-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory securityat_private http://www.debian.org/security/ Wichert Akkerman November 11, 1999 - ------------------------------------------------------------------------ The version of nfs-server that was distributed in Debian GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed that the total length of a path would never exceed (PATH_MAX_NAME_MAX). With a read/write exported directory people could created longes path and cause a bufferoverflow. This has been addressed in version 2.2beta37-1slink.1, and we recommend you upgrade your nfs-server package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz MD5 checksum: 277c6daafd5b6f3947908a40761473d1 http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37-1slink.1.dsc MD5 checksum: c9bcdd19e29055d420e1c50dee6425d4 http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37.orig.tar.gz MD5 checksum: afe0f88c48add25f304a387ae4fb40ba Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb MD5 checksum: 5e9d134fcc8834e5cf6a7dedb2394f7b Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb MD5 checksum: f5c4f2cc59101dc15bfc66530cb4d9e1 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb MD5 checksum: 672a8509a53f52d71efcde29b37780aa Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb MD5 checksum: c882894e79ede2c9af4d52566db59971 These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - -- - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: debian-security-announceat_private -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOCr1jqjZR/ntlUftAQEXpgL8CB3ZmEi7fb9KXGcaksuVE2X0K8KR66eZ tVcFqXKElX1KnLCzi5OQ38hPg6qHBLhiTKhhNcYNotTs+2uEHvjKhq4ml88tiv1k 7vE5ZARYXGWiOxfao20zYzuzg6Q8N4iN =gTX8 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-requestat_private with a subject of "unsubscribe". Trouble? Contact listmasterat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:26 PDT