"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1980-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 27, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ircd-hybrid/ircd-ratbox
Vulnerability : integer underflow/denial of service
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2009-4016 CVE-2010-0300
David Leadbeater discovered an integer underflow that could be triggered
via the LINKS command and can lead to a denial of service or the
execution of arbitrary code (CVE-2009-4016). This issue affects both,
ircd-hybrid and ircd-ratbox.
It was discovered that the ratbox IRC server is prone to a denial of
service attack via the HELP command. The ircd-hybrid package is not
vulnerable to this issue (CVE-2010-0300).
For the stable distribution (lenny), this problem has been fixed in
version 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in
version 2.2.8.dfsg-2+lenny1 of ircd-ratbox.
Due to a bug in the archive software it was not possible to release the
fix for the oldstable distribution (etch) simultaneously. The packages
will be released as version 7.2.2.dfsg.2-3+etch1 once they become
available.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.dsc
Size/MD5 checksum: 1139 a48d912892925013b37fb773841d6710
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2.orig.tar.gz
Size/MD5 checksum: 756749 75896381ea6330aea860b35fff3c34bb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
Size/MD5 checksum: 115007 a8d23129d0675ff779e5e315f8632a6b
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
Size/MD5 checksum: 18289 04a221b2b8dfd0654778a6608c7cb66b
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.dsc
Size/MD5 checksum: 1230 f79125aafcc5d9fcbd09bedadd69fce7
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg.orig.tar.gz
Size/MD5 checksum: 673439 0eb7d1430a997a37af03f8b2f9eed4bb
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
Size/MD5 checksum: 65708 85dba185f2fdd9e7b3c423ae8722cc2f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb
Size/MD5 checksum: 568252 35a559f24895dab0fbe71f6af3a8c0b1
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb
Size/MD5 checksum: 929788 583d32d5afc9747d824499183d4a5761
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb
Size/MD5 checksum: 660008 1a2bca514133dbc27f91bca69ed2122e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb
Size/MD5 checksum: 937710 2867b5535578c017699418acab7565b7
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb
Size/MD5 checksum: 542006 52ca320cdd28849bd65065c921f03623
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb
Size/MD5 checksum: 634416 d320f0d1b77cb08cb0caa9c9644d13aa
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb
Size/MD5 checksum: 589350 451a5bcf2b4b8f40e39128be3fdc479d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb
Size/MD5 checksum: 894654 4daf0784d8865e75c378630d7cf2d870
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb
Size/MD5 checksum: 595420 bf40953d00dbccd069b1596b6c84eadc
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb
Size/MD5 checksum: 504238 785107a5a9fa3dcd88f2a12916d47092
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb
Size/MD5 checksum: 908902 8e1ebf2baf27a71f008eba792cdd87d7
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb
Size/MD5 checksum: 647938 c67f473e9b4ae77a5578359c76ff5e75
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb
Size/MD5 checksum: 554656 00af4d733f43a8404b2e62718a4bd341
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb
Size/MD5 checksum: 591346 7a9ccd0273005c654f5e78d6ba9d29d6
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb
Size/MD5 checksum: 891002 796bbd22c352ec873c9705e560492dbe
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb
Size/MD5 checksum: 499796 24e0d7b1284b3d7c3688366e9a8c493e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb
Size/MD5 checksum: 783482 28568b727f452ef622cb8939618dde23
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb
Size/MD5 checksum: 685370 17507ab3172ad5e1fd88ea05c70f68c4
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb
Size/MD5 checksum: 906848 4561656a5c033c9b647f146a13e79322
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb
Size/MD5 checksum: 506502 854cd9c98a5eaf38e3f815fd79d20c9a
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb
Size/MD5 checksum: 918546 5307013e962c38b405db7507e251a31d
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb
Size/MD5 checksum: 601610 9fc6640bb08a3af295589b72f6667087
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb
Size/MD5 checksum: 912794 6024ad0383d9696c727203a0af740630
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb
Size/MD5 checksum: 504864 ac200b212ed5ed69095b90bba53558f3
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb
Size/MD5 checksum: 599656 f32d222728582a36d1a75494d87340af
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb
Size/MD5 checksum: 732146 445dc7f28c92455ed3293b9b6b795020
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb
Size/MD5 checksum: 1001328 bca90faf524223bb06bb47774ee7d147
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb
Size/MD5 checksum: 639750 282ee75ee6b2e2fefcda221fb930bc6b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb
Size/MD5 checksum: 905196 cc484c7b4f807227ff75af729504ca0c
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb
Size/MD5 checksum: 537006 3c24b451ae8fdd846d982982fa652535
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb
Size/MD5 checksum: 616620 d9bba18dc19104a06d57403bf93e64a6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb
Size/MD5 checksum: 843350 99cd0379e8623f3265bbba3eb8578e86
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb
Size/MD5 checksum: 586408 87cbcdd0fadac9c2d17c71cb5df907f7
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb
Size/MD5 checksum: 498376 a117209c1ed8b9104bee8a154d390fd0
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktgoccACgkQ62zWxYk/rQdv9gCfUjTdEehRZSMgLqcSEUdOyy2d
XvMAniS7ut9hqsHpASG+55i86DfEQ6wH
=Ph5o
-----END PGP SIGNATURE-----
"
DSA-1972-2: New audiofile packages fix buffer overflowVictoria fumes as David Beckham has his balls grabbed
This entry was posted
on 2:31 PM
.
