e8 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb MD5 checksum: 6b41896ddfed4a119d17e5d8e8391384 http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb MD5 checksum: f02444fc5a9a6a7c7da0e1cb19df24a6 http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb MD5 checksum: 0ae3eb96377394d65e0e8031d0019147 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb MD5 checksum: 18c837abec8360db146681d2a713177a http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb MD5 checksum: 514a1baee569e548349f7c4dc2941f3d http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb MD5 checksum: ce61772d26c799bce33d729ed7fc67b7 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb MD5 checksum: 923894ee7bdc1a8e648881eaf5f372da http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb MD5 checksum: 019de1ecb144e3d10b5978ea640a24c4 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb MD5 checksum: 88d75f4b1f85e6aee903f886b311e127 http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb MD5 checksum: 1ea940b2e3c5d7fade43d75ed3253569 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb MD5 checksum: aa2415e6f489af235e173d6d5a69b05f http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb MD5 checksum: cd823ce39eb4125ed4a8dd0c17362107 http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb MD5 checksum: 0188cb6c4ffd82a146812e53c1387918 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb MD5 checksum: b703c2e30b52446508f18951551839a3 http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb MD5 checksum: b8a75b6ab45f649b9e458cf778545a9e http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb MD5 checksum: fa4ae1bda04f3b13622d6e6bc9ffcb35 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8K4LkFLJHZigagQ4RAqikAKC7ogsUzIlAreE5/Mki78uqCnvPpgCgqdRl t+b1OntlAE3rvVNBC/0vej8= =ByVf -----END PGP SIGNATURE----- (7721922) /Robert van der Meulen <rvdm@debian.org>/(Ombruten)