New versions of epic4 fixes possible DoS vulnerability
Posted by LinuxSecurity.com Team   
Debian We have received a report from the author of epic4 covering a denial of service vulnerability. All versions of epic4 between version pre1.034 (including) and version pre2.004-19990718 (excluding) are vulnerable. They contain code which makes epic4 walk off of a string, causing the client to crash and possibly display arbitrary characters on the terminal.
---------------------------------------------------------------------------
Debian Security Advisory                                security@debian.org
http://www.debian.org/security/      
                        Martin Schulze
August 26, 1999
---------------------------------------------------------------------------


We have received a report from the author of epic4 covering a denial
of service vulnerability.  All versions of epic4 between version
pre1.034 (including) and version pre2.004-19990718 (excluding) are
vulnerable.  They contain code which makes epic4 walk off of a string,
causing the client to crash and possibly display arbitrary characters
on the terminal.


We recommend you upgrade your epic4 packages immediately.


wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
--------------------------------

  This version of Debian was released only for the Intel, the
  Motorola 68xxx, the alpha and the Sun sparc architecture.

  Source archives:

    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2.diff.gz
      MD5 checksum: 587def2142692d6c813c9aef8b250d0e
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2.dsc
      MD5 checksum: e90e72db5f162d95bfe0318965fe743a
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003.orig.tar.gz
      MD5 checksum: 76ceeb97abf12e80df395c0ffb917eb3

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2_alpha.deb
      MD5 checksum: 836e1f26eda5e01e9eee981cb42f8d92
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4-dbg_pre2.003-0slink2_alpha.deb
      MD5 checksum: 83e9056fdddb471b3cc4530e46518a29

  Intel ia32 architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2_i386.deb
      MD5 checksum: de8dee999d738609a14ea698bff83b3a
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4-dbg_pre2.003-0slink2_i386.deb
      MD5 checksum: 2abf5a40aab6fe335da43577dd8fc2df

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2_m68k.deb
      MD5 checksum: b56b7ed67f788cfc8863609392129262
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4-dbg_pre2.003-0slink2_m68k.deb
      MD5 checksum: c0882ececb2db804559522beaab025a8

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4_pre2.003-0slink2_sparc.deb
      MD5 checksum: e2ec2da59f4e120bc2b46c6c897998ba
    ftp://ftp.debian.org/debian/dists/proposed-updates/epic4-dbg_pre2.003-0slink2_sparc.deb
      MD5 checksum: 8db84c4840db3f81c97bf15b963315fb


Debian GNU/Linux pre2.2 alias potato
------------------------------------

  Source archives:

    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/epic4_pre2.004-19990718-1.diff.gz
      MD5 checksum: f7a7c58fe67d12239acb74cc103f30ac
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/epic4_pre2.004-19990718-1.dsc
      MD5 checksum: 370d5f31de63e69ba7c13d3eb0b93b6d
    ftp://ftp.debian.org/debian/dists/unstable/main/source/net/epic4_pre2.004-19990718.orig.tar.gz
      MD5 checksum: 228babc39a9dcc6327b1c7b6f2e689d7

  Alpha architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: 57f888cb6a049335900f30e3138ffbcb
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 7e60edcb836350730c981a6da30f5393

  ARM architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-arm/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: d96c8e05abdfd5386e42117b5f7eed02
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-arm/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 9a4cdf86ab7ac131bb95db494dcde770

  Intel ia32 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: 61ed5f0568fa3c7457da7a1a7611b311
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 9a0361cce15def9c8bf87f0b6320d29e

  Motorola 680x0 architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: ea40ed1442bfc0e6ddf39119af6b8de2
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 81da2abae81c256f50094f1c926f9251

  PowerPC architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: 55f133dcee4fcc345266bc510af47a14
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 9c3d2cb97da84d61e6a3aebf34834d3f

  Sun Sparc architecture:

    ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/epic4_pre2.004-19990718-1.deb
      MD5 checksum: 211bbc7352257e088f1ba13bedc8c5e0
    ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/epic4-dbg_pre2.004-19990718-1.deb
      MD5 checksum: 584d2e0470dae72c9f5afc0d2c976906


For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

-- 
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: debian-security-announce@lists.debian.org

PGP signature