-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
Debian -- Security Information                          Wichert Akkerman
July  2, 2000
- ------------------------------------------------------------------------


Package        : canna
Problem type   : remote exploit
Debian-specific: no

The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by overflowing
a buffer by sending a SR_INIT command with a very long usernamd or
groupname.

This has been fixed in version 3.5b2-24slink1, and recommend that you
upgrade your canna package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  The packages for the Sun sparc architecture are not available at
  this moment; they will be announced on Debian -- Security Information 
  when they are.

  Source archives:
     
      MD5 checksum: 7220bdad24aa3be2fdfc4f1bfd978235
     
      MD5 checksum: b62f0558dc852ed61930157236622e3d
     
      MD5 checksum: 5e1d8527d397c3914ce6104dac3db466

  Alpha architecture:
     
      MD5 checksum: b9318bb7dcb1936c3d16c54f8c799564
     
      MD5 checksum: 1bcbbd1c4ad3146d66b2ca10b4914ccf
     
      MD5 checksum: 05df65c96e2adfc6d1cde593ef76ca33
     
      MD5 checksum: b1e30d11faaccbf0014c42e56949c87c

  Intel ia32 architecture:
     
      MD5 checksum: 45705fd8a8d230d3dd0094707eb2fac3
     
      MD5 checksum: c15a54507be2fc745d55718efbae4f74

  Motorola 680x0 architecture:
     
      MD5 checksum: aa0ef7ffe8ca29a99ba882513dd29888
     
      MD5 checksum: 4069ed58591b44a5c670fd0a91e77ae1
     
      MD5 checksum: 005a4f8f6dbdafc1f1ccdc8443ddc8ad
     
      MD5 checksum: 5aff2c0b7b089900faff113ce8a0abab


  These files will be moved into
    soon.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Please note that potato has not been released yet. However since it is in
  the final stages of the release process security updates are already being
  distributed.

  The updated packages for potato have already been installed in the
  archive. 

For not yet released architectures please refer to the appropriate
directory   .

- -- 
- ----------------------------------------------------------------------------
For apt-get: deb Debian -- Security Information  stable updates
For dpkg-ftp:   dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOV9E7qjZR/ntlUftAQFv5QL9H3s/REAWPFBBj8XsAIQNUOWoqD3LhSXt
csdcD5gKmeV8QKsZsvmS819cq3IW7nF+ORJjgpNzKKkd0fRE1/9io1POqu5CjbAP
h82uUG1LRWMD9z/YY80wDtbzNuXQYygh
=ZphM
-----END PGP SIGNATURE-----

Debian: canna remote exploit

July 2, 2000
Buffer overflow has been fixed for Debian GNU/Linux 2.1

Summary


Package : canna
Problem type : remote exploit
Debian-specific: no

The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by overflowing
a buffer by sending a SR_INIT command with a very long usernamd or
groupname.

This has been fixed in version 3.5b2-24slink1, and recommend that you
upgrade your canna package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.

The packages for the Sun sparc architecture are not available at
this moment; they will be announced on Debian -- Security Information
when they are.

Source archives:

MD5 checksum: 7220bdad24aa3be2fdfc4f1bfd978235

MD5 checksum: b62f0558dc852ed61930157236622e3d

MD5 checksum: 5e1d8527d397c3914ce6104dac3db466

Alpha architecture:

MD5 checksum: b9318bb7dcb1936c3d16c54f8c799564

MD5 checksum: 1bcbbd1c4ad3146d66b2ca10b4914ccf

MD5 checksum: 05df65c96e2adfc6d1cde593ef76ca33

MD5 checksum: b1e30d11faaccbf0014c42e56949c87c

Intel ia32 architecture:

MD5 checksum: 45705fd8a8d230d3dd0094707eb2fac3

MD5 checksum: c15a54507be2fc745d55718efbae4f74

Motorola 680x0 architecture:

MD5 checksum: aa0ef7ffe8ca29a99ba882513dd29888

MD5 checksum: 4069ed58591b44a5c670fd0a91e77ae1

MD5 checksum: 005a4f8f6dbdafc1f1ccdc8443ddc8ad

MD5 checksum: 5aff2c0b7b089900faff113ce8a0abab


These files will be moved into
soon.

Debian GNU/Linux 2.2 alias potato

Please note that potato has not been released yet. However since it is in
the final stages of the release process security updates are already being
distributed.

The updated packages for potato have already been installed in the
archive.

For not yet released architectures please refer to the appropriate
directory .

- --
For apt-get: deb Debian -- Security Information stable updates
For dpkg-ftp: dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOV9E7qjZR/ntlUftAQFv5QL9H3s/REAWPFBBj8XsAIQNUOWoqD3LhSXt
csdcD5gKmeV8QKsZsvmS819cq3IW7nF+ORJjgpNzKKkd0fRE1/9io1POqu5CjbAP
h82uUG1LRWMD9z/YY80wDtbzNuXQYygh
=ZphM
-----END PGP SIGNATURE-----


Severity
Debian Security Advisory security@debian.org
//www.debian.org/security/">Debian -- Security Information Wichert Akkerman
July 2, 2000

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up