- ------------------------------------------------------------------------Debian Security Advisory DSA-1664-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 10, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : ekg
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2008-4776

It was discovered that ekg, a console Gadu Gadu client performs
insufficient input sanitising in the code to parse contact descriptions,
which may result in denial of service.

For the stable distribution (etch), this problem has been fixed in
version 1:1.7~rc2-1etch2.

For the unstable distribution (sid) and the upcoming stable distribution
(lenny), this problem has been fixed in version 1:1.8~rc1-2 of libgadu. 

We recommend that you upgrade your ekg package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:    37320 1c357cd857b7ef675a14fe103a0965c9
      Size/MD5 checksum:   514073 b4ea482130e163af1456699e2e6983d9
      Size/MD5 checksum:      750 0ff1117467170af0a00db3701bfa3e30

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    75020 32743d8f1c90d89e8fa344609bc3dee3
      Size/MD5 checksum:   161822 79d864a5bb2b5cf7f099647d92f39a86
      Size/MD5 checksum:   320302 758aa135dad96eda3dff591375046982

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   297518 1c9fcbce7540d6ff538f98710de424b2
      Size/MD5 checksum:   136580 9ddd7e5e6fb2c3940f426d07bedf3478
      Size/MD5 checksum:    69742 ce39c6ae5a6b4d6c5f9da1a5b92aee5c

arm architecture (ARM)

      Size/MD5 checksum:   135028 c593a1482e5673777dd3b4d1513af5d4
      Size/MD5 checksum:    67986 905284ffdb2f523c175b5b0590e139f5
      Size/MD5 checksum:   287590 770c154cbe20f9e5ef9a150eba228f63

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   143792 879b7e4fa25861fb4b0138a64b20df1a
      Size/MD5 checksum:   310140 5187d07159a4bb9937147f411d4e729c
      Size/MD5 checksum:    73874 32e077a057c65aeef4f42028c1beb29e

i386 architecture (Intel ia32)

      Size/MD5 checksum:    67326 e69788fafa929636e435a7c498d6cbb2
      Size/MD5 checksum:   287730 bee66bb3ffa81f8d96a611d594c7e6c9
      Size/MD5 checksum:   131298 9455116765cded14599b13def2760856

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   394676 5da127623779c65a6882763d124e106e
      Size/MD5 checksum:    86672 df4d5a3e854546b2107829cae3c52758
      Size/MD5 checksum:   158010 7a0806cabe1c34094f6488e12381c4ee

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   144930 c7f6dd469d3b41eb46c4e43c1af003d3
      Size/MD5 checksum:   298464 b1d464071ff3e1b6fd5b40c0b1be4b3a
      Size/MD5 checksum:    66636 3e4eb4be92ab91106ccb079d9537a4ec

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   140696 8031b8d2eefad8db832ee9d399439a6b
      Size/MD5 checksum:    66494 44c2a30a3b164c7311ac24509b484371
      Size/MD5 checksum:   297158 19ad2f941ff975a0765a179385042ede

powerpc architecture (PowerPC)

      Size/MD5 checksum:   297734 59019fd4f676af28a2ac587761d6613c
      Size/MD5 checksum:    70036 adf3410f5fa8466c8ad9cea0107e1c7e
      Size/MD5 checksum:   136148 42d66957fcf3a59ac69eb2e9eece6ac5

s390 architecture (IBM S/390)

      Size/MD5 checksum:   134754 3e85a76f4ac6f70917a0edcfbbd1277c
      Size/MD5 checksum:   302854 f445e55ac77cccaa304eb9d86c230515
      Size/MD5 checksum:    69540 9cd3c7315a827bcfd940660681254106

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   286504 f8cd06af412041a6594765ac36010eb3
      Size/MD5 checksum:    68618 fd7f69d09515faa187e8970d6dcf82a9
      Size/MD5 checksum:   134926 888e34a4ca3055eb40f5cc16d1ed89b7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New ekg packages fix denial of service

November 10, 2008
It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service.

Summary

Severity

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved