Debian: New abc2ps packages fix arbitrary code execution

    Date24 Apr 2006
    CategoryDebian
    4788
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1041-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    April 25th, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : abc2ps
    Vulnerability  : buffer overflows
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2006-1513
    
    Erik Sj�lund discovered that abc2ps, a translator for ABC music
    description files into PostScript, does not check the boundaries when
    reading in ABC music files resulting in buffer overflows.
    
    For the old stable distribution (woody) these problems have been fixed in
    version 1.3.3-2woody1.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.3.3-3sarge1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 1.3.3-3sarge1.
    
    We recommend that you upgrade your abc2ps package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1.dsc
          Size/MD5 checksum:      574 2bf8bde7a186ba1d93794f76ca19a21a
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1.diff.gz
          Size/MD5 checksum:    12626 fc9f2d8362327652fbe36926a1011ea3
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3.orig.tar.gz
          Size/MD5 checksum:   125327 720f41663251ea56c7d3456c09ccdb24
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_alpha.deb
          Size/MD5 checksum:   198302 48d72a8edd108a0e860a414ef71f4eed
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_arm.deb
          Size/MD5 checksum:   133896 c31722490dd0068c1b7b31f5623889bf
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_i386.deb
          Size/MD5 checksum:   126224 1a7825d31788e2ce2d5611d026c035e8
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_ia64.deb
          Size/MD5 checksum:   248658 e4af663fc6bb5557bcbb5556671a0694
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_hppa.deb
          Size/MD5 checksum:   151654 fb3434ac543a2b7351912fe9ac70a106
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_m68k.deb
          Size/MD5 checksum:   118484 de9477e6ae7eef6bf004e03976a37e2f
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_mips.deb
          Size/MD5 checksum:   168336 e8506ab9625e17b37d88104fc329c576
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_mipsel.deb
          Size/MD5 checksum:   168412 06fd6748c5aed2b0671fd8948c25f5ac
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_powerpc.deb
          Size/MD5 checksum:   159308 59bbf493d9d3aebb5cabd5514152cb7a
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_s390.deb
          Size/MD5 checksum:   130400 474abf4e655d73cc29dff7cab0e0caa3
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_sparc.deb
          Size/MD5 checksum:   156464 65ceb4dd51fcd074f2559e39cdfd72a3
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1.dsc
          Size/MD5 checksum:      574 0e501917b1f3eaae019b493a7d75e2ac
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1.diff.gz
          Size/MD5 checksum:    12761 ef51821cc1e99f4c27d36f1563fd5939
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3.orig.tar.gz
          Size/MD5 checksum:   125327 720f41663251ea56c7d3456c09ccdb24
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_alpha.deb
          Size/MD5 checksum:   161382 5a61a8187469f45261e2861ef4131657
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_amd64.deb
          Size/MD5 checksum:   142244 cc3d5a9a34c7e74e4a62800d20595986
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_arm.deb
          Size/MD5 checksum:   133466 e86cec900cabbab1c9655240f7a87cfc
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_i386.deb
          Size/MD5 checksum:   131446 1c28cd803285e045788c3fa7aa858c19
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_ia64.deb
          Size/MD5 checksum:   194404 74c75445c63e99ee12037b7099b98611
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_hppa.deb
          Size/MD5 checksum:   148086 f07421a81c2a2f8b778beb2cbb0eac96
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_m68k.deb
          Size/MD5 checksum:   119956 81de406009470ac5f65a8405086a9a74
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_mips.deb
          Size/MD5 checksum:   151294 d07363582856e4b798ab992e5369df6a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_mipsel.deb
          Size/MD5 checksum:   151556 62cce9b325a53dc0f1d32eb788fbbc4b
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_powerpc.deb
          Size/MD5 checksum:   140764 46152d575bf1945bef5f4dbf1bce3306
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_s390.deb
          Size/MD5 checksum:   136302 b0a5f1a3d6cd14374dc4ee11d84a6481
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_sparc.deb
          Size/MD5 checksum:   136524 89e570de8c755a45d0932c343f5edc20
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.