security advisorybuffer overflowcritical
There are multiple vulnerabilities in xfstt.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 360-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman August 1st, 2003 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : xfstt Vulnerability : several Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0581, CAN-2003-0625 xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities: - - CAN-2003-0581: a remote attacker could send requests crafted to trigger any of several buffer overruns, causing a denial of service or possibly executing arbitrary code on the server with the privileges of the "nobody" user. - - CAN-2003-0625: certain invalid data sent during the connection handshake could allow a remote attacker to read certain regions of memory belonging to the xfstt process. This information could be used for fingerprinting, or to aid in exploitation of a different vulnerability. For the current stable distribution (woody) these problems have been fixed in version 1.2.1-3. For the unstable distribution (sid), CAN-2003-0581 is fixed in xfstt 1.5-1, and CAN-2003-0625 will be fixed soon. We recommend that you update your xfstt package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5checksum: 501 962c048c51ad11527a2968dcab0f70cc Size/MD5 checksum: 106104 9a5cd36572b2b422e3f13c1c076256b2 Alpha architecture: Size/MD5 checksum: 79490 a5be8fb0fca57ea3397f56060b2e4746 ARM architecture: Size/MD5 checksum: 65656 dee8ba57aec56b3ad9f1a160c4aa928b Intel IA-32 architecture: Size/MD5 checksum: 66590 0fd927a55db3a257dd1e4c1f1b76ebe4 Intel IA-64 architecture: Size/MD5 checksum: 101308 5b61105d87ac63565f3e653c10935554 HP Precision architecture: Size/MD5 checksum: 74966 f3f8cc0f9b62340a805cda547b04e90b Motorola 680x0 architecture: Size/MD5 checksum: 65276 e3c46415661c96a46a5a461b8cb7c72c Big endian MIPS architecture: Size/MD5 checksum: 77998 6008f0a2f2c5133b55db5df1c3d2e6c5 Little endian MIPS architecture: Size/MD5 checksum: 77912 8827f5bdde0e85013ea221b9feb60ae9 PowerPC architecture: Size/MD5 checksum: 65970 d1793d80f35e87b7b094e4343158325e IBM S/390 architecture: Size/MD5 checksum: 66458 2bd0811824f8a5c90fd77cb2f3d18fcf Sun Sparc architecture: Size/MD5 checksum: 66234 ba8c136d18589a8265e265b7b89008c3 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Addressing multiple vulnerabilities within xfstt, highlighting issues that may permit unapproved distant access and disruptions in service continuity.. Debian Security,Xfstt Exploit,Remote Access,Buffer Overflow Issue. . Severity: Critical. LinuxSecurity.com Team
Aug 01, 2003
•Critical
Debian
Refine advisories
