LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New motor packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1083-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 31st, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : motor
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3863
Debian Bug     : 368400

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the
ktools library which is used in motor, an integrated development
environment for C, C++ and Java, which may lead local attackers to
execute arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 3.2.2-2woody1.

For the stable distribution (sarge) this problem has been fixed in
version 3.4.0-2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 3.4.0-6.

We recommend that you upgrade your motor package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.dsc
      Size/MD5 checksum:      636 932fa3ce87130b09e516ca4419cdd0da
    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz
      Size/MD5 checksum:     3462 babba5e4b1c2e695836582ce15954812
    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2.orig.tar.gz
      Size/MD5 checksum:   454423 2ba1c22fb3c76209be185b4cbb7a2bfb

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_alpha.deb
      Size/MD5 checksum:   738572 19d012b605af9df5be7920c2d1c14c2b

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_arm.deb
      Size/MD5 checksum:   653042 d3d0f37780f1fdf1e9a01b0cd804829e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_i386.deb
      Size/MD5 checksum:   549282 522c5ac389fad6cc3fb6b350022b3446

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_ia64.deb
      Size/MD5 checksum:   795334 5a7504789d50cdf37581d068df336955

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_hppa.deb
      Size/MD5 checksum:   662582 7d53430905f547c2634186a462ce415a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_m68k.deb
      Size/MD5 checksum:   517012 5c91f1cd222e656baf4310d42144feb9

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mips.deb
      Size/MD5 checksum:   529124 d9a7e82738c9ed4eab95de37e7359316

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mipsel.deb
      Size/MD5 checksum:   521888 8de2e1c0ccbf511f67b337344e9348c8

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_powerpc.deb
      Size/MD5 checksum:   543442 61e434e789e18e8b239fa982812e8ad1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_s390.deb
      Size/MD5 checksum:   465874 d08b495f50fb4edfdfd8ea84c3c35ee9

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_sparc.deb
      Size/MD5 checksum:   527592 aaf50e919624329bc2c7f53fdb37bb30


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.dsc
      Size/MD5 checksum:      815 5d26d9fb0c432aa7ea49a22558ee41b4
    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.diff.gz
      Size/MD5 checksum:    20178 3edb3f737d0d6c9d29ff6bfc8bebf8ae
    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0.orig.tar.gz
      Size/MD5 checksum:   572571 c9ff6aade7105a90df11ccfd51592bec

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/motor/motor-common_3.4.0-2sarge1_all.deb
      Size/MD5 checksum:   180060 e10533391309045ebc5c8c6240a66390

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_alpha.deb
      Size/MD5 checksum:   400350 1e1cb43ff88df11ab331db1ec2064da6
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_alpha.deb
      Size/MD5 checksum:   400456 f2083703d009a1c55b3de99a3a67a0cd

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_amd64.deb
      Size/MD5 checksum:   324104 79cf88f5d9132b2ec4d028e49781c12b
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_amd64.deb
      Size/MD5 checksum:   324110 ee02473a890ff964499e6f3a571be44b

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_arm.deb
      Size/MD5 checksum:   515546 c0077e0bf48ce9d4ace9f0b955a37bf1
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_arm.deb
      Size/MD5 checksum:   515532 f85e4041f81fd88f7c8406b59be1f7f1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_i386.deb
      Size/MD5 checksum:   329436 bba002e6bd072e2cc8bd216402a46d86
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_i386.deb
      Size/MD5 checksum:   329462 e32f51cbfb70a26c91758d3e9efaf11d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_ia64.deb
      Size/MD5 checksum:   467542 e1f4f43dc7d2bc708467c28c929d51ac
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_ia64.deb
      Size/MD5 checksum:   467576 c8aa0f65f1663d3b9cda661af9ab8003

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_hppa.deb
      Size/MD5 checksum:   428216 3cbafe2c74ed5f812148cddaf6afb93c
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_hppa.deb
      Size/MD5 checksum:   428292 ced41374caa59da300affe46746bba81

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_m68k.deb
      Size/MD5 checksum:   341358 47547f8004245481b2cb0c77d7ac5dc0
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_m68k.deb
      Size/MD5 checksum:   341424 2b0b093297255a2617a9e67001a42320

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mips.deb
      Size/MD5 checksum:   371424 2394101cfd5b979bf76f24dd0c33ff3a
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mips.deb
      Size/MD5 checksum:   371468 eacd6bde371442bd12a91849a2163158

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mipsel.deb
      Size/MD5 checksum:   369150 53856f0d1135e9a71e638691976fe76a
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mipsel.deb
      Size/MD5 checksum:   369194 824398e12fae38644112d7b07f54f97a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_powerpc.deb
      Size/MD5 checksum:   344178 dad299ed53a42adad6f8df1902342fe3
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_powerpc.deb
      Size/MD5 checksum:   344240 64883e84f2407aa464dfb68558cd2fb4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_s390.deb
      Size/MD5 checksum:   298896 51043d25447ba66eeb15c45f8fe8ceb0
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_s390.deb
      Size/MD5 checksum:   298904 8b1c71ba4a96d828bd7c04763f31f3a0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_sparc.deb
      Size/MD5 checksum:   324868 f38dcee356c6d8c5b7c453ca549ff1a7
    http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_sparc.deb
      Size/MD5 checksum:   324890 666ad1b0f33565dfbc60e9bd6ae95745


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.