[8920] in bugtraq
[SECURITY] New versions of netstd fixes buffer overflows
daemon@ATHENA.MIT.EDU (debian-security-announce@LISTS.DEB)
Mon Jan 4 03:03:45 1999
Date: Sun, 3 Jan 1999 20:31:10 -0800
Reply-To: security@debian.org
From: debian-security-announce@LISTS.DEBIAN.ORG
To: BUGTRAQ@NETSPACE.ORG
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
We have received reports that the netstd suffered from two buffer
overflows. The first problem is an exploitable buffer overflow in the
bootp server. The second problem is an overflow in the FTP client. Both
problems are fixed in a new netstd package, version 3.07-2hamm.4 .
We recommend you upgrade your netstd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian was released only for the Intel and the
Motorola 680x0 architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/stable/main/source/net/netstd_3.07.or=
ig.tar.gz
MD5 checksum: 6f594f125f6eaa168e00c3b2234c34cc
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.=
diff.gz
MD5 checksum: 157a50142e263a6add4f128e8c40cb74
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.=
dsc
MD5 checksum: eb6548e15741214ab1d16f55a0b2b53b
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_=
i386.deb
MD5 checksum: 09e42bdecf569362df94be850605645b
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_=
m68k.deb
MD5 checksum: a66b5da8f54d382eaaa53586b498c302
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--=20
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNo/3kajZR/ntlUftAQGWZwL8DmFRH5ehX02T7dy2qayJ/dXXXtDfnHNj
2AmJbNX+lCC+SEXm2m1t2wNnAqp+A4t+/oyJpDKfbucphf6U6+2zpWY1Qvy30Ylm
hswWYEexfEc1uccAzIY+boET2CbgGPTv
=Da1O
-----END PGP SIGNATURE-----
--pWyiEgJYm5f9v55/--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org