Security vulnerability in ntop, Debian NOT affected

To: security@debian.org
Cc: debian-devel@lists.debian.org
Subject: Security vulnerability in ntop, Debian NOT affected
From: "Oliver M . Bolzer" <oliver@debian.org>
Date: Tue, 24 Oct 2000 23:28:16 +0200
Message-id: <20001024232816.A2035@magi.sukisuki.org>

[Cc: ed to debian-devel, as it should be known that Debian packages
 are NOT affected ]

This morning, a security advisory was posted to BUGTRAQ about a
vulnerability in ntop, allowing a buffer overflow that could lead
to local root compromose IF the binary is suid-root, because of an incorrectly
handled command-line option.

The ntop package Debian, the woody package I uploaded after adopting few
days ago, as well as the package in potato are NOT  affected by this
vulnerability because they are not suid.
ntop does not seem to have been included in slink.

Nevertheless, the vulnerability itself is there in both packages, so
there should be an updated version and probably a security advisory
(not affected, but don't make suid) about it. Who should I contact
about this advisory? 
Upstream has already fixed the problem in CVS and I'll try to backport
the fix to the version in potato. As upstream has evolved a lot since
potato has been frozen, I strongly oppose just recompiling the new
upstream version for potato.  A new package for woody will be uploaded
as soon as potato is catered.

The fix for potato might take some 2-3 days as I have some
university course work that needs to be done by tommorw afternoon.

 
-- 

	Oliver M. Bolzer
	oliver@debian.org

GPG (PGP) Fingerprint = 621B 52F6 2AC1 36DB 8761  018F 8786 87AD EF50 D1FF

Reply to:

Prev by Date: Re: Clean way to compile with Machine-specific optimizations [Re: Machine-specific optimizations]
Next by Date: Re: ITP Delayed [Re: ITP: jazz++ -- a full sized MIDI sequencer]
Previous by thread: Re: Clean way to compile with Machine-specific optimizations [Re: Machine-specific optimizations]
Next by thread: S/390 binary .deb packages build
Index(es):
- Date
- Thread