LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New xview packages fix potential arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated Package
- --------------------------------------------------------------------------
Debian Security Advisory DSA 672-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 9th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xview
Vulnerability  : buffer overflows
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0076

Erik Sjölund discovered that programs linked against xview are
vulnerable to a number of buffer overflows in the XView library.  When
the overflow is triggered in a program which is installed setuid root
a malicious user could perhaps execute arbitrary code as privileged
user.

For the stable distribution (woody) these problems have been fixed in
version 3.2p1.4-16woody2.

For the unstable distribution (sid) these problems have been fixed in
version 3.2p1.4-19.

We recommend that you upgrade your xview packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.dsc
      Size/MD5 checksum:      682 73f2ebae0581f04e9edf62333da56353
    http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.diff.gz
      Size/MD5 checksum:    65663 526f16dcd2164713e792e19b9c9a42c2
    http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4.orig.tar.gz
      Size/MD5 checksum:  3227552 b9ff26d6ad378af320bac45154ceaeba

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:   242538 b02d3c329cd137288360c8dfa1d279ef
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:   166874 01c86265b4b1bb03924dc39f03d16e26
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:    82184 c90e02f6824b1966cab7c843f866f366
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:   282748 0f0d74d37511ef359a9cfa073d1c7a2e
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:   830458 396d5dcd0896c25bd5ef3db05356c29c
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_alpha.deb
      Size/MD5 checksum:  1336468 15932deabc7a32861bca5dec52749ccc

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:   213546 31b52257f06f8c5c9b75cc7d0d45cd25
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:   146328 d3e5511c12ef36547e86b1798f000ef1
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:    72314 b77af29123fa25750f470bcd3b9fa555
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:   233808 f7feda439c8e0367a5b0270895924351
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:   740040 28a2d8eb135764c7fe0026a65df32d9c
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_arm.deb
      Size/MD5 checksum:  1119956 2e0e9dfc6641d46d6daac559bb32b233

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:   183850 acf639933b6eb260f027a546c57d4136
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:   127802 c6cc52741c73598aa3fc5e4158ecec0c
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:    64396 d7770705890e14eee88d28768a483e5f
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:   223156 5f3a95acb70658bfc66df2896e1223d9
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:   646392 6055e545d592579dd5c012608a464752
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_i386.deb
      Size/MD5 checksum:   934796 2f3c3c124dc19d5d14aa1dbf54c64784

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:   317404 576da684ffdf28de0b0715fdb4dcdcd3
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:   220186 316ad06d0819a284884bcb06a4114ff9
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:    95106 2b2e5ec4a072aac2d958e91c8c41c8f9
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:   287570 7b7967de5eedab4b9e34a66fe887a63d
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:  1079586 7200cb22efc8b346e4eaa83ec1897f74
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_ia64.deb
      Size/MD5 checksum:  1482648 55b93aca51484c25e38c6a75f716cade

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:   230118 5282c987f39795033ef181fc52fb0361
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:   159716 57a57cc876a7d51f9e15e0dab24fc373
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:    77650 41d67effdaac9bbfae93b35c2d1a99e8
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:   257698 e49c1614bb05f896d4c0d2ea64567710
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:   830414 f0544907dd17dce7fbf5e0b2c48f044c
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_hppa.deb
      Size/MD5 checksum:  1221342 e8f00721366a9bb20f2c65cc9ff51849

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:   174654 e9d4846e4431980b742f8fef19274d95
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:   121528 27740085ec299dc2f152824242880226
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:    62152 cd34146cd2266f438ffd8dde794244b2
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:   221572 d60602e378f194426fe223311429a76e
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:   609756 21606f2051ff57c2feadacd072129b16
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_m68k.deb
      Size/MD5 checksum:   891654 833ce26f040f64bc4cc3b684416b5c25

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:   233608 d1e233b9724bdc330fc65be9b053292c
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:   162770 e792cab975f9a1fc4f1cb1b20548732d
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:    73522 7b28384a8a7b0786752af6aed4bde04d
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:   242610 a3b5ab6c3fa2586fcd6cc756ed276e6f
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:   718426 feeba8a97bf24eead7e186f7954adec1
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mips.deb
      Size/MD5 checksum:  1152450 3b52fdfd2abcba003a40f62161e97249

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:   232930 4c7ba7912711277c3bd43e906f182b86
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:   162148 5a74c1afae73c463ad735d7b6d95e36c
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:    73550 f7bfee56646b67b45234b9ff45e686c0
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:   240548 db21fa02e89c56f2de7650c7c436c72c
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:   713016 546f6ffb970b55020066d425b57b10b1
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mipsel.deb
      Size/MD5 checksum:  1148214 597d06b001a2840e3b833b0fbdceee8c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:   203952 e12cef8460e96bb8442e802a7dadfd2f
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:   141172 a5b5baaf8985cb50f8af76a1f66bdb80
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:    71612 373ec845cde8c0507a7bb0534550ad0b
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:   235564 09c30509e8d8197fe408ec7548a8cd72
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:   708600 b4637a98855afa87cd1f0f0852350409
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_powerpc.deb
      Size/MD5 checksum:  1078698 8502065905a3e47870287397de3ec478

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:   196944 52b2322fc1b8449d0621460cc9f148c8
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:   138124 1dee9a95eff97d2efc1a57035da9d519
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:    69010 fba4d2583f26b3824935630f1da4211d
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:   238726 3d07b2a9aec170e5785dc625501a9247
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:   718966 be18b0d190dbea53a46ac986d8c9ebed
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_s390.deb
      Size/MD5 checksum:   996136 df7958201a7d422f838c699b58ce3457

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:   196302 13ac28d455799ff897e7c18d6d7e9162
    http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:   139756 d3428077114ef61a236991156daddf13
    http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:    82644 60d3b85b20b5331408f361265e5cfba6
    http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:   375160 1aa0dafb2e393a13b9de921c05641448
    http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:   695008 57e61ce2f7d51ca1adbbe80fe5de78f6
    http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_sparc.deb
      Size/MD5 checksum:  1031568 e9793f290c3b3aae31168fe0d5ccfa32


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.