[PLDSA 26-1] New bladeenc packages fix arbitrary code execution
Krzysiek Taraszka
dzimi at pld.org.pl
Sun Feb 9 13:47:56 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 26-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
03 February 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to bladeenc-0.94.2-3
Vulnerability : arbitrary code execution
Problem-Type : local
PLD-specific : no
Upstream URL : www.pivx.com/luigi/adv/blade942-adv.txt
Auriemma Luigi discovered a bug in the bladeenc. A wave file let the
attacker to execute all the code he want on the victim.
The above problems have been fixed in version 0.94.2-4 for the
current stable distribution (ra).
We recommend that you upgrade your bladeenc packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'bladeenc*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'bladeenc*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/bladeenc-0.94.2-4.src.rpm
MD5 checksum: ff436c90acf6c4c24ab33fc5b6a4e269
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/bladeenc-0.94.2-4.i386.rpm
MD5 checksum: 996d6f92a7f7e527be8c11c3a9c6702b
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/bladeenc-0.94.2-4.i586.rpm
MD5 checksum: 4ae70baaabd3fec1dd6bd22a58b0a0e9
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/bladeenc-0.94.2-4.i686.rpm
MD5 checksum: 50e12ba25e4cbbe1a0e1b51430f0567f
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/bladeenc-0.94.2-4.ppc.rpm
MD5 checksum: 08802a753ebc8bba68e263b90a401615
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list