- ------------------------------------------------------------------------
Debian Security Advisory DSA-1826-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
July 04, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : eggdrop
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2807 CVE-2009-1789
Debian Bugs    : 427157 528778

Several vulnerabilities have been discovered in eggdrop, an advanced IRC
robot. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-2807

It was discovered that eggdrop is vulnerable to a buffer overflow, which
could result in a remote user executing arbitrary code. The previous DSA
(DSA-1448-1) did not fix the issue correctly.

CVE-2009-1789

It was discovered that eggdrop is vulnerable to a denial of service
attack, that allows remote attackers to cause a crash via a crafted
PRIVMSG.

For the stable distribution (lenny), these problems have been fixed in
version 1.6.19-1.1+lenny1.

For the old stable distribution (etch), these problems have been fixed in
version 1.6.18-1etch2.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.19-1.2


We recommend that you upgrade your eggdrop package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:      650 594b4749b9ec89f7d369643895710ad8
      Size/MD5 checksum:     8016 1a18e0a558c7de704c220e6ed0f14bff
      Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee

Architecture independent packages:

      Size/MD5 checksum:   413124 5f8afe289ebefcc7921fc1a9189c7efd

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   597062 c79a36069bad2181b84fc8d49b944b16

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   537512 9c3244b387ee9ceddb1dda220247a4f1

arm architecture (ARM)

      Size/MD5 checksum:   498890 055e953dcb486f625a15459dc55aab19

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   600144 ac69ebc0c01053cd4cbd35eba71546a8

i386 architecture (Intel ia32)

      Size/MD5 checksum:   475340 945bb805188e10c0ce96e0b5d2295deb

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   755532 724ae130ed456eb5d5a229fa9a9c1669

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   533850 60232404dbc3aab7be1bbd44f9727cf7

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   537320 40f9df7e42a932ea8c0c91d9c778505d

powerpc architecture (PowerPC)

      Size/MD5 checksum:   522414 27b819f07a51ef3027bf89e77afbfeea

s390 architecture (IBM S/390)

      Size/MD5 checksum:   530102 32d0911a7a50d9de96313ec56d707c09

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   490614 8985bad87328abe986ccd99d5d4a106f


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     1083 0fbb3a99c0027705fd9459ff03fce710
      Size/MD5 checksum:  1033152 4d89a901e95f0f9937f4ffac783d55d8
      Size/MD5 checksum:    17603 73742e8b01487405d815296f5fb91a58

Architecture independent packages:

      Size/MD5 checksum:   412066 7e5a850e026fe53cfade4e6dd43948af

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   593730 d791d84436f4ba40ac542afdb5181588

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   545870 0bba74f2562866bb282d5ac9c575d042

arm architecture (ARM)

      Size/MD5 checksum:   507040 86269695984245a98e23a2ec3c48259d

armel architecture (ARM EABI)

      Size/MD5 checksum:   523006 14ec7c7ea8de55c77a554c2b8871231a

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   591212 9f79dac9962932605a4dc331f201736d

i386 architecture (Intel ia32)

      Size/MD5 checksum:   468618 1231dad4cd3f847298efd9c453ec7a67

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   750226 a24c908ebc0e6ee68f5d07778527b767

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   523760 a62db58be23b5a3b2d568344f1d7503d

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   526202 431f1302ef1539336b57887e58317aa5

powerpc architecture (PowerPC)

      Size/MD5 checksum:   532980 435c9a597ba6a84b2f7fb655fbd06d2b

s390 architecture (IBM S/390)

      Size/MD5 checksum:   527910 4b95f23c5e1cd5120d5bfaf0fc4e420f

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   479812 cabbfb068f710ecba8715a89815fe252


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1826-1: New eggdrop packages fix several vulnerabilities

July 4, 2009
Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot

Summary

CVE-2007-2807

It was discovered that eggdrop is vulnerable to a buffer overflow, which
could result in a remote user executing arbitrary code. The previous DSA
(DSA-1448-1) did not fix the issue correctly.

