unsuscribe
Le Tue, Jan 18, 2005 at 10:41:00AM +0100, Martin Schulze a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 644-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> January 18th, 2005 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : chbg
> Vulnerability : buffer overflow
> Problem-Type : local
> Debian-specific: no
> CVE ID : CAN-2004-1264
> Debian Bug : 285904
>
> Danny Lungstrom discoverd a vulnerability in chbg, a tool to change
> background pictures. A maliciously crafted configuration/scenario
> file could overflow a buffer and lead to the execution of arbitrary
> code on the victim's machine.
>
> For the stable distribution (woody) this problem has been fixed in
> version 1.5-1woody1.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 1.5-4.
>
> We recommend that you upgrade your chbg package.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc
> Size/MD5 checksum: 600 3cb28b61fb97dca63f09a486dae5612f
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz
> Size/MD5 checksum: 3612 08098cf0fec406380e968186766de027
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz
> Size/MD5 checksum: 322878 4a158c94c25b359c86da1de9ef3e986b
>
> Alpha architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb
> Size/MD5 checksum: 294456 afd6ce377d43c0df909d955e04c328cd
>
> ARM architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb
> Size/MD5 checksum: 247338 878c528ab81decd999503ad47557fc4a
>
> Intel IA-32 architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb
> Size/MD5 checksum: 244862 d3a09b86dfc44164c541cda2eb66ce66
>
> Intel IA-64 architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb
> Size/MD5 checksum: 345228 e4b9ae6b9da9c34d5a930727bdfc1a44
>
> HP Precision architecture:
>
> Cannot be updated due to compiler error.
>
> Motorola 680x0 architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb
> Size/MD5 checksum: 222916 7dce4c0b3ae27f624ee472bd153d5c66
>
> Big endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb
> Size/MD5 checksum: 249054 66402b53b158bfa0b2144b6b97b1d794
>
> Little endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb
> Size/MD5 checksum: 247536 769f5074ad1f4b148191d0e196d01778
>
> PowerPC architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb
> Size/MD5 checksum: 271272 f6b03b2a05de42ee203d7d9cbfe7c468
>
> IBM S/390 architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb
> Size/MD5 checksum: 239098 f20c7b0e36ecfc4540d3673f4ec477dd
>
> Sun Sparc architecture:
>
> http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb
> Size/MD5 checksum: 263302 28df5318e314bbaf79493b485aa6cffa
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFB7NmrW5ql+IAeqTIRAmUEAKCLSpd0/8eiiFhfymdRCV70pS6p9QCfUIfW
> JmmWy3Pi87ZjfreLomQQIls=
> =WpPd
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
==========================================================
Aurélien Roux
Doctorant (PhD)
Laboratoire d'Acoustique de l'Université du Maine
UMR CNRS 6613
Avenue Olivier Messiaen
72085 Le Mans Cedex 9
France
--------------------
Tel (bureau) : (33) 02 43 83 35 89
Fax : (33) 02 43 83 35 20
Email : Aurelien.Roux@univ-lemans.fr
--------------------
http://laum.univ-lemans.fr
http://www.univ-lemans.fr
__________________________________
/ Chiffrez et signez vos messages \
| Utilisez les clés GnuPG |
| |
| HOWTO : |
| http://vilya.org/gpg/gpg-intro.html |
\ __________________________________ /
==================================
Reply to: