Debian: New newsx packages fix arbitrary code execution

    Date31 Jul 2008
    CategoryDebian
    3400
    Posted ByLinuxSecurity Advisories
    It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1622-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    July 31, 2008                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : newsx
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-3252
    Debian Bug     : 492742
    
    It was discovered that newsx, an NNTP news exchange utility, was affected
    by a buffer overflow allowing remote attackers to execute arbitrary code
    via a news article containing a large number of lines starting with a period.
    
    For the stable distribution (etch), this problem has been fixed in version
    1.6-2etch1.
    
    For the testing (lenny) and unstable distribution (sid), this problem has
    been fixed in version 1.6-3.
    
    We recommend that you upgrade your newsx package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.dsc
        Size/MD5 checksum:      601 a96fab9796a6947419d0fa8b116117d1
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6.orig.tar.gz
        Size/MD5 checksum:   302553 45d7b7655c7e30c22321f41d701bb6f4
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.diff.gz
        Size/MD5 checksum:   105510 6d0b8e91489284a99d7e3d1d1a18438a
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_alpha.deb
        Size/MD5 checksum:   179232 a1e5978150fdc4e85ae5429df50dce14
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_amd64.deb
        Size/MD5 checksum:   159000 36120414520dabbe24a603535483d627
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_arm.deb
        Size/MD5 checksum:   148522 f86262e52e3cfe57f9149cd7d03b9792
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_hppa.deb
        Size/MD5 checksum:   166048 3664074d8015308faacfdc24813cbe2e
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_i386.deb
        Size/MD5 checksum:   149314 0d0223be6ec9375b11a29271e14f0ba0
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_ia64.deb
        Size/MD5 checksum:   229656 d9525b17ed531e7f94bf795016559ab0
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mips.deb
        Size/MD5 checksum:   169628 9902b13a40be1f8839ea6553bebda796
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mipsel.deb
        Size/MD5 checksum:   169130 082f47df05acf04de8a1590acad38124
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_powerpc.deb
        Size/MD5 checksum:   158742 f172b7b889f111cc2090082878f80816
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_s390.deb
        Size/MD5 checksum:   161132 8e5ca0412a29bd03dfbdf1dd8e88df30
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_sparc.deb
        Size/MD5 checksum:   147978 511f9a433c89f3fe114ebe04158d65ab
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.