Full Disclosure mailing list archives
[SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
From: debian-security-announce () lists debian org
Date: Sat, 17 Jul 2004 20:31:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 529-1 security () debian org http://www.debian.org/security/ Matt Zimmerman July 17th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : netkit-telnet-ssl Vulnerability : format string Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0640 b0f discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon (the 'telnetd' user by default). For the current stable distribution (woody), this problem has been fixed in version 0.17.17+0.1-2woody1. For the unstable distribution (sid), this problem has been fixed in version 0.17.24+0.1-2. We recommend that you update your netkit-telnet-ssl package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce () lists debian org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA+e8aArxCt0PiXR4RAihnAKDLbMBLKYZUpxrsvfTqLj4rCAmHqwCgsTKg 7LxPKC0prgOPFGHMgpzXX1k= =npx8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability debian-security-announce (Jul 17)
- <Possible follow-ups>
- [SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability debian-security-announce (Jul 18)