Debian: New centericq packages fix arbitrary code execution
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 1088-1 security@debian.org http://www.debian.org/security/ Martin Schulze June 3rd, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : centericq Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2005-3863 BugTraq ID : 15600 Debian Bug : 340959 Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 4.5.1-1.1woody2. For the stable distribution (sarge) this problem has been fixed in version 4.20.0-1sarge4. For the unstable distribution (sid) this problem has been fixed in version 4.21.0-6. We recommend that you upgrade your centericq package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 603 792e9548d8f6d540c26fa0fdbdd1df57 Size/MD5 checksum: 3827 dc51504b36a05b003de1d22c2c879223 Size/MD5 checksum: 680625 e50121ea43a54140939b7bec8efdefe0 Alpha architecture: Size/MD5 checksum: 868742 1e533bd67111dbaca069ec6a7e9122ec ARM architecture: Size/MD5 checksum: 809068 400376da91c99a970032220e39de0c73 Intel IA-32 architecture: Size/MD5 checksum: 648950 4b30966a06e54085bbb8db33f03beeca Intel IA-64 architecture: Size/MD5 checksum: 930922 f8aaa7129fb4ffc5de2468662166db5f HP Precision architecture: Size/MD5 checksum: 821294 79ffab208975e12fb264cbb4ef36c6b3 Motorola 680x0 architecture: Size/MD5 checksum: 612174 969fff39d5249b24d5c711cc312a92d4 Big endian MIPS architecture: Size/MD5 checksum: 649086 11f73ccf6f59687b0e9f4eb2d939fc93 Little endian MIPS architecture: Size/MD5 checksum: 634462 2a54c83a7a9f5a47495e7d608d2705bd PowerPC architecture: Size/MD5 checksum: 633210 21767275a156aa5309d2febe03e395db IBM S/390 architecture: Size/MD5 checksum: 534764 483dda7f47f832ef50ae50a721164e62 Sun Sparc architecture: Size/MD5 checksum: 617338 1eeee2554ee66d37458909aea51e0b18 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 851 347a8183b403014c403f1757f353e436 Size/MD5 checksum: 106308 ee5a0e2b155ab6ee35c7be04941cb574 Size/MD5 checksum: 1796894 874165f4fbd40e3be677bdd1696cee9d Alpha architecture: Size/MD5 checksum: 1650570 6addf20af3c5fce5003cfcd998c88dad Size/MD5 checksum: 336024 cabf30b626c0b1ffc7adc474e650b0da Size/MD5 checksum: 1651594 c9b361454f6ed7546d6b7fcfb417c420 Size/MD5 checksum: 1650632 414f32a3fee64fcfe7b98365d64486f1 AMD64 architecture: Size/MD5 checksum: 1355518 6bc3845c82740d0b089337dd3068078e Size/MD5 checksum: 336006 6eee21ecd6ee4600813192d98ca172e7 Size/MD5 checksum: 1355798 226ae854f90219c9cc8c662b9be2e903 Size/MD5 checksum: 1355566 27d8db8b20503f0527e558846b20ebbb ARM architecture: Size/MD5 checksum: 2185394 bf00243e825f49f26585f547cec1f404 Size/MD5 checksum: 336028 ce7a340b924cb1ab7a571fdc0c301945 Size/MD5 checksum: 2186140 adf229a4553875379348b1688f910678 Size/MD5 checksum: 2185460 7375a4503258d1fcb9d4f03d34b54cf4 Intel IA-32 architecture: Size/MD5 checksum: 1348826 1f8a99153aa93509805a95eedfb1e493 Size/MD5 checksum: 335880 51caf40c0a4cb709ed257453e46fcc74 Size/MD5 checksum: 1349608 2b46f86353b8b1323e6776c23c434750 Size/MD5 checksum: 1348924 608dd61bfbb98d99867eefabcccbbbae Intel IA-64 architecture: Size/MD5 checksum: 1881388 88f88e10e529a68cfb6ebd2d9ce76fb2 Size/MD5 checksum: 335984 577780bd2cf3fffd54f985dfe71c9b28 Size/MD5 checksum: 1882292 9d43ae3452ed00c896882a40f4e2b21f Size/MD5 checksum: 1881456 a5350a5fe409bfc0545ce0d3b6201e99 HP Precision architecture: Size/MD5 checksum: 1812604 ba840154c90fa7fd5c5d27f629a4e7d0 Size/MD5 checksum: 336684 49cbe7f7dacb8774e60cde1c436647eb Size/MD5 checksum: 1813616 3a3358848c14c28e63a317a87111bcf5 Size/MD5 checksum: 1812646 d4d53c94a0670042863ba66bf822c8af Motorola 680x0 architecture: Size/MD5 checksum: 1399506 050350f784fa16edc990a0af9094d360 Size/MD5 checksum: 336772 ff95d538d955d3f3a29c2b1b76b1629b Size/MD5 checksum: 1400204 6787c44b90c3e24a2e550661f2070024 Size/MD5 checksum: 1399546 960a182de7c92c96153f95f7858288b6 Big endian MIPS architecture: Size/MD5 checksum: 1493242 45baa39468c703cebbb3e7135992fe08 Size/MD5 checksum: 336704 aa4c66a0022918403b8b5725f888f1f9 Size/MD5 checksum: 1493744 7758a3e4853e9735bddceecdde402a37 Size/MD5 checksum: 1493310 3b92ec1941f96ba976c7c98824231566 Little endian MIPS architecture: Size/MD5 checksum: 1483388 bf669f331a7becc56851b41c70f0dbcf Size/MD5 checksum: 336048 7a7ecf280bc1d03e79af0cfa794ddb9a Size/MD5 checksum: 1483970 c3cd579d088ad124053bd73a2633a470 Size/MD5 checksum: 1483438 7d1493bfa167fd7f7644232e215fad7f PowerPC architecture: Size/MD5 checksum: 1386192 92d2bce7027d47f82e68f50a2a54892f Size/MD5 checksum: 336702 8cab14ba1f096f2e2588120b5cf06e97 Size/MD5 checksum: 1386680 58e198a5b828b1abb309630ecf966bf7 Size/MD5 checksum: 1386242 8e54c9ce0432cebc1c9f95001d6edb15 IBM S/390 architecture: Size/MD5 checksum: 1194054 20c8220d71c45fc511d363fd434e88eb Size/MD5 checksum: 336668 078e0cf4a6ba1e74668f7f8cf04adb0d Size/MD5 checksum: 1194422 49ac26d59e6c572f38dfdd061945fa36 Size/MD5 checksum: 1194088 5eb550e0f1d026c258ad84f7ef7f680e Sun Sparc architecture: Size/MD5 checksum: 1326004 a7db40a610eb3b6dcfe96a5909cc8313 Size/MD5 checksum: 336682 f28c264b6cedbf41aaf46e32f7bb7c12 Size/MD5 checksum: 1327028 044779001762380ee8a32bcc1193ea12 Size/MD5 checksum: 1326022 3084bf7ba7146a24608d84796a9c50eb These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org