New version of amd fixes remote exploit, take 2

    Date13 Dec 1999
    CategoryDebian
    2620
    Posted ByLinuxSecurity Advisories
    The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. This was fixed in version 23.0slink1. However that fix contained an error which has been fixed in version upl102-23.slink2.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/      
                       Wichert Akkerman
    October 18, 1999
    - ------------------------------------------------------------------------
    
    
    The version of amd that was distributed with Debian GNU/Linux 2.1 is
    vulnerable to a remote exploit. This was fixed in version 23.0slink1.
    However that fix contained an error which has been fixed in version
    upl102-23.slink2.
    
    Here is the problem description from the previous fix:
      Passing a big directory name to amd its logging code would overflow a
      buffer which could be exploited. This has been fixed in version
      23.0slink1.
    
    We recommand that you upgrade your amd package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian was released only for Intel, the Motorola
      680x0, the alpha and the Sun sparc architecture.
    
      Source archives:
        http://security.debian.org/dists/stable/updates/source/amd_up
    l102-23.slink2.diff.gz
          MD5 checksum: 30a6710a9e3fb6dcf46ec7491d157807
        http://security.debian.org/dists/stable/updates/source/amd_upl102
    -23.slink2.dsc
          MD5 checksum: 290f37dc51c2ed86400176fa9bef15ea
        http://security.debian.org/dists/stable/updates/source/amd_upl102.orig.tar.
    gz
          MD5 checksum: 76c61a893523001961437475ee2f79c5
    
      Intel ia32 architecture:
        http://security.debian.org/dists/stable/updates/binary-
    i386/amd_upl102-23.slink2_i386.deb
          MD5 checksum: c732a6033245daf368fc1cf77718113e
    
      Motorola 680x0 architecture:
        http://security.debian.org/dists/stable/updates/binary-
    m68k/amd_upl102-23.slink2_m68k.deb
          MD5 checksum: fe4f88cb3db1c18aeb132d2f60c6e732
    
      Sun Sparc architecture:
        http://security.debian.org/dists/stable/updates/binary-
    sparc/amd_upl102-23.slink2_sparc.deb
          MD5 checksum: 9f05a455a3be2d237f4bcf093e1696b9
    
    
    - -- 
    - ----------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable 
    updates
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBOApvIqjZR/ntlUftAQFnSgL/U/3A9TMy/KZ6gZ+e1KZgXJEGqzLSJQsc
    Tc7YyI+hnELb7db+MFAKjqfHoLEHIA5oRdQfefoj9K9LZeLEGRZ0So1qN6uMRCNb
    l0Lo6Wu33NptOjE61eFacgeErIlrv4fG
    =OQmi
    -----END PGP SIGNATURE-----
    
    

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.