LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
Is Mandatory Access Control Too Much Security For Enterprise's Linux?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: August 29th, 2008
Linux Security Week: August 25th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New newsx packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. 
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1622-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 31, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : newsx
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-3252
Debian Bug     : 492742

It was discovered that newsx, an NNTP news exchange utility, was affected
by a buffer overflow allowing remote attackers to execute arbitrary code
via a news article containing a large number of lines starting with a period.

For the stable distribution (etch), this problem has been fixed in version
1.6-2etch1.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 1.6-3.

We recommend that you upgrade your newsx package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.dsc
    Size/MD5 checksum:      601 a96fab9796a6947419d0fa8b116117d1
  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6.orig.tar.gz
    Size/MD5 checksum:   302553 45d7b7655c7e30c22321f41d701bb6f4
  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.diff.gz
    Size/MD5 checksum:   105510 6d0b8e91489284a99d7e3d1d1a18438a

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_alpha.deb
    Size/MD5 checksum:   179232 a1e5978150fdc4e85ae5429df50dce14

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_amd64.deb
    Size/MD5 checksum:   159000 36120414520dabbe24a603535483d627

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_arm.deb
    Size/MD5 checksum:   148522 f86262e52e3cfe57f9149cd7d03b9792

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_hppa.deb
    Size/MD5 checksum:   166048 3664074d8015308faacfdc24813cbe2e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_i386.deb
    Size/MD5 checksum:   149314 0d0223be6ec9375b11a29271e14f0ba0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_ia64.deb
    Size/MD5 checksum:   229656 d9525b17ed531e7f94bf795016559ab0

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mips.deb
    Size/MD5 checksum:   169628 9902b13a40be1f8839ea6553bebda796

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mipsel.deb
    Size/MD5 checksum:   169130 082f47df05acf04de8a1590acad38124

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_powerpc.deb
    Size/MD5 checksum:   158742 f172b7b889f111cc2090082878f80816

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_s390.deb
    Size/MD5 checksum:   161132 8e5ca0412a29bd03dfbdf1dd8e88df30

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_sparc.deb
    Size/MD5 checksum:   147978 511f9a433c89f3fe114ebe04158d65ab


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner:

 
Latest Features
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
Yesterday's Edition
SSH Key-Based Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.