Debian: DSA-1826-1: New eggdrop packages fix several vulnerabilities

    Date04 Jul 2009
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1826-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    July 04, 2009                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : eggdrop
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-2807 CVE-2009-1789
    Debian Bugs    : 427157 528778
    
    Several vulnerabilities have been discovered in eggdrop, an advanced IRC
    robot. The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2007-2807
    
    It was discovered that eggdrop is vulnerable to a buffer overflow, which
    could result in a remote user executing arbitrary code. The previous DSA
    (DSA-1448-1) did not fix the issue correctly.
    
    CVE-2009-1789
    
    It was discovered that eggdrop is vulnerable to a denial of service
    attack, that allows remote attackers to cause a crash via a crafted
    PRIVMSG.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 1.6.19-1.1+lenny1.
    
    For the old stable distribution (etch), these problems have been fixed in
    version 1.6.18-1etch2.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.6.19-1.2
    
    
    We recommend that you upgrade your eggdrop package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.dsc
        Size/MD5 checksum:      650 594b4749b9ec89f7d369643895710ad8
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.diff.gz
        Size/MD5 checksum:     8016 1a18e0a558c7de704c220e6ed0f14bff
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
        Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch2_all.deb
        Size/MD5 checksum:   413124 5f8afe289ebefcc7921fc1a9189c7efd
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_alpha.deb
        Size/MD5 checksum:   597062 c79a36069bad2181b84fc8d49b944b16
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_amd64.deb
        Size/MD5 checksum:   537512 9c3244b387ee9ceddb1dda220247a4f1
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_arm.deb
        Size/MD5 checksum:   498890 055e953dcb486f625a15459dc55aab19
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_hppa.deb
        Size/MD5 checksum:   600144 ac69ebc0c01053cd4cbd35eba71546a8
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_i386.deb
        Size/MD5 checksum:   475340 945bb805188e10c0ce96e0b5d2295deb
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_ia64.deb
        Size/MD5 checksum:   755532 724ae130ed456eb5d5a229fa9a9c1669
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mips.deb
        Size/MD5 checksum:   533850 60232404dbc3aab7be1bbd44f9727cf7
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mipsel.deb
        Size/MD5 checksum:   537320 40f9df7e42a932ea8c0c91d9c778505d
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_powerpc.deb
        Size/MD5 checksum:   522414 27b819f07a51ef3027bf89e77afbfeea
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_s390.deb
        Size/MD5 checksum:   530102 32d0911a7a50d9de96313ec56d707c09
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_sparc.deb
        Size/MD5 checksum:   490614 8985bad87328abe986ccd99d5d4a106f
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
        Size/MD5 checksum:     1083 0fbb3a99c0027705fd9459ff03fce710
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19.orig.tar.gz
        Size/MD5 checksum:  1033152 4d89a901e95f0f9937f4ffac783d55d8
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
        Size/MD5 checksum:    17603 73742e8b01487405d815296f5fb91a58
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
        Size/MD5 checksum:   412066 7e5a850e026fe53cfade4e6dd43948af
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_alpha.deb
        Size/MD5 checksum:   593730 d791d84436f4ba40ac542afdb5181588
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_amd64.deb
        Size/MD5 checksum:   545870 0bba74f2562866bb282d5ac9c575d042
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_arm.deb
        Size/MD5 checksum:   507040 86269695984245a98e23a2ec3c48259d
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_armel.deb
        Size/MD5 checksum:   523006 14ec7c7ea8de55c77a554c2b8871231a
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_hppa.deb
        Size/MD5 checksum:   591212 9f79dac9962932605a4dc331f201736d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
        Size/MD5 checksum:   468618 1231dad4cd3f847298efd9c453ec7a67
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_ia64.deb
        Size/MD5 checksum:   750226 a24c908ebc0e6ee68f5d07778527b767
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mips.deb
        Size/MD5 checksum:   523760 a62db58be23b5a3b2d568344f1d7503d
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mipsel.deb
        Size/MD5 checksum:   526202 431f1302ef1539336b57887e58317aa5
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_powerpc.deb
        Size/MD5 checksum:   532980 435c9a597ba6a84b2f7fb655fbd06d2b
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_s390.deb
        Size/MD5 checksum:   527910 4b95f23c5e1cd5120d5bfaf0fc4e420f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_sparc.deb
        Size/MD5 checksum:   479812 cabbfb068f710ecba8715a89815fe252
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.