[PLDSA 44-1] New BitchX packages fix buffer overflow
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:44:40 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 44-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
16 March 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to BitchX-1.0c19-1
Vulnerability : buffer overflow
Problem-Type : remote
PLD-specific : no
Upstream URL : marc.theaimsgroup.com/?l=bugtraq&m=104766521328322&w=2
Timo Sirainen discovered a problem in the BitchX - attacker could do buffer
overflow using sprintf().
There's multiple ways to exploit it by giving near-BIG_BUFFER_SIZE strings
in various places.
The above problems have been fixed in version 1.0c19-4 for the
current stable distribution (ra).
We recommend that you upgrade your BitchX packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'BitchX*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'BitchX*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/BitchX-1.0c19-4.src.rpm
MD5 checksum: 933809b3b43346813a7d8e9eb112878a
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/BitchX-1.0c19-4.i386.rpm
MD5 checksum: a7b5049bd715b97590877bcb4de4b2b4
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/BitchX-europa-1.0c19-4.i386.rpm
MD5 checksum: 430ff153569ee423aa87a3e57196b58a
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/BitchX-1.0c19-4.i586.rpm
MD5 checksum: 2f809b070db031b0723e2944b8222898
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/BitchX-europa-1.0c19-4.i586.rpm
MD5 checksum: d1d6d437c1835a2df5dc1a0ebe0ca720
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/BitchX-1.0c19-4.i686.rpm
MD5 checksum: 8350007ff501d22fbffd23086806694b
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/BitchX-europa-1.0c19-4.i686.rpm
MD5 checksum: f5a152f88b970315b3eae613c7d20477
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/BitchX-1.0c19-4.ppc.rpm
MD5 checksum: f7a8ac841a3adbc82500225e1fb73d3b
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/BitchX-europa-1.0c19-4.ppc.rpm
MD5 checksum: ae8f48a7a02863f66c7d663dbf215f9a
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list