Linux Security
    Linux Security
    Linux Security

    Debian: New httrack packages fix arbitrary code execution

    Date 01 Aug 2008
    Posted By LinuxSecurity Advisories
    Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1626-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                          Thijs Kinkhorst
    August 01, 2008             
    - ------------------------------------------------------------------------
    Package        : httrack
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    BugTraq ID     : 30425
    Joan Calvet discovered that httrack, a utility to create local copies of
    websites, is vulnerable to a buffer overflow potentially allowing to
    execute arbitrary code when passed excessively long URLs.
    For the stable distribution (etch), this problem has been fixed in
    version 3.40.4-3.1+etch1.
    For the testing (lenny) and unstable distribution (sid), this problem has
    been fixed in version 3.42.3-1.
    We recommend that you upgrade your httrack package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Source archives:
        Size/MD5 checksum:      950 277074178046b94ceebefa5f5eaee9de
        Size/MD5 checksum:  1626176 9e4de064afc1dfcb6f50b773f8081f1c
        Size/MD5 checksum:     7597 005a605bfabc7f0830d8db87d3ee67fe
    Architecture independent packages:
        Size/MD5 checksum:   516676 9f2c726cbc7e6f97dfeda4f8a72c8e77
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   441370 a37aaf592b7ab95fd11eeec082d4919a
        Size/MD5 checksum:   395946 7eea58a1b8a7d6d11501ec2e879f0167
        Size/MD5 checksum:    61108 0894913629340bd559c929d07a05f19f
        Size/MD5 checksum:    31766 63db4ac65e705d74d1eab458b33f56e5
        Size/MD5 checksum:   491618 e8a2076bb272020be529c39a53eea534
    arm architecture (ARM)
        Size/MD5 checksum:    33424 eed7c807ccebd9db0722545849938d0f
        Size/MD5 checksum:   281686 1b4a63e9fea5cdbcd49eb02354fd0608
        Size/MD5 checksum:   350912 9c85eea85e7bf24b734f259ecba0a303
        Size/MD5 checksum:   443078 64a26f96bfb086474c47a9f37d9db15d
        Size/MD5 checksum:    59448 70d880740666db737ef8cbc8730e5377
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    34180 5ac05721cb623cf7c25b9bffbc81ad6d
        Size/MD5 checksum:    65948 7a8fa1831ffadffab827c2a8ecc44068
        Size/MD5 checksum:   321760 ee4562bcf5255b6addf8ac0b673d19fe
        Size/MD5 checksum:   440990 594b8679acb8e05c9b0bede368a86ad3
        Size/MD5 checksum:   438154 2bc91f3ebd931a161595b2c95253d15a
    i386 architecture (Intel ia32)
        Size/MD5 checksum:    32152 4f545c6163fc8516c6d0dae9ddf6082e
        Size/MD5 checksum:    59458 4c81a59964535c95ccdb08916fc47f63
        Size/MD5 checksum:   482448 8db927e07b642477f60cb0e4beeb2b3e
        Size/MD5 checksum:   438432 ae91317aa8eb3a32fdf6b5be6a3c153b
        Size/MD5 checksum:   365534 c38c17f82ea6b110c52d17d6a8098563
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    92114 88d98af0e94dbe1137db57341c0d7fe3
        Size/MD5 checksum:    35186 fcf89c422fdac82f9e436bd4ff13d161
        Size/MD5 checksum:   736406 a4a9b2fdd5d4ba5e0147e56e39a81bb3
        Size/MD5 checksum:   450002 523074d62431c05143a8db9d0d3ca8b3
        Size/MD5 checksum:   501600 b0b7938e039dc12e6289353407a66f24
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   422550 ddefd0cf52d210266bc10c1d6dfec2f1
        Size/MD5 checksum:   272376 f4312876c36fe9da386f7d10115cc87a
        Size/MD5 checksum:   438438 d37c7460ca2f4a848b4d441d90911d9a
        Size/MD5 checksum:    33282 5f42aacc153fda5b4feac0932455b956
        Size/MD5 checksum:    64622 aa402be8bab600e6f9a7cc901e11be8b
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   417812 71a8ae7e5cf51716c6c78debc31ce6a2
        Size/MD5 checksum:    64644 133bbfcee5935a205eb131dc9f363c08
        Size/MD5 checksum:    33654 2b6df5a12a8f3457ee6e6353a73ed7f0
        Size/MD5 checksum:   432074 ef11cd7c26b5330fbf1b744559cd8c14
        Size/MD5 checksum:   271738 ee6ee78ba71e8977f4c6ad954f5356f6
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    64012 33554371d96a8d344f673f7310dbba34
        Size/MD5 checksum:   556868 b313c676177281c3f6a9c38d9304a741
        Size/MD5 checksum:   433912 d51594790fad947486d48a744abf2823
        Size/MD5 checksum:   350286 59f98436ea6d2fe90a980fe3ce133db4
        Size/MD5 checksum:    33998 1db2f2c7241c8274316c82e353213e00
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    33560 7c3edeff7fd589d901f5c1dc67468c0c
        Size/MD5 checksum:   371182 7ef2888222cf6fd4f2751e140fc6f77b
        Size/MD5 checksum:   291818 063df1d6823a3489d3d859100bbe067a
        Size/MD5 checksum:   432386 6f88d4af48ee49e29f548ebde7308a43
        Size/MD5 checksum:    63462 f6850ab5eb5acd7a870664fef6ec520c
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    58698 128e8fa3ec781b8a4bc8cdae7438ef40
        Size/MD5 checksum:   379330 865d453bb4f80590a0d267b7aa8c5a84
        Size/MD5 checksum:   432042 9a9fc3e7a5db34850ed2fabf9465a214
        Size/MD5 checksum:   553276 1d2d44e03ec1230a13442b4c72333906
        Size/MD5 checksum:    31910 f9d4ef0ffe87192ac5410b456b9c2eaf
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.