"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1744-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 18th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : weechat
Vulnerability : missing input sanitization
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0661
Debian Bug : 519940
BugTraq ID : 34148
Sebastien Helleu discovered that an error in the handling of color codes
in the weechat IRC client could cause an out-of-bounds read of an internal
color array. This can be used by an attacker to crash user clients
via a crafted PRIVMSG command.
The weechat version in the oldstable distribution (etch) is not affected
by this problem.
For the stable distribution (lenny), this problem has been fixed in
version 0.2.6-1+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.2.6.1-1.
We recommend that you upgrade your weechat packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz
Size/MD5 checksum: 1615289 96fec32d773e650fed0eb21d51a9a945
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz
Size/MD5 checksum: 2987 5a823583d320e0112fbf6f65c8d9d5a9
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc
Size/MD5 checksum: 1288 95517e879e64485b1d8d2f0d93c231dc
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb
Size/MD5 checksum: 19814 3dc3c119f404e9c06f01a2433058431e
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
Size/MD5 checksum: 431768 8ba3ac668a829fcb4a5bdeb282249fc8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb
Size/MD5 checksum: 214810 96cd728e453b0e2c24681fbdd51c376f
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb
Size/MD5 checksum: 119354 c6f0ac09b5ee2b32d3fabf7515501c4a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb
Size/MD5 checksum: 192764 1ba5ba2f44affa3ea338cd230acde438
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb
Size/MD5 checksum: 106736 f395304b5289245684ec30837bded1c1
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb
Size/MD5 checksum: 195740 39cfcdb47694c7883979d2da7ab619aa
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb
Size/MD5 checksum: 108830 ea4f281358563ac7e3cc396f0ee10501
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb
Size/MD5 checksum: 223536 a83b056f959796e74629b5efd3617616
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb
Size/MD5 checksum: 130270 7451de93d928fbd453eaf3a95dde1b65
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb
Size/MD5 checksum: 107776 ec239c51343e0ace3479559d9d7eaa7b
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb
Size/MD5 checksum: 189350 c95243a796896dde0b87f0da1aecfc7d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb
Size/MD5 checksum: 149346 8f430bd31e411583fdbca07a11f9be27
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb
Size/MD5 checksum: 315132 4a2f20117d12ccf245c798f7ed77da50
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb
Size/MD5 checksum: 214212 bae1939afacb219991d1a96ba79fd61c
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb
Size/MD5 checksum: 95196 6bb1cc04140c54080782765e2449dbe3
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb
Size/MD5 checksum: 214114 a37aa2884f081d654caceda230c19fab
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb
Size/MD5 checksum: 94412 8cdd416097d5c5c7a3372cf74fe0868e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb
Size/MD5 checksum: 213552 b6388948dd607888576328cfab3d5ffe
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb
Size/MD5 checksum: 130426 5dad2dd2db74cd00cbcd8f408a607a23
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb
Size/MD5 checksum: 208666 c5e3a27466af91c297fb11187fe1fb31
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb
Size/MD5 checksum: 112248 921633d25598e4db478f8623a1b509e2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb
Size/MD5 checksum: 188520 f7354ec16c2629cc2ca8976afe5fd057
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb
Size/MD5 checksum: 109596 0d6bf31e83729c47b7598aee5d3f87e0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknA4RgACgkQHYflSXNkfP8KoACeLU43jCX5NRfWquvJhSzTMQOC
TNYAoIq0vrmPnTfSzp616AUrkIl5ZMAu
=gaRd
-----END PGP SIGNATURE-----
"
Another ‘American Idol’ contestant booted
(AP)
DSA 1739-1: New mldonkey packages fix information disclosure
DSA 1741-1: New psi packages fix denial of service
This entry was posted
on 1:34 AM
.
Archives
-
▼
2009
(488)
-
▼
March
(44)
- DSA 1760-1: New openswan packages fix denial of se...
- USN-750-1: OpenSSL vulnerability
- USN-748-1: OpenJDK vulnerabilities
- DSA 1756-1: New xulrunner packages fix multiple vu...
- RHSA-2009:0373-01 Moderate: systemtap security update
- RHSA-2009:0397-01 Critical: firefox security update
- RHSA-2009:0295-01 Moderate: net-snmp security update
- DSA 1755-1: New systemtap packages fix local privi...
- GLSA 200903-39 pam_krb5: Privilege escalation
- RHSA-2009:0394-01 Critical: java-1.5.0-sun securit...
- RHSA-2009:0376-01 Critical: acroread security update
- GLSA 200903-38 Squid: Multiple Denial of Service ...
- DSA 1753-1: End-of-life announcement for Iceweasel...
- GLSA 200903-35 Muttprint: Insecure temporary file...
- DSA 1747-1: New glib2.0 packages fix arbitrary cod...
- DSA 1750-1: New libpng packages fix several vulner...
- DSA 1748-1: New libsoup packages fix arbitrary cod...
- GLSA 200903-34 Amarok: User-assisted execution of...
- RHSA-2009:0345-01 Moderate: ghostscript security u...
- USN-742-1: JasPer vulnerabilities
- DSA 1749-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:0341-01 Moderate: curl security update
- GLSA 200903-32 phpMyAdmin: Multiple vulnerabilities
- DSA 1744-1: New weechat packages fix denial of ser...
- GLSA 200903-29 BlueZ: Arbitrary code execution
- RHSA-2009:0355-01 Moderate: evolution and evolutio...
- USN-737-1: libsoup vulnerability
- DSA 1743-1: New libtk-img packages fix arbitrary c...
- DSA 1740-1: New yaws packages fix denial of service
- DSA 1741-1: New psi packages fix denial of service
- DSA 1742-1: New libsnd packages fix arbitrary code...
- GLSA 200903-25 Courier Authentication Library: SQ...
- USN-731-1: Apache vulnerabilities
- GLSA 200903-26 TMSNC: Execution of arbitrary code
- DSA 1738-1: New curl packages fix arbitrary file a...
- DSA 1739-1: New mldonkey packages fix information ...
- RHSA-2009:0331-01 Important: kernel security and b...
- GLSA 200903-21 cURL: Arbitrary file access
- GLSA 200903-23 Adobe Flash Player: Multiple vulne...
- DSA 1735-1: New znc packages fix privilege escalation
- USN-732-1: dash vulnerability
- DSA 1737-1: New wesnoth packages fix several vulne...
- Media player targets embedded Linux devices
- TI die-shrinks OMAP3
-
▼
March
(44)