"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1826-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
July 04, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : eggdrop
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2807 CVE-2009-1789
Debian Bugs : 427157 528778
Several vulnerabilities have been discovered in eggdrop, an advanced IRC
robot. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-2807
It was discovered that eggdrop is vulnerable to a buffer overflow, which
could result in a remote user executing arbitrary code. The previous DSA
(DSA-1448-1) did not fix the issue correctly.
CVE-2009-1789
It was discovered that eggdrop is vulnerable to a denial of service
attack, that allows remote attackers to cause a crash via a crafted
PRIVMSG.
For the stable distribution (lenny), these problems have been fixed in
version 1.6.19-1.1+lenny1.
For the old stable distribution (etch), these problems have been fixed in
version 1.6.18-1etch2.
For the unstable distribution (sid), this problem has been fixed in
version 1.6.19-1.2
We recommend that you upgrade your eggdrop package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.dsc
Size/MD5 checksum: 650 594b4749b9ec89f7d369643895710ad8
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.diff.gz
Size/MD5 checksum: 8016 1a18e0a558c7de704c220e6ed0f14bff
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
Size/MD5 checksum: 1025608 c2734a51926bdf0380d8bb53f5a7b2ee
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch2_all.deb
Size/MD5 checksum: 413124 5f8afe289ebefcc7921fc1a9189c7efd
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_alpha.deb
Size/MD5 checksum: 597062 c79a36069bad2181b84fc8d49b944b16
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_amd64.deb
Size/MD5 checksum: 537512 9c3244b387ee9ceddb1dda220247a4f1
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_arm.deb
Size/MD5 checksum: 498890 055e953dcb486f625a15459dc55aab19
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_hppa.deb
Size/MD5 checksum: 600144 ac69ebc0c01053cd4cbd35eba71546a8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_i386.deb
Size/MD5 checksum: 475340 945bb805188e10c0ce96e0b5d2295deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_ia64.deb
Size/MD5 checksum: 755532 724ae130ed456eb5d5a229fa9a9c1669
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mips.deb
Size/MD5 checksum: 533850 60232404dbc3aab7be1bbd44f9727cf7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mipsel.deb
Size/MD5 checksum: 537320 40f9df7e42a932ea8c0c91d9c778505d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_powerpc.deb
Size/MD5 checksum: 522414 27b819f07a51ef3027bf89e77afbfeea
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_s390.deb
Size/MD5 checksum: 530102 32d0911a7a50d9de96313ec56d707c09
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_sparc.deb
Size/MD5 checksum: 490614 8985bad87328abe986ccd99d5d4a106f
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
Size/MD5 checksum: 1083 0fbb3a99c0027705fd9459ff03fce710
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19.orig.tar.gz
Size/MD5 checksum: 1033152 4d89a901e95f0f9937f4ffac783d55d8
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
Size/MD5 checksum: 17603 73742e8b01487405d815296f5fb91a58
Architecture independent packages:
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
Size/MD5 checksum: 412066 7e5a850e026fe53cfade4e6dd43948af
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_alpha.deb
Size/MD5 checksum: 593730 d791d84436f4ba40ac542afdb5181588
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_amd64.deb
Size/MD5 checksum: 545870 0bba74f2562866bb282d5ac9c575d042
arm architecture (ARM)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_arm.deb
Size/MD5 checksum: 507040 86269695984245a98e23a2ec3c48259d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_armel.deb
Size/MD5 checksum: 523006 14ec7c7ea8de55c77a554c2b8871231a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_hppa.deb
Size/MD5 checksum: 591212 9f79dac9962932605a4dc331f201736d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
Size/MD5 checksum: 468618 1231dad4cd3f847298efd9c453ec7a67
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_ia64.deb
Size/MD5 checksum: 750226 a24c908ebc0e6ee68f5d07778527b767
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mips.deb
Size/MD5 checksum: 523760 a62db58be23b5a3b2d568344f1d7503d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mipsel.deb
Size/MD5 checksum: 526202 431f1302ef1539336b57887e58317aa5
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_powerpc.deb
Size/MD5 checksum: 532980 435c9a597ba6a84b2f7fb655fbd06d2b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_s390.deb
Size/MD5 checksum: 527910 4b95f23c5e1cd5120d5bfaf0fc4e420f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_sparc.deb
Size/MD5 checksum: 479812 cabbfb068f710ecba8715a89815fe252
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpOw2wACgkQ62zWxYk/rQe2VACeKGzfpUAXZEfTvVPOmQqRW9Z5
/5oAnA+PZjuAarXURzc923k2zul0vzag
=R3e5
-----END PGP SIGNATURE-----
"
This entry was posted
on 12:37 PM
.
Archives
-
▼
2009
(488)
-
▼
July
(26)
- DSA 1845-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1185-01 Critical: seamonkey security update
- DSA 1839-1: New gst-plugins-good0.10 packages fix ...
- RHSA-2009:1162-01 Critical: firefox security update
- GLSA 200907-16 Python: Integer overflows
- DSA 1837-1: New dbus packages fix denial of service
- DSA 1836-1: New fckeditor packages fix arbitrary c...
- GLSA 200907-14 Rasterbar libtorrent: Directory tr...
- RHSA-2009:1157-01 Important: kernel-rt security an...
- RHSA-2009:1156-01 Important: httpd security update
- RHSA-2009:1136-01 Critical: dhcp security update
- DSA 1835-1: New tiff packages fix several vulnerab...
- GLSA 200907-10 Syslog-ng: Chroot escape
- GLSA 200907-12 ISC DHCP: dhcpclient Remote execut...
- USN-799-1: D-Bus vulnerability
- DSA 1753-2: End-of-life announcement for icedove i...
- GLSA 200907-04 Apache: Multiple vulnerabilities
- DSA 1753-2: End-of-life announcement for icedove i...
- DSA 1828-1: New ocsinventory-agent packages fix ar...
- RHSA-2009:1140-02 Moderate: ruby security update
- RHSA-2009:1138-01 Important: openswan security update
- USN-797-1: tiff vulnerability
- GLSA 200907-03 APR Utility Library: Multiple vuln...
- RHSA-2009:1139-01 Moderate: pidgin security and bu...
- DSA 1826-1: New eggdrop packages fix several vulne...
- USN-795-1: Nagios vulnerability
-
▼
July
(26)