Debian: DSA-1957-1: New aria2 packages fix arbitrary code execution

    Date28 Dec 2009
    CategoryDebian
    79
    Posted ByLinuxSecurity Advisories
    It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1957-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    December 28, 2009                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : aria2
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id         : CVE-2009-3575
    Debian Bug     : 551070
    
    It was discovered that aria2, a high speed download utility, is prone
    to a buffer overflow in the DHT routing code, which might lead to the
    execution of arbitrary code.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.14.0-1+lenny1. Binaries for powerpc, arm, ia64 and hppa will
    be provided once they are available.
    
    The oldstable distribution (etch) is not affected by this problem.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1.2.0-1.
    
    
    We recommend that you upgrade your aria2 packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1.dsc
        Size/MD5 checksum:     1102 eec49435dff989725e33c563b196460a
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1.diff.gz
        Size/MD5 checksum:    20698 849ab814910b27bcceb43f70289deecf
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0.orig.tar.gz
        Size/MD5 checksum:  1343630 ae853240ee88e373a138021613e28cb1
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_alpha.deb
        Size/MD5 checksum:  1271036 e9f58f0333e8fa153e422e42124da627
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_amd64.deb
        Size/MD5 checksum:  1088722 5e454e6d927c361662b28eb1bd5fd344
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_armel.deb
        Size/MD5 checksum:  1015232 24a9356278fbe5e485a446bf4cbadf58
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_i386.deb
        Size/MD5 checksum:  1059854 231c131054416daf24647fbe0f3253d3
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_mips.deb
        Size/MD5 checksum:  1159418 09c033eb265aea089f66ef7f50633c15
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_mipsel.deb
        Size/MD5 checksum:  1150498 e8b0d5e3afb820d007afdc232a2c6e5c
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_s390.deb
        Size/MD5 checksum:  1029322 c88bd4cf8c8d48f2ab4cde0a93f68a1f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_sparc.deb
        Size/MD5 checksum:  1165878 a978541d98f368a43bb8e1c702611e81
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.