Debian: 'gpm' local root vulnerability

    Date27 Dec 2001
    CategoryDebian
    3178
    Posted ByLinuxSecurity Advisories
    Among other problems, the gpm-root program contains a format stringvulnerability, which allows an attacker to gain root privileges.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-095-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                    Robert van der Meulen
    December 27, 2001
    ------------------------------------------------------------------------
    
    
    Package        : gpm
    Problem type   : local root vulnerability
    Debian-specific: no
    
    The package 'gpm' contains the 'gpm-root' program, which can be used to
    create mouse-activated menus on the console.
    Among other problems, the gpm-root program contains a format string
    vulnerability, which allows an attacker to gain root privileges.
    
    This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade
    your 1.17.8-18 package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz
          MD5 checksum: 8c48aa1656391d3755c289a87db13bf0
         http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
          MD5 checksum: bafbe8ffe73d3b5783e9841f1894af77
         http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz
          MD5 checksum: 9d50c299bf925996546efaf32de1db7b
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb
          MD5 checksum: 0e50705cadfd58777d02fa6806c10bdf
         
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
          MD5 checksum: cbeeeac3795318255126814d71b7b945
         
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb
          MD5 checksum: f5dd9e395259b037d20e013e112a55e8
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb
          MD5 checksum: 6b41896ddfed4a119d17e5d8e8391384
         
    http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
          MD5 checksum: f02444fc5a9a6a7c7da0e1cb19df24a6
         http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb
          MD5 checksum: 0ae3eb96377394d65e0e8031d0019147
    
      Intel IA-32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb
          MD5 checksum: 18c837abec8360db146681d2a713177a
         
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
          MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e
         http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb
          MD5 checksum: 815a1e90fe36e603f0803f92b6898f19
         
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb
          MD5 checksum: 514a1baee569e548349f7c4dc2941f3d
         
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb
          MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb
          MD5 checksum: ce61772d26c799bce33d729ed7fc67b7
         
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
          MD5 checksum: 923894ee7bdc1a8e648881eaf5f372da
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb
          MD5 checksum: 019de1ecb144e3d10b5978ea640a24c4
         
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb
          MD5 checksum: 88d75f4b1f85e6aee903f886b311e127
         
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb
          MD5 checksum: 1ea940b2e3c5d7fade43d75ed3253569
    
      PowerPC architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb
          MD5 checksum: aa2415e6f489af235e173d6d5a69b05f
         
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
          MD5 checksum: cd823ce39eb4125ed4a8dd0c17362107
         
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb
          MD5 checksum: 0188cb6c4ffd82a146812e53c1387918
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb
          MD5 checksum: b703c2e30b52446508f18951551839a3
         
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
          MD5 checksum: b8a75b6ab45f649b9e458cf778545a9e
         
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb
          MD5 checksum: fa4ae1bda04f3b13622d6e6bc9ffcb35
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.