[8920] in bugtraq

home help back first fref pref prev next nref lref last post

[SECURITY] New versions of netstd fixes buffer overflows

daemon@ATHENA.MIT.EDU (debian-security-announce@LISTS.DEB)
Mon Jan 4 03:03:45 1999

Date: 	Sun, 3 Jan 1999 20:31:10 -0800
Reply-To: security@debian.org
From: debian-security-announce@LISTS.DEBIAN.ORG
To: BUGTRAQ@NETSPACE.ORG

--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

We have received reports that the netstd suffered from two buffer
overflows. The first problem is an exploitable buffer overflow in the
bootp server. The second problem is an overflow in the FTP client. Both
problems are fixed in a new netstd package, version 3.07-2hamm.4 .

We recommend you upgrade your netstd package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 680x0 architecture.


  Source archives:
    ftp://ftp.debian.org/debian/dists/stable/main/source/net/netstd_3.07.or=
ig.tar.gz
          MD5 checksum: 6f594f125f6eaa168e00c3b2234c34cc
    ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.=
diff.gz
      MD5 checksum: 157a50142e263a6add4f128e8c40cb74
    ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4.=
dsc
      MD5 checksum: eb6548e15741214ab1d16f55a0b2b53b

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_=
i386.deb
      MD5 checksum: 09e42bdecf569362df94be850605645b

  Motorola 680x0 architecture:
    ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.4_=
m68k.deb
      MD5 checksum: a66b5da8f54d382eaaa53586b498c302

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--=20
Debian GNU/Linux      .   Security Managers      .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>  .   <joey@debian.org>

--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQB1AwUBNo/3kajZR/ntlUftAQGWZwL8DmFRH5ehX02T7dy2qayJ/dXXXtDfnHNj
2AmJbNX+lCC+SEXm2m1t2wNnAqp+A4t+/oyJpDKfbucphf6U6+2zpWY1Qvy30Ylm
hswWYEexfEc1uccAzIY+boET2CbgGPTv
=Da1O
-----END PGP SIGNATURE-----

--pWyiEgJYm5f9v55/--


--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

home help back first fref pref prev next nref lref last post