[SECURITY] New version of lsof fixes buffer overflow

From: debian-security-announceat_private
Date: Fri Feb 26 1999 - 15:03:57 PST

Next message: Illuminatus Primus: "Re: Cobalt root exploit"

Previous message: Ryan Russell: "Re: Buffer Overflow in Super (new)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

We have received reports that the lsof package is distributed in
Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow
it is possible for local users to gain root-access. We have fixed
this problem in version 4.37-3.

We recommend you upgrade your lsof package immediately.

wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
- -------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 68xxx architecture.


  Source archives:
    ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.diff.gz
      MD5 checksum: d85b3e241693c64c64a523dbc36227ef
    ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.dsc
      MD5 checksum: 55472cf9e28bddc396ddda653b064a29
    ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37.orig.tar.gz
      MD5 checksum: af883ff0eb3b1c0f0134a79f18158257

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.35_4.37-3_i386.deb
      MD5 checksum: e91000cbaaf9661a1fbb1a268fb5cf7b

  Motorola 680x0 architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.36_4.37-3_m68k.deb
      MD5 checksum: 09aa6eccd186a12aeb152f265e37c8b2


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- --
Debian GNU/Linux      .    Security Managers     .   securityat_private
              debian-security-announceat_private
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrishat_private>   .   <wakkermaat_private>  .   <joeyat_private>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBNtcR4ajZR/ntlUftAQFVBgMAg0A/HjleQ3ljBjggOVQ4VEGvkV8WP6Y6
/N9Jak7HP2Wy8hG7W/Wq5cZ0+JWwLPNDv6MbPItCCuIrC8803hm5ie6hpiAo8fiS
o/xS6VcJTeBGxF/2UXz7vvS7AA/FuaNc
=g5Hf
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-requestat_private
with a subject of "unsubscribe". Trouble? Contact listmasterat_private

Next message: Illuminatus Primus: "Re: Cobalt root exploit"
Previous message: Ryan Russell: "Re: Buffer Overflow in Super (new)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:49 PDT