Debian: New tcpreen packages fix denial of service

    Date03 Jan 2008
    CategoryDebian
    2481
    Posted ByLinuxSecurity Advisories
    It was discovered that several buffer overflows in tcpreen, a tool for monitoring a TCP connection may lead to denial of service.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1443-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    January 03, 2008                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : tcpreen
    Vulnerability  : buffer overflows
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-6562
    
    It was discovered that several buffer overflows in tcpreen, a tool for
    monitoring a TCP connection may lead to denial of service.
    
    For the stable distribution (etch), this problem has been fixed in
    version 1.4.3-0.1etch1.
    
    The old stable distribution (sarge) doesn't contain tcpreen.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.4.3-0.3.
    
    We recommend that you upgrade your tcpreen package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.dsc
        Size/MD5 checksum:      579 83c33a7131f3191048aba4b610e292ca
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3.orig.tar.gz
        Size/MD5 checksum:   232290 5600968d012f8353e4e0797d4c330393
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.diff.gz
        Size/MD5 checksum:    26016 b1af9b7571c037713b123f33e5e79721
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_alpha.deb
        Size/MD5 checksum:    44064 5dc26f1233f232305b7c8d2e2e2cb4ac
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_amd64.deb
        Size/MD5 checksum:    42494 5cc27918abcac4a19eb661894005e963
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_arm.deb
        Size/MD5 checksum:    39378 10c0d8bd70154755e372318e39f10266
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_hppa.deb
        Size/MD5 checksum:    43848 7039041a01ddcd25e74cfb6c025d3e6c
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_i386.deb
        Size/MD5 checksum:    40274 bcd58bac3ae59767861a9fee6653e882
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_ia64.deb
        Size/MD5 checksum:    48438 85ac614d61faa5a66d7e14efd5490daf
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mips.deb
        Size/MD5 checksum:    43610 9fb5942fc0d95e87c2a8e3964c30b8d7
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mipsel.deb
        Size/MD5 checksum:    43620 e9b81ad8b5e0f05501c264b5efd6ed7f
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_powerpc.deb
        Size/MD5 checksum:    40848 43b0d65c0a8445d7d5880f87a5fbb005
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_s390.deb
        Size/MD5 checksum:    41020 e4d80551b7ffe958f9ad7103b2973087
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_sparc.deb
        Size/MD5 checksum:    39366 e897ed3d4b1d0b85225f88f8a0cc0990
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.