Archives
-
▼
2010
(391)
-
▼
January
(47)
- USN-892-1: FUSE vulnerability
- DSA 1985-1: New sendmail packages fix SSL certific...
- DSA 1978-1: New phpgroupware packages fix several ...
- USN-890-4: PyXML vulnerabilities
- USN-890-3: Python 2.4 vulnerabilities
- DSA 1980-1: New ircd-hybrid/ircd-ratbox packages f...
- USN-890-1: Expat vulnerabilities
- RHSA-2010:0062-02 Moderate: bind security update
- RHSA-2010:0053-01 Important: kernel security and b...
- RHSA-2010:0061-02 Moderate: gzip security update
- DSA-1976-1: New dokuwiki packages fix several vuln...
- DSA-1975-1: Security Support for Debian 4.0 to be ...
- DSA 1974-1: New gzip packages fix arbitrary code e...
- DSA-1972-2: New audiofile packages fix buffer over...
- RHSA-2010:0054-01 Moderate: openssl security update
- RHSA-2010:0041-01 Important: kernel-rt security an...
- DSA-1972-1: New audiofile packages fix buffer over...
- USN-885-1: LibThai vulnerability
- GLSA 201001-06 aria2: Multiple vulnerabilities
- RHSA-2010:0046-01 Important: kernel security and b...
- USN-884-1: OpenSSL vulnerability
- USN-883-1: network-manager-applet vulnerabilities
- USN-886-1: Pidgin vulnerabilities
- DSA-1971-1: New libthai packages fix arbitrary cod...
- GLSA 201001-09 Ruby: Terminal Control Character I...
- RHSA-2010:0044-01 Important: pidgin security update
- RHSA-2010:0029-01 Critical: krb5 security update
- USN-885-1: Transmission vulnerabilities
- GLSA 201001-08 SquirrelMail: Multiple vulnerabili...
- RHSA-2010:0020-01 Important: kernel security update
- RHSA-2010:0038-01 Critical: acroread security update
- DSA-1969-1: New krb5 packages fix denial of service
- USN-878-1: Firefox 3.5 and Xulrunner 1.9.1 regression
- DSA 1968-1: New pdns-recursor packages fix potenti...
- RHSA-2010:0019-01 Important: kernel security update
- RHSA-2010:0018-01 Moderate: dbus security update
- USN-880-1: GIMP vulnerabilities
- USN-877-1: Firefox 3.0 and Xulrunner 1.9 regression
- DSA 1966-1: New horde3 packages fix cross-site scr...
- DSA-1965-1: New phpldapadmin packages fix remote f...
- GLSA 201001-03 PHP: Multiple vulnerabilities
- USN-879-1: Kerberos vulnerability
- RHSA-2010:0003-01 Moderate: gd security update
- RHSA-2010:0002-01 Moderate: PyXML security update
- GLSA 201001-01 NTP: Denial of Service
- GLSA 201001-02 Adobe Flash Player: Multiple vulne...
- DSA-1953-2: New expat packages fix regression
-
▼
January
(47)