CVE-2009-1789

It was discovered that eggdrop is vulnerable to a denial of service
attack, that allows remote attackers to cause a crash via a crafted
PRIVMSG.

For the stable distribution (lenny), these problems have been fixed in
version 1.6.19-1.1+lenny1.

For the old stable distribution (etch), these problems have been fixed in
version 1.6.18-1etch2.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.19-1.2


We recommend that you upgrade your eggdrop package.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 650 594b4749b9ec89f7d369643895710ad8
Size/MD5 checksum: 8016 1a18e0a558c7de704c220e6ed0f14bff
Size/MD5 checksum: 1025608 c2734a51926bdf0380d8bb53f5a7b2ee

Architecture independent packages:

Size/MD5 checksum: 413124 5f8afe289ebefcc7921fc1a9189c7efd

alpha architecture (DEC Alpha)

Size/MD5 checksum: 597062 c79a36069bad2181b84fc8d49b944b16

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 537512 9c3244b387ee9ceddb1dda220247a4f1

arm architecture (ARM)

Size/MD5 checksum: 498890 055e953dcb486f625a15459dc55aab19

hppa architecture (HP PA RISC)

Size/MD5 checksum: 600144 ac69ebc0c01053cd4cbd35eba71546a8

i386 architecture (Intel ia32)

Size/MD5 checksum: 475340 945bb805188e10c0ce96e0b5d2295deb

ia64 architecture (Intel ia64)

Size/MD5 checksum: 755532 724ae130ed456eb5d5a229fa9a9c1669

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 533850 60232404dbc3aab7be1bbd44f9727cf7

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 537320 40f9df7e42a932ea8c0c91d9c778505d

powerpc architecture (PowerPC)

Size/MD5 checksum: 522414 27b819f07a51ef3027bf89e77afbfeea

s390 architecture (IBM S/390)

Size/MD5 checksum: 530102 32d0911a7a50d9de96313ec56d707c09

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 490614 8985bad87328abe986ccd99d5d4a106f


Debian GNU/Linux 5.0 alias lenny

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 1083 0fbb3a99c0027705fd9459ff03fce710
Size/MD5 checksum: 1033152 4d89a901e95f0f9937f4ffac783d55d8
Size/MD5 checksum: 17603 73742e8b01487405d815296f5fb91a58

Architecture independent packages:

Size/MD5 checksum: 412066 7e5a850e026fe53cfade4e6dd43948af

alpha architecture (DEC Alpha)

Size/MD5 checksum: 593730 d791d84436f4ba40ac542afdb5181588

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 545870 0bba74f2562866bb282d5ac9c575d042

arm architecture (ARM)

Size/MD5 checksum: 507040 86269695984245a98e23a2ec3c48259d

armel architecture (ARM EABI)

Size/MD5 checksum: 523006 14ec7c7ea8de55c77a554c2b8871231a

hppa architecture (HP PA RISC)

Size/MD5 checksum: 591212 9f79dac9962932605a4dc331f201736d

i386 architecture (Intel ia32)

Size/MD5 checksum: 468618 1231dad4cd3f847298efd9c453ec7a67

ia64 architecture (Intel ia64)

Size/MD5 checksum: 750226 a24c908ebc0e6ee68f5d07778527b767

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 523760 a62db58be23b5a3b2d568344f1d7503d

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 526202 431f1302ef1539336b57887e58317aa5

powerpc architecture (PowerPC)

Size/MD5 checksum: 532980 435c9a597ba6a84b2f7fb655fbd06d2b

s390 architecture (IBM S/390)

Size/MD5 checksum: 527910 4b95f23c5e1cd5120d5bfaf0fc4e420f

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 479812 cabbfb068f710ecba8715a89815fe252


These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Severity
Several vulnerabilities have been discovered in eggdrop, an advanced IRC
robot. The Common Vulnerabilities and Exposures project identifies the
following problems:

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up