security advisorybuffer overflowremote exploit
It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-2049-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris May 23, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : barnowl Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id : CVE-2010-0793 Debian Bug : 574418 It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 1.0.1-4+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.5.1-1. We recommend that you upgrade your barnowl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 606923 5036fe3559becc5fa81de9a4dc028767 Size/MD5 checksum: 1128 c005716429cc93f9aa13ecc32e9a83a8 Size/MD5 checksum: 6186 431a62342081785abeac1d6f27cca56e Architecture independent packages: Size/MD5 checksum: 38992 662b9a48a4daf355222980b4b77e1dfe alpha architecture (DEC Alpha) Size/MD5 checksum: 521514 a50a7d27f8d679aaaf1aefbb7b0b8f00 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 497828 ec2b041ebdfcd8f605760000d156a058 arm architecture (ARM) Size/MD5 checksum: 453232 fa99d92090e14152f9d5119d3952c911 hppa architecture (HP PA RISC) Size/MD5 checksum: 484984 e370789dab95d297ece10836eaa11c40 i386 architecture (Intel ia32) Size/MD5 checksum: 468636 b4d0478d392975c7c10bf1bc5a8db665 ia64 architecture (Intel ia64) Size/MD5 checksum: 580632 46327f82543d70285370f3b1abc770e2 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 461968 91c665cd05e93568eda74970ea816dac powerpc architecture (PowerPC) Size/MD5 checksum: 484788 d6d20b834e74fe5eb76cb73b0fe4f8af s390 architecture (IBM S/390) Size/MD5 checksum: 488260 345d6df2dd4953aa4bca1aa7b0a2cb1a sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 463060 869a67d8595133ae2c6a61cd9289e0a8 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Debian Security Bulletin DSA-2049-1 highlights a critical buffer overflow vulnerability in the barnowl client, which could allow for the execution of unauthorized code.. barnowl, buffer overflow, debian security, remote exploit, software upgrade. . LinuxSecurity.com Team
May 23, 2010
Debian
Refine advisories
