[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] New versions of super fixes two buffer overflows



Martin Schulze wrote:
> ====================================================================
> Debian GNU/Linux Security                        February 15th, 1999
> 
> 
> We have received reports about two buffer overflows in the super
> package which was distributed as part of Debian GNU/Linux.  Firstly,
> for per-user .supertab files super didn't check for a buffer overflow
> when creating the path to the user's .supertab file.  Secondly another
> buffer overflow did allow ordinary users to overflow super by creating
> a nasty personal .supertab file.
> 
> We recommend you upgrade your super packages immediately.
> 
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> Debian GNU/Linux 2.0 alias hamm, upcoming 2.1 alias slink and unstable
> ----------------------------------------------------------------------
> 
>   The binary package is the same for all distributions of Debian
>   GNU/Linux since it doesn't link to any special library.
> 
>   Source archives:
>     ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.diff.gz
>       MD5 checksum: ad2b28848ab83824e9a4256fb5610c6a
>     ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.dsc
>       MD5 checksum: a380591182beb282aca04f52c90a99d2
>     ftp://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.6.orig.tar.gz
                                                                            ^
                                                                            |
                                                    This ought to be a 7 ---+

>       MD5 checksum: 591cdcc50c9cfbaabc019889796dc43f
> 
>   Intel architecture:
>     ftp://ftp.debian.org/debian/dists/potato/main/binary-i386/admin/super_3.11.7-1.deb
>       MD5 checksum: 1979e2fa15b0e2161d6e3fae4ff5fa92
> 
>   Motorola 68xxx architecture:
>     ftp://ftp.debian.org/debian/dists/potato/main/binary-m68k/admin/super_3.11.7-1.deb
>       MD5 checksum: 479dc49e7fe996bba35c1c2b94c155bd
> 
>   PowerPC architecture:
>     ftp://ftp.debian.org/debian/dists/potato/main/binary-powerpc/admin/super_3.11.7-1.deb
>       MD5 checksum: 20d464d1d3f4322d393e825377d20cfe
> 
> Although the upcoming release of Debian will be made for the Sparc
> architecture as well there is no fixing package at the moment.  It
> will be uploaded and installed within the next days.
> 
> For not yet released architectures please refer to the appropriate
> directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .  The
> package is likely to be recompiled for them within the next few days.

--
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>  .   <joey@debian.org>

Attachment: pgpDgZrUNREEb.pgp
Description: PGP signature


Reply to: