Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1980-1: New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution

    Date
    103
    Posted By
    David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016). This issue affects both,
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1980-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                      Steffen Joeris
    January 27, 2010                      https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : ircd-hybrid/ircd-ratbox
    Vulnerability  : integer underflow/denial of service
    Problem type   : remote
    Debian-specific: no
    CVE Ids        : CVE-2009-4016 CVE-2010-0300
    
    
    David Leadbeater discovered an integer underflow that could be triggered
    via the LINKS command and can lead to a denial of service or the
    execution of arbitrary code (CVE-2009-4016). This issue affects both,
    ircd-hybrid and ircd-ratbox.
    
    It was discovered that the ratbox IRC server is prone to a denial of
    service attack via the HELP command. The ircd-hybrid package is not
    vulnerable to this issue (CVE-2010-0300).
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in
    version 2.2.8.dfsg-2+lenny1 of ircd-ratbox.
    
    Due to a bug in the archive software it was not possible to release the
    fix for the oldstable distribution (etch) simultaneously. The packages
    will be released as version 7.2.2.dfsg.2-3+etch1 once they become
    available.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem will be fixed soon.
    
    
    We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.dsc
        Size/MD5 checksum:     1139 a48d912892925013b37fb773841d6710
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2.orig.tar.gz
        Size/MD5 checksum:   756749 75896381ea6330aea860b35fff3c34bb
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
        Size/MD5 checksum:   115007 a8d23129d0675ff779e5e315f8632a6b
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
        Size/MD5 checksum:    18289 04a221b2b8dfd0654778a6608c7cb66b
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.dsc
        Size/MD5 checksum:     1230 f79125aafcc5d9fcbd09bedadd69fce7
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg.orig.tar.gz
        Size/MD5 checksum:   673439 0eb7d1430a997a37af03f8b2f9eed4bb
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
        Size/MD5 checksum:    65708 85dba185f2fdd9e7b3c423ae8722cc2f
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb
        Size/MD5 checksum:   568252 35a559f24895dab0fbe71f6af3a8c0b1
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb
        Size/MD5 checksum:   929788 583d32d5afc9747d824499183d4a5761
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb
        Size/MD5 checksum:   660008 1a2bca514133dbc27f91bca69ed2122e
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb
        Size/MD5 checksum:   937710 2867b5535578c017699418acab7565b7
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb
        Size/MD5 checksum:   542006 52ca320cdd28849bd65065c921f03623
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb
        Size/MD5 checksum:   634416 d320f0d1b77cb08cb0caa9c9644d13aa
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb
        Size/MD5 checksum:   589350 451a5bcf2b4b8f40e39128be3fdc479d
    
    armel architecture (ARM EABI)
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb
        Size/MD5 checksum:   894654 4daf0784d8865e75c378630d7cf2d870
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb
        Size/MD5 checksum:   595420 bf40953d00dbccd069b1596b6c84eadc
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb
        Size/MD5 checksum:   504238 785107a5a9fa3dcd88f2a12916d47092
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb
        Size/MD5 checksum:   908902 8e1ebf2baf27a71f008eba792cdd87d7
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb
        Size/MD5 checksum:   647938 c67f473e9b4ae77a5578359c76ff5e75
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb
        Size/MD5 checksum:   554656 00af4d733f43a8404b2e62718a4bd341
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb
        Size/MD5 checksum:   591346 7a9ccd0273005c654f5e78d6ba9d29d6
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb
        Size/MD5 checksum:   891002 796bbd22c352ec873c9705e560492dbe
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb
        Size/MD5 checksum:   499796 24e0d7b1284b3d7c3688366e9a8c493e
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb
        Size/MD5 checksum:   783482 28568b727f452ef622cb8939618dde23
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb
        Size/MD5 checksum:   685370 17507ab3172ad5e1fd88ea05c70f68c4
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb
        Size/MD5 checksum:   906848 4561656a5c033c9b647f146a13e79322
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb
        Size/MD5 checksum:   506502 854cd9c98a5eaf38e3f815fd79d20c9a
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb
        Size/MD5 checksum:   918546 5307013e962c38b405db7507e251a31d
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb
        Size/MD5 checksum:   601610 9fc6640bb08a3af295589b72f6667087
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb
        Size/MD5 checksum:   912794 6024ad0383d9696c727203a0af740630
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb
        Size/MD5 checksum:   504864 ac200b212ed5ed69095b90bba53558f3
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb
        Size/MD5 checksum:   599656 f32d222728582a36d1a75494d87340af
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb
        Size/MD5 checksum:   732146 445dc7f28c92455ed3293b9b6b795020
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb
        Size/MD5 checksum:  1001328 bca90faf524223bb06bb47774ee7d147
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb
        Size/MD5 checksum:   639750 282ee75ee6b2e2fefcda221fb930bc6b
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb
        Size/MD5 checksum:   905196 cc484c7b4f807227ff75af729504ca0c
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb
        Size/MD5 checksum:   537006 3c24b451ae8fdd846d982982fa652535
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb
        Size/MD5 checksum:   616620 d9bba18dc19104a06d57403bf93e64a6
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb
        Size/MD5 checksum:   843350 99cd0379e8623f3265bbba3eb8578e86
      https://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb
        Size/MD5 checksum:   586408 87cbcdd0fadac9c2d17c71cb5df907f7
      https://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb
        Size/MD5 checksum:   498376 a117209c1ed8b9104bee8a154d390fd0
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"11","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.