 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Debian-security | May-2008 | Next-Thread | Next-Msg |
| Subject: | Re: [SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities |
| Group: | Debian-security |
| From: | Glenn Saberton |
| Date: | 11 May 2008 |
Hash: SHA1
Thijs Kinkhorst wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1573-1
> security http://www.debian.org/security/
> Thijs Kinkhorst May 11, 2008
> http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
>
> Package : rdesktop Vulnerability : several Problem type :
> remote Debian-specific: no CVE Id(s) : CVE-2008-1801
> CVE-2008-1802 CVE-2008-1803 Debian Bug : 480133 480134 480135
>
> Several remote vulnerabilities have been discovered in rdesktop, a
> Remote Desktop Protocol client. The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
> CVE-2008-1801
>
> Remote exploitation of an integer underflow vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
> CVE-2008-1802
>
> Remote exploitation of a BSS overflow vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
> CVE-2008-1803
>
> Remote exploitation of an integer signedness vulnerability allows
> attackers to execute arbitrary code with the privileges of the
> logged-in user.
>
>
> For the stable distribution (etch), these problems have been fixed
> in version 1.5.0-1etch2.
>
> For the unstable distribution (sid), these problems have been fixed
> in version 1.5.0-4+cvs20071006.
>
> We recommend that you upgrade your rdesktop package.
>
>
> Upgrade instructions --------------------
>
> wget url will fetch the file for you dpkg -i file.deb will install
> the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update will update the internal database apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch -------------------------------
>
> Source archives:
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.di ff.gz
> Size/MD5 checksum: 20213 2f0174a7cec7a431f82234c9cebaadd5
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0.orig.tar. gz
> Size/MD5 checksum: 245137 433546f60fc0f201e99307ba188369ed
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.ds c
> Size/MD5 checksum: 932 ea3849b040a1fecdbca046458b5c4e22
>
> alpha architecture (DEC Alpha)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_al pha.deb
> Size/MD5 checksum: 182160 30e6bc460bdfcc99e0d71b6171f90238
>
> amd64 architecture (AMD x86_64 (AMD64))
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_am d64.deb
> Size/MD5 checksum: 137356 0cefb8fb94740fbc46feae4f8d8dd888
>
> arm architecture (ARM)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_ar m.deb
> Size/MD5 checksum: 141908 5f350550c2f54138d9fc2f7f8af24626
>
> hppa architecture (HP PA RISC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_hp pa.deb
> Size/MD5 checksum: 145270 9153febda46b7c6a9e892880e0eacc90
>
> i386 architecture (Intel ia32)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_i3 86.deb
> Size/MD5 checksum: 123872 608524d02a24a20f4eb4c34ae101d87c
>
> ia64 architecture (Intel ia64)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_ia 64.deb
> Size/MD5 checksum: 194538 69b2707d0ee990acd980e9dbd44d4a00
>
> mipsel architecture (MIPS (Little Endian))
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_mi psel.deb
> Size/MD5 checksum: 146580 c030489088218b9ef271d75c469d50f1
>
> powerpc architecture (PowerPC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_po werpc.deb
> Size/MD5 checksum: 141286 dc62405a5d851c189248d23044ce17e6
>
> s390 architecture (IBM S/390)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_s3 90.deb
> Size/MD5 checksum: 144540 aa95e6306a2c643465cc4514463cd967
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
>
> http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_sp arc.deb
> Size/MD5 checksum: 127814 7a8fd0a99fe22dd98f6bd64bdcd9ce48
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> -------------------------------------------------------------------------------- -
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main Mailing list:
> debian-security-announce Package info: `apt-cache
> show <pkg>' and http://packages.debian.org/<pkg>
wrong header?
Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIJxjdV8GyuTwyskMRAuuUAJ9cF5wkcTgPNy0fk3wsHsFOFcvbHwCgn6FG
o8A7BbjdVEf5tfEO/bBBcs8=
=U6Pz
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster
| Prev-Msg | Prev-Thread | Debian-security | May-2008 | Next-Thread | Next-Msg |