Re: [SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities
From: Glenn Saberton <gsaberton@foomagic.org>
Date: Mon, 12 May 2008 00:03:42 +0800
Message-id: <[🔎] 482718DE.1000402@foomagic.org>
In-reply-to: <20080511151604.BCFB0326BD9@morgana.loeki.tv>
References: <20080511151604.BCFB0326BD9@morgana.loeki.tv>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thijs Kinkhorst wrote:
> ------------------------------------------------------------------------
>  Debian Security Advisory DSA-1573-1
> security@debian.org http://www.debian.org/security/
> Thijs Kinkhorst May 11, 2008
> http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
>
> Package        : rdesktop Vulnerability  : several Problem type   :
> remote Debian-specific: no CVE Id(s)      : CVE-2008-1801
> CVE-2008-1802 CVE-2008-1803 Debian Bug     : 480133 480134 480135
>
> Several remote vulnerabilities have been discovered in rdesktop, a
> Remote Desktop Protocol client. The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
> CVE-2008-1801
>
> Remote exploitation of an integer underflow vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
> CVE-2008-1802
>
> Remote exploitation of a BSS overflow vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
> CVE-2008-1803
>
> Remote exploitation of an integer signedness vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
>
> For the stable distribution (etch), these problems have been fixed
> in version 1.5.0-1etch2.
>
> For the unstable distribution (sid), these problems have been fixed
> in version 1.5.0-4+cvs20071006.
>
> We recommend that you upgrade your rdesktop package.
>
>
> Upgrade instructions --------------------
>
> wget url will fetch the file for you dpkg -i file.deb will install
> the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update will update the internal database apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch -------------------------------
>
> Source archives:
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.diff.gz
>  Size/MD5 checksum:    20213 2f0174a7cec7a431f82234c9cebaadd5
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz
>  Size/MD5 checksum:   245137 433546f60fc0f201e99307ba188369ed
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.dsc
>  Size/MD5 checksum:      932 ea3849b040a1fecdbca046458b5c4e22
>
> alpha architecture (DEC Alpha)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_alpha.deb
>  Size/MD5 checksum:   182160 30e6bc460bdfcc99e0d71b6171f90238
>
> amd64 architecture (AMD x86_64 (AMD64))
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_amd64.deb
>  Size/MD5 checksum:   137356 0cefb8fb94740fbc46feae4f8d8dd888
>
> arm architecture (ARM)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_arm.deb
>  Size/MD5 checksum:   141908 5f350550c2f54138d9fc2f7f8af24626
>
> hppa architecture (HP PA RISC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_hppa.deb
>  Size/MD5 checksum:   145270 9153febda46b7c6a9e892880e0eacc90
>
> i386 architecture (Intel ia32)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_i386.deb
>  Size/MD5 checksum:   123872 608524d02a24a20f4eb4c34ae101d87c
>
> ia64 architecture (Intel ia64)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_ia64.deb
>  Size/MD5 checksum:   194538 69b2707d0ee990acd980e9dbd44d4a00
>
> mipsel architecture (MIPS (Little Endian))
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_mipsel.deb
>  Size/MD5 checksum:   146580 c030489088218b9ef271d75c469d50f1
>
> powerpc architecture (PowerPC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_powerpc.deb
>  Size/MD5 checksum:   141286 dc62405a5d851c189248d23044ce17e6
>
> s390 architecture (IBM S/390)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_s390.deb
>  Size/MD5 checksum:   144540 aa95e6306a2c643465cc4514463cd967
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_sparc.deb
>  Size/MD5 checksum:   127814 7a8fd0a99fe22dd98f6bd64bdcd9ce48
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> ---------------------------------------------------------------------------------
>  For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main Mailing list:
> debian-security-announce@lists.debian.org Package info: `apt-cache
> show <pkg>' and http://packages.debian.org/<pkg>
wrong header?

Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIJxjdV8GyuTwyskMRAuuUAJ9cF5wkcTgPNy0fk3wsHsFOFcvbHwCgn6FG
o8A7BbjdVEf5tfEO/bBBcs8=
=U6Pz
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities
Next by thread: Re: [SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities
Index(es):
- Date
- Thread