Martin Schulze wrote: > ==================================================================== > Debian GNU/Linux Security February 15th, 1999 > > > We have received reports about two buffer overflows in the super > package which was distributed as part of Debian GNU/Linux. Firstly, > for per-user .supertab files super didn't check for a buffer overflow > when creating the path to the user's .supertab file. Secondly another > buffer overflow did allow ordinary users to overflow super by creating > a nasty personal .supertab file. > > We recommend you upgrade your super packages immediately. > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > Debian GNU/Linux 2.0 alias hamm, upcoming 2.1 alias slink and unstable > ---------------------------------------------------------------------- > > The binary package is the same for all distributions of Debian > GNU/Linux since it doesn't link to any special library. > > Source archives: > ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.diff.gz > MD5 checksum: ad2b28848ab83824e9a4256fb5610c6a > ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.dsc > MD5 checksum: a380591182beb282aca04f52c90a99d2 > ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.6.orig.tar.gz ^ | This ought to be a 7 ---+ > MD5 checksum: 591cdcc50c9cfbaabc019889796dc43f > > Intel architecture: > ftp://ftp.debian.org/debian/dists/potato/main/binary-i386/admin/super_3.11.7-1.deb > MD5 checksum: 1979e2fa15b0e2161d6e3fae4ff5fa92 > > Motorola 68xxx architecture: > ftp://ftp.debian.org/debian/dists/potato/main/binary-m68k/admin/super_3.11.7-1.deb > MD5 checksum: 479dc49e7fe996bba35c1c2b94c155bd > > PowerPC architecture: > ftp://ftp.debian.org/debian/dists/potato/main/binary-powerpc/admin/super_3.11.7-1.deb > MD5 checksum: 20d464d1d3f4322d393e825377d20cfe > > Although the upcoming release of Debian will be made for the Sparc > architecture as well there is no fixing package at the moment. It > will be uploaded and installed within the next days. > > For not yet released architectures please refer to the appropriate > directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . The > package is likely to be recompiled for them within the next few days. -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
Attachment:
pgpy2SFvESOPs.pgp
Description: PGP signature