Linux Security
Linux Security
Linux Security

Debian: New centericq packages fix several vulnerabilities

Date 15 Sep 2005
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 813-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
September 15th, 2005          
- --------------------------------------------------------------------------

Package        : centericq
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-2369 CAN-2005-2370 CAN-2005-2448
BugTraq ID     : 14415

Several problems have been discovered in libgadu which is also part of
centericq, a text-mode multi-protocol instant messenger client.  The
Common Vulnerabilities and Exposures project identifies the following


    Multiple integer signedness errors may allow remote attackers to
    cause a denial of service or execute arbitrary code.


    Memory alignment errors may allows remote attackers to cause a
    denial of service on certain architectures such as sparc.


    Several endianess errors may allow remote attackers to cause a
    denial of service.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in
version 4.20.0-1sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 4.20.0-9.

We recommend that you upgrade your centericq package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      875 3e3856c76ecca4033d594f40b84594fe
      Size/MD5 checksum:   105757 2847f29ebc190209bc9801cda4021465
      Size/MD5 checksum:  1796894 874165f4fbd40e3be677bdd1696cee9d

  Alpha architecture:
      Size/MD5 checksum:  1650414 6428d1b002427f84264e264f039942b6
      Size/MD5 checksum:   335816 83d71d7e3ddc678f92208714c69421c1
      Size/MD5 checksum:  1651512 e552870deeb140d3c152a314ecbf34cd
      Size/MD5 checksum:  1650438 55cd6872aae5e63348f7b816ea72d54b

  AMD64 architecture:
      Size/MD5 checksum:  1355220 3e2133ded560c48685d2b99ba5bf0dce
      Size/MD5 checksum:   335722 4b1695d70272933dc7e239043cd97dca
      Size/MD5 checksum:  1355440 2cfb3c7c9386a5975ec3d433ca45e5c4
      Size/MD5 checksum:  1355268 a0cb191dfa09ef9b517bfa5e91779dad

  ARM architecture:
      Size/MD5 checksum:  2185136 2d1317f0919c28662971967458546742
      Size/MD5 checksum:   335868 726094239479d03fd2eb63f4f307e46b
      Size/MD5 checksum:  2185970 bb6521dedcca573e28a2c34fd9c1ab74
      Size/MD5 checksum:  2185188 84cd56c79406e409bb0513a0997870f8

  Intel IA-32 architecture:
      Size/MD5 checksum:  1348652 c59e862bca93d94d4edee43911bbdeb7
      Size/MD5 checksum:   335708 2c3d7782f385f0b81a3ce3dd4b089977
      Size/MD5 checksum:  1349472 fb8e54aa013dacc37499fd68ae032116
      Size/MD5 checksum:  1348570 f353cb12552cfc0db7ed0d3129edc1d7

  Intel IA-64 architecture:
      Size/MD5 checksum:  1881308 0eaa392858b373326fe3f5fbcbd267da
      Size/MD5 checksum:   335814 5ce50347f96935af6f00e6e6ec89352c
      Size/MD5 checksum:  1882180 359605a9a9bc322896110b2652da8859
      Size/MD5 checksum:  1881288 3b41f39c82d45d048c56fd71b052b34a

  HP Precision architecture:
      Size/MD5 checksum:  1812364 d776d20c88b1d045eab6c2cbc7e4856f
      Size/MD5 checksum:   336524 15a3df7f872450f63c650e08a5804d28
      Size/MD5 checksum:  1813476 6804d5b88c0e662daccc7d8a462bc843
      Size/MD5 checksum:  1812430 72dbb22383ac61176bfdbc563026f728

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1399316 4f0a41a9a10d9764806b753669a19721
      Size/MD5 checksum:   336586 c5fda5db59d172c072943ba56fa7ab4e
      Size/MD5 checksum:  1399996 fa827fa4c93f695d6ad976975aa15201
      Size/MD5 checksum:  1399362 fbe685ca5920fda77744d1ed896e8848

  Big endian MIPS architecture:
      Size/MD5 checksum:  1493038 111b76f2e63dc4fc6cc51f5cdabc3d3b
      Size/MD5 checksum:   336552 61b4098b1245044a145571caad3384fd
      Size/MD5 checksum:  1493630 c478a464bebad10f9883abeb2097be09
      Size/MD5 checksum:  1493080 182a6d6b77e18cdda5c29154149e0191

  Little endian MIPS architecture:
      Size/MD5 checksum:  1483212 e4d498542aec27d2ded408c756e05844
      Size/MD5 checksum:   335834 32e81dfb6114a2f1175d4b0e747efb1c
      Size/MD5 checksum:  1483786 bbf2190ab5d4d0cecb332c6d6e87d897
      Size/MD5 checksum:  1483264 d991ec5892ad4a1f4452f6ac265c9524

  PowerPC architecture:
      Size/MD5 checksum:  1386046 27c0795c598216692bb9e3ddabbe38ab
      Size/MD5 checksum:   336542 65b7360541cf810d6e0e66e4e985eed8
      Size/MD5 checksum:  1386558 15377035743dde60440d7847a8050a5d
      Size/MD5 checksum:  1386122 7f1e7a8ffcb42aef23b6d29043295b91

  IBM S/390 architecture:
      Size/MD5 checksum:  1193924 bcbb0a591e411c0fcd4bd02cef5eedbb
      Size/MD5 checksum:   336546 3710534682406a034733acad3b3c2ed5
      Size/MD5 checksum:  1194212 8f5729cbc295bb04986b96af8e9de1bf
      Size/MD5 checksum:  1193970 943e805ff5904ede894a864d6ac4d34b

  Sun Sparc architecture:
      Size/MD5 checksum:  1325896 8e8e65fe000e12e309700513c1e2b8ba
      Size/MD5 checksum:   336550 46d2e5ced85fa02754d4c3868d39c129
      Size/MD5 checksum:  1326696 81974721d8a2b7041a375bf36c44464e
      Size/MD5 checksum:  1325860 f025aef1774bdf29ba0120070e8ff4f1

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":85.42,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.33,"resources":[]},{"id":"181","title":"Hardly ever","votes":"3","type":"x","order":"3","pct":6.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]