Debian: xbl buffer overflow vulnerability

    Date10 Jul 2003
    CategoryDebian
    2307
    Posted ByLinuxSecurity Advisories
    Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 345-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    July 8th, 2003                           http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : xbl
    Vulnerability  : buffer overflow
    Problem-Type   : local
    Debian-specific: no
    CVE Ids        : CAN-2003-0535
    
    Another buffer overflow was discovered in xbl, distinct from the one
    addressed in DSA-327 (CAN-2003-0451), involving the -display command
    line option.  This vulnerability could be exploited by a local
    attacker to gain gid 'games'.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.0k-3woody2.
    
    For the unstable distribution (sid) this problem is fixed in version
    1.0k-6.
    
    We recommend that you update your xbl package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.dsc
          Size/MD5 checksum:      567 cc617cf2ab0beba1290a1948dec24015
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.diff.gz
          Size/MD5 checksum:    10093 8e0ac57663ff0657bbcd406ae40d99e8
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k.orig.tar.gz
          Size/MD5 checksum:   135080 22e7822a449ae5b68695158fd59ea49c
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_alpha.deb
          Size/MD5 checksum:   122282 4d9b7d78318306f488831477d6b31ae6
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_arm.deb
          Size/MD5 checksum:   111098 300c03bdd43a4413ac72346c14cae0ed
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_i386.deb
          Size/MD5 checksum:   103296 54bfaa17756365c4559b608ee596c262
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_ia64.deb
          Size/MD5 checksum:   151432 4e26d6422591122e4cf22ae16f60e6cf
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_hppa.deb
          Size/MD5 checksum:   116784 91232ce406230a0970b306dc0a5f1b9f
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_m68k.deb
          Size/MD5 checksum:    97746 89dfc31946135fbde0d1a723f4c69304
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mips.deb
          Size/MD5 checksum:   116010 feb3b79691e096b7006e01fcdcb4d987
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mipsel.deb
          Size/MD5 checksum:   115888 67367915c9c2b73a31d679ea87fa5636
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_powerpc.deb
          Size/MD5 checksum:   112178 59472b074ff777847bfd741a23b48f5d
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_s390.deb
          Size/MD5 checksum:   106278 aeeb3522110d4308fab12ac704942491
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_sparc.deb
          Size/MD5 checksum:   111230 8bd8f330c33d7d00bff11db1ac4318ed
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.