LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New zoo packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 991-1                     security@debian.org
http://www.debian.org/security/                                 Steve Kemp
March 10th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : zoo
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-0855
BugTraq ID     : 16790

Jean-S´┐Żbastien Guay-Leroux discovered a buffer overflow in zoo, a
utility to manipulate zoo archives, that could lead to the execution
of arbitrary code when unpacking a specially crafted zoo archive.

For the old stable distribution (woody) this problem has been fixed in
version 2.10-9woody0.

For the stable distribution (sarge) this problem has been fixed in
version 2.10-11sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 2.10-17.

We recommend that you upgrade your zoo package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.dsc
      Size/MD5 checksum:      548 ef03c4ed23cd19e2b791305544ad7282
    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.diff.gz
      Size/MD5 checksum:     7728 07d2db9edea11af77aad4e8d5c9b8874
    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10.orig.tar.gz
      Size/MD5 checksum:   172629 dca5f2cf71379a51ea1e66b25f1e0294

  Alpha architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_alpha.deb
      Size/MD5 checksum:    93250 aba6e78276c8e01a0925ab6f510ba338

  ARM architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_arm.deb
      Size/MD5 checksum:    75576 2580898865c3e4e33a24c858516e1126

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_i386.deb
      Size/MD5 checksum:    71756 132e994d1aa2e6b9afdbdc9080096c79

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_ia64.deb
      Size/MD5 checksum:   101932 a38a4310f844c787336e25e60d68013f

  HP Precision architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_hppa.deb
      Size/MD5 checksum:    82142 7e58124a7a5fe4f3484061760b7ae31d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_m68k.deb
      Size/MD5 checksum:    69256 28c63fd4df6cef9f61107486833b2391

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mips.deb
      Size/MD5 checksum:    81414 85b3b61aac7b519436b0807c74b6a454

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mipsel.deb
      Size/MD5 checksum:    81482 fe95e1e25a38927bf8f0d00b96175002

  PowerPC architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_powerpc.deb
      Size/MD5 checksum:    77366 9b266ee5e580e116c8c8aac9c431c7d2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_s390.deb
      Size/MD5 checksum:    75504 0e6e36ba663fe90246be243887588b5f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_sparc.deb
      Size/MD5 checksum:    78076 723450123fbfce159e283fc050f1d648


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.dsc
      Size/MD5 checksum:      559 18ceb7390f4c0b6585363fa766919740
    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.diff.gz
      Size/MD5 checksum:     8094 26b6614990ef9bb1148d3d21bdc6b8e9
    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10.orig.tar.gz
      Size/MD5 checksum:   172629 dca5f2cf71379a51ea1e66b25f1e0294

  Alpha architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_alpha.deb
      Size/MD5 checksum:    77732 3a423d0fe79fba46773d9b0dc9297bc2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_amd64.deb
      Size/MD5 checksum:    64852 b6a03b631dac2c925c5a12d97ba4edf3

  ARM architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_arm.deb
      Size/MD5 checksum:    62264 151f74479f713a9cfda24a992d1633ad

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_i386.deb
      Size/MD5 checksum:    59796 1f15aac30cb8c74c5607c7a90b871dd7

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_ia64.deb
      Size/MD5 checksum:    85178 e9d753a1327b5f357438b8a0dd6728fa

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_hppa.deb
      Size/MD5 checksum:    68114 80b4ef98bef5ebb1e639878afe3b07e0

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_m68k.deb
      Size/MD5 checksum:    55814 e6ed85459200692340233756ae688339

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mips.deb
      Size/MD5 checksum:    70240 b9ccb5f4b939bf9b8e27efbab3de82d6

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mipsel.deb
      Size/MD5 checksum:    70394 4b515292106e987ea13b2dd447337814

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_powerpc.deb
      Size/MD5 checksum:    63886 0fa7b5bd7468b49a6e83887fb027a0a8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_s390.deb
      Size/MD5 checksum:    64796 638e23c7e27ee59cb608a3ef1d8eafd4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_sparc.deb
      Size/MD5 checksum:    60682 e1b1bd3d785f8b154533a48e7931d729


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.