Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0158 -- Debian Security Advisory DSA 448-1
New pwlib packages fix multiple vulnerabilities
24 February 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: pwlib
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux
Impact: Denial of Service
Execute Arbitrary Code/Commands
Access Required: Remote
CVE Names: CAN-2004-0097
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 448-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
February 22nd, 2004 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : pwlib
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2004-0097
Debian bug : 233888
Multiple vulnerabilities were discovered in pwlib, a library used to
aid in writing portable applications, whereby a remote attacker could
cause a denial of service or potentially execute arbitrary code. This
library is most notably used in several applications implementing the
H.323 teleconferencing protocol, including the OpenH323 suite,
gnomemeeting and asterisk.
For the current stable distribution (woody) this problem has been
fixed in version 1.2.5-5woody1.
For the unstable distribution (sid), this problem will be fixed soon.
Refer to Debian bug #233888 for details.
We recommend that you update your pwlib package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.dsc
Size/MD5 checksum: 639 2e057d4bb38abbdfebe95ca2962a2733
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.diff.gz
Size/MD5 checksum: 34683 4f5b334e860eea238244d82d8084f6bb
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5.orig.tar.gz
Size/MD5 checksum: 749440 b320577dd1cff37cceea57c45de9de85
Alpha architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_alpha.deb
Size/MD5 checksum: 130708 899913e27abbbaf9181e363fc5c00184
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_alpha.deb
Size/MD5 checksum: 868610 579711836aa1cf6310b445f4f769074d
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_alpha.deb
Size/MD5 checksum: 2270224 d51adae04e7caa1fb8c0c77c02ec366d
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_alpha.deb
Size/MD5 checksum: 1543738 9903ecfadacc28839ba71daebb2ce272
ARM architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_arm.deb
Size/MD5 checksum: 133952 48cb63c89f21dad3e721bbc44d350824
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_arm.deb
Size/MD5 checksum: 861230 a1d5d4f66be1c134039139e1d4b686fd
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_arm.deb
Size/MD5 checksum: 1841968 a17d84ac845f1bd3ce70f6aab66026f6
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_arm.deb
Size/MD5 checksum: 1502856 d97cd24a9fca26db167d92ead0aa6077
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_i386.deb
Size/MD5 checksum: 112508 656f942f7909fb0d76f39973111d5839
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_i386.deb
Size/MD5 checksum: 788502 c389e02adcf493e704c2a5a1b129a883
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_i386.deb
Size/MD5 checksum: 1838780 aacb8d43274e1bed588659640d174a2d
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_i386.deb
Size/MD5 checksum: 1301568 c96d4b6b4004dd20dcf93f2b3081dcc3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_ia64.deb
Size/MD5 checksum: 146510 f0f35a5d97c4e9c1bc4d71bc0c1f8d60
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_ia64.deb
Size/MD5 checksum: 996212 e1bf67b0d5e64ba7910bc602b871e330
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_ia64.deb
Size/MD5 checksum: 2466746 bf2a8caa6963954d1f7e95a978f76a5e
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_ia64.deb
Size/MD5 checksum: 1774658 7231677252682b0260e5c57469cb420f
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_hppa.deb
Size/MD5 checksum: 149596 707e83b5967383808e7f353754864cbd
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_hppa.deb
Size/MD5 checksum: 991818 24b024ec88157f7d30bd853883b3aabd
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_hppa.deb
Size/MD5 checksum: 2847570 b60a52e989ec6fe77edff22547013d13
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_hppa.deb
Size/MD5 checksum: 1993572 dafc6b5a2adec05e389489c344b70a75
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_m68k.deb
Size/MD5 checksum: 104312 e70cd451ac98f4d01615e1ec5096c816
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_m68k.deb
Size/MD5 checksum: 858732 d513f7ca86a75a0b58cc2f120d47f05b
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_m68k.deb
Size/MD5 checksum: 1891398 db5ec25f3f813da5be85a504ceae83bb
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_m68k.deb
Size/MD5 checksum: 1297004 b963c654b1cb7b66101b3cbe83c3494e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_mips.deb
Size/MD5 checksum: 126130 86cb6659d891e1b9fecc915c1e06ea71
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_mips.deb
Size/MD5 checksum: 758362 72c65ab5fd677f9a0f546f895142fe54
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_mips.deb
Size/MD5 checksum: 1998404 15532db557ca3a7358330d30a3273cf1
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_mips.deb
Size/MD5 checksum: 1457282 248b40bcf4cb8a5a5c5b4074b457d001
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_powerpc.deb
Size/MD5 checksum: 107404 eadf9a2ae2a8672669b7692c53cf1e9e
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_powerpc.deb
Size/MD5 checksum: 918814 3b180bd91862ae1f55f0d590359e6ffa
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_powerpc.deb
Size/MD5 checksum: 2269394 12646912e9fead507821e021806b4dc5
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_powerpc.deb
Size/MD5 checksum: 1659834 9077a25b959e5a7b4d804936ee7f69bb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_s390.deb
Size/MD5 checksum: 97532 1b421333f3099dc46539dc4df4078ce7
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_s390.deb
Size/MD5 checksum: 832288 5f4ce30d3fc952317ca233dbd986ad3e
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_s390.deb
Size/MD5 checksum: 1930542 e738de76f0665c761f5ff309ed238fa2
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_s390.deb
Size/MD5 checksum: 1307926 08e82668880d288c18f472bf291a187c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_sparc.deb
Size/MD5 checksum: 105478 19ef591ed5fbd335e3a1d6cf33e177f6
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_sparc.deb
Size/MD5 checksum: 781956 52cb039ef81f2ff5dd1e8b897063e304
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_sparc.deb
Size/MD5 checksum: 1906046 049defa3090dc3a97a73c6e6d194d603
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_sparc.deb
Size/MD5 checksum: 1367208 b10e687e83792b0897872431bee9e118
These files will probably be moved into the stable distribution on
its next revision.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAOXWZArxCt0PiXR4RAsiXAJ48z1yNupkT11kdzWHh9UOO/4l7kACfUK6e
Th6O4khHENy4mb0qJc4V3jA=
=05/e
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQDqfeSh9+71yA2DNAQFYBgP/Q+HQNRyb5Om+/fE7EgT4YVj2oWkdOl++
75lfZPblyOupppfNN5QRolIRBRoOM/XVnUu2qGiAeeJxNzUJr9qcfFEV71yMVSXi
+pHVieHO8ZO2Fh9mR6+UgtzBmY7BxKbthOa2UTH+VmXmk9BBIjY0IQaNVzLX/o7r
d3EaIJL7m0A=
=5KS0
-----END PGP SIGNATURE-----