Debian: New prozilla packages fix arbitrary code execution

    Date30 Sep 2005
    CategoryDebian
    5673
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 834-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    October 1st, 2005                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : prozilla
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2961
    
    Tavis Ormandy discovered a buffer overflow in prozilla, a
    multi-threaded download accelerator, which may be exploited to execute
    arbitrary code.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 1.3.6-3woody3.
    
    The stable distribution (sarge) does not contain prozilla packages.
    
    The unstable distribution (sid) does not contain prozilla packages.
    
    We recommend that you upgrade your prozilla package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.dsc
          Size/MD5 checksum:      612 66c3a184d2185a18a2e20b173c6835c7
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.diff.gz
          Size/MD5 checksum:     9891 32d706f874d8c4fba1c1eed7111cd292
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz
          Size/MD5 checksum:   152755 65864dfe72f5cb7d7e595ca6f34fc7d7
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_alpha.deb
          Size/MD5 checksum:    78514 6183e73c5841beee0d8e9cc450a6c702
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_arm.deb
          Size/MD5 checksum:    65506 595b0c25a968731fc39dd9644cccf9ba
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_i386.deb
          Size/MD5 checksum:    64514 8c4c382318cb97f659736dc1ea017335
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_ia64.deb
          Size/MD5 checksum:    93574 ab60cc2fc3cac11774217fec4fe9da56
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_hppa.deb
          Size/MD5 checksum:    74560 a3443807a553e685573f9f34aa2cbe71
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_m68k.deb
          Size/MD5 checksum:    61492 e295c8293423298836b5ea829ccd2f18
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mips.deb
          Size/MD5 checksum:    73168 16ebff4a693d9fb1b96c1814045edd22
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mipsel.deb
          Size/MD5 checksum:    73234 85e2da96f32feb26af7600faeac69820
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_powerpc.deb
          Size/MD5 checksum:    68628 b95100d9ef36bd36649118b2dee08a0c
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_s390.deb
          Size/MD5 checksum:    65556 bf4165b94d5a28e591d5fdc10b46d94d
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_sparc.deb
          Size/MD5 checksum:    68174 3ff8ca31ef5d0e124a1e8714506a861f
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.