User: Password:
Subscribe / Log in / New account

Debian alert DSA-584-1 (dhcp)

From: (Martin Schulze)
To: (Debian Security Announcements)
Subject:  [SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability
Date:  Thu, 4 Nov 2004 18:28:41 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 584-1 Martin Schulze November 4th, 2004 - -------------------------------------------------------------------------- Package : dhcp Vulnerability : format string vulnerability Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1006 "infamous41md" noticed that the log functions in dhcp 2.x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings. One use seems to be exploitable in connection with a malicious DNS server. For the stable distribution (woody) these problems have been fixed in version 2.0pl5-11woody1. For the unstable distribution (sid) these problems have been fixed in version 2.0pl5-19.1. We recommend that you upgrade your dhcp package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 683 9fbc12c28d4c973fc85157331c26aae5 Size/MD5 checksum: 48678 11af0bf9045654e302da7704d856ead4 Size/MD5 checksum: 294909 ab22f363a7aff924e2cc9d1019a21498 Alpha architecture: Size/MD5 checksum: 230656 6c7c2c912063527503ca64b59e3a58ac Size/MD5 checksum: 215658 24dabab111aec962caacf5a793d15338 Size/MD5 checksum: 159940 a447290821e3737d567c5949f7ca9966 ARM architecture: Size/MD5 checksum: 211188 636b1709fbb6cea278b4248130e320c0 Size/MD5 checksum: 198582 e0efe5b93e0ecbc34caec0c7a15c9700 Size/MD5 checksum: 148746 0ce691f9f921277d9b526161921999c3 Intel IA-32 architecture: Size/MD5 checksum: 204550 9dd0affebf04890280d57cc27221d12c Size/MD5 checksum: 192092 8f70ab57e89a22dd7b9ce5c1d9f51a35 Size/MD5 checksum: 144962 c03163e469f7477f4479d2400a16ea5e Intel IA-64 architecture: Size/MD5 checksum: 295214 483b1ad144c76ac994c3db46d0dce32f Size/MD5 checksum: 277702 31597876b5623a7d1b24b28db3fc4e55 Size/MD5 checksum: 197380 00747f82e74e9b8856b9676d9c14124f HP Precision architecture: Size/MD5 checksum: 209292 317aeeacb930a39d7d2dc5e59c532f3a Size/MD5 checksum: 197714 4ba10395c93aae31d4c27fa193964a65 Size/MD5 checksum: 149114 322771b83583570cd6f350ba6a1e4b0f Motorola 680x0 architecture: Size/MD5 checksum: 200208 c931a802045b2be93488bd45b6dc4eed Size/MD5 checksum: 188024 d25022b06425b4717d7e884fe44403d2 Size/MD5 checksum: 143126 dd38b9e0ea2ecd5455e3c506e259d41a Big endian MIPS architecture: Size/MD5 checksum: 217844 fa15e8387bb50f9011f8bda8110bc0e6 Size/MD5 checksum: 205468 36b92f32880cc70bb1ce7277f393df0e Size/MD5 checksum: 154020 cb8cd4947dbfc2b65991095e8a35c36f Little endian MIPS architecture: Size/MD5 checksum: 217290 67f7e6c6d879b533936f70711ee48c4c Size/MD5 checksum: 204742 5c654f6cb04582739fc3aa445a865243 Size/MD5 checksum: 153376 0672d189292961527c0d06b14db6f781 PowerPC architecture: Size/MD5 checksum: 205052 fe96048ef94b2a8b99fa54539b0455b5 Size/MD5 checksum: 192580 94c021c9da018495aa462d27e3078bb1 Size/MD5 checksum: 145924 2a95b2aad76a2578e7ade66f65e39f33 IBM S/390 architecture: Size/MD5 checksum: 207858 8770a183836bc33dd38f78375b47dca7 Size/MD5 checksum: 195460 c7ea6dfb54bad5e2855f774cdc40cb8d Size/MD5 checksum: 148234 b6b2b6feb6477ad485c9f5a3145c9da1 Sun Sparc architecture: Size/MD5 checksum: 212454 185e57de8c23336e25b50251e42ea317 Size/MD5 checksum: 200980 4f8eadd993129822ebc700348d10f7d8 Size/MD5 checksum: 153904 8cb3d4a775bedaf06bdbaea21f765448 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: Package info: `apt-cache show <pkg>' and<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBimbIW5ql+IAeqTIRAvvHAJwP0/wgsE7/1UB9WNApOShda4X4UwCgl1l+ RLloUIuoWFERWLbeQ21KcHE= =n41j -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds