- -------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : epic4-script-light Vulnerability : arbitrary script execution Problem-Type : remote Debian-specific: no All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution. This problem has been fixed in version 2.7.30p5-1.1 for the current stable distribution (woody) and in version 2.7.30p5-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the Light package. We recommend that you upgrade your epic4-script-light package and restart your IRC client. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.dsc Size/MD5 checksum: 632 053d1358c5d5af80a00a16a417ace948 http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.diff.gz Size/MD5 checksum: 6050 b1fc07a846f21dfff190fa93fb09922d http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5.orig.tar.gz Size/MD5 checksum: 64391 1321bb1c6e31168fbe190df0c3ef8234 Architecture independent components: http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1_all.deb Size/MD5 checksum: 72200 3b0d251f9f7270e76fa094e91a2278f9 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show' and http://packages.debian.org/
Debian: epic4-script-light arbitrary script execution
All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.
You are not authorised to post comments.