Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0718 -- Debian Security Advisory DSA 812-1 New turqstat packages fix buffer overflow 16 September 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: turqstat Publisher: Debian Operating System: Debian GNU/Linux 3.1 UNIX variants Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2005-2658 Original Bulletin: http://www.debian.org/security/2005/dsa-812 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 812-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 15th, 2005 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : turqstat Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CAN-2005-2658 Peter Karlsson discovered a buffer overflow in Turquoise SuperStat, a program for gathering statistics from Fidonet and Usenet, that can be exploited by a specially crafted NNTP server. For the old stable distribution (woody) this problem has been fixed in version 2.2.1woody1. For the stable distribution (sarge) this problem has been fixed in version 2.2.2sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.2.4-1. We recommend that you upgrade your turqstat package. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.dsc Size/MD5 checksum: 544 d928fdfa27a159fdab8a5a8884fe5f89 http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.tar.gz Size/MD5 checksum: 270910 42d8a8a0a918f170de995d486c23b653 Alpha architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_alpha.deb Size/MD5 checksum: 132096 906f3128869e6d7b0afd07cec132c72a http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_alpha.deb Size/MD5 checksum: 176418 3109d357b362669a322ec7f5d3a95d7f ARM architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_arm.deb Size/MD5 checksum: 124080 f0fd9cedb36db2636a823aa8ade7c916 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_arm.deb Size/MD5 checksum: 165586 15456da1a258074d87ce7732b3382498 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_i386.deb Size/MD5 checksum: 113180 6eee07bf2fe43335b19c9b1629b6057f http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_i386.deb Size/MD5 checksum: 153308 8d8a680ee6838382d749936fd5e2a6f1 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_ia64.deb Size/MD5 checksum: 137222 789b31dcb961a9f4db2114f86b543bb2 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_ia64.deb Size/MD5 checksum: 187992 5699afd846374683fa0d8a5713966a71 HP Precision architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_hppa.deb Size/MD5 checksum: 151334 01917983921193be6871f8d7f88ada9a http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_hppa.deb Size/MD5 checksum: 189768 15400f31cf5cc357fe2b848fe833a334 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_m68k.deb Size/MD5 checksum: 110610 41a66acf6252b48d8df4e4697eb77b11 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_m68k.deb Size/MD5 checksum: 149208 aae5619b44e2ceac583d0b1e88763812 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mips.deb Size/MD5 checksum: 111064 34b913e65e80b6911af2a02894d816bf http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mips.deb Size/MD5 checksum: 146630 376ba9b7bff126d556e1fe31594e4728 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mipsel.deb Size/MD5 checksum: 107550 87be688734db30761800c310f1c8c1c1 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mipsel.deb Size/MD5 checksum: 142122 1bca8324176ebc4ae870e1c3d3beb398 PowerPC architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_powerpc.deb Size/MD5 checksum: 112282 bc6797f83d4c9a7ae1840abbe00db82f http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_powerpc.deb Size/MD5 checksum: 150786 0a40ea48ddffb8c13766ddfcd8bc496f IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_s390.deb Size/MD5 checksum: 104326 4240b133663e82195a64c511d32bc15e http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_s390.deb Size/MD5 checksum: 139432 c27f7844b178a3d868c88b1aa495da12 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_sparc.deb Size/MD5 checksum: 112886 a60fbcc55e894b9b658f710871d372b2 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_sparc.deb Size/MD5 checksum: 151838 e9f0531430def331ea663a2179d5a067 Debian GNU/Linux 3.1 alias sarge - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.dsc Size/MD5 checksum: 551 ff23197169d40165a1d81e537dd32137 http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.tar.gz Size/MD5 checksum: 283780 a3a45fc896c7cd323a0f5920b1d6a63c Alpha architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_alpha.deb Size/MD5 checksum: 110668 50293b365282f4db408f18490f240373 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_alpha.deb Size/MD5 checksum: 157870 b67322d2478cc2f66983fe25dd59737e AMD64 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_amd64.deb Size/MD5 checksum: 101154 d10054aebc7330706bf3f320a3ff6a5b http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_amd64.deb Size/MD5 checksum: 143072 ea9531d04c0bd89b5c739b5b7800f94e ARM architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_arm.deb Size/MD5 checksum: 138204 c1fe5c573bcc3a45cb737d602f3ba4c5 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_arm.deb Size/MD5 checksum: 183976 03a55e5783a24c298375ac0bb338c2f2 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_i386.deb Size/MD5 checksum: 101718 29f9c8ed4061190bf384cf93a067a6f2 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_i386.deb Size/MD5 checksum: 143188 b6bbb8562f7c0ecea4d39294248cb3ee Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_ia64.deb Size/MD5 checksum: 122406 3894751f0c12ed40f868a48d721aa9ea http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_ia64.deb Size/MD5 checksum: 173152 59a041fd4689ddec5e4fba55940a5b5e HP Precision architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_hppa.deb Size/MD5 checksum: 122114 4b0a48530c521722ad2d635f3d56b385 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_hppa.deb Size/MD5 checksum: 172938 a173b5c4aad3958c375af803cd756550 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_m68k.deb Size/MD5 checksum: 102090 ba002e24bb7a895be99b9915294dc1fc http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_m68k.deb Size/MD5 checksum: 147268 896316b5b3513378160f89ea67e0a57d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mips.deb Size/MD5 checksum: 108740 ca396d064422ac90d9db281ccda3b154 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mips.deb Size/MD5 checksum: 147568 9ec920273e732b003fe5c89fbc01af75 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mipsel.deb Size/MD5 checksum: 105518 57c04fcbeea57eb5c9ad63ac4f43a0a1 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mipsel.deb Size/MD5 checksum: 144070 62c805442a1aa43331221ea6bce2dda7 PowerPC architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_powerpc.deb Size/MD5 checksum: 103126 99656e90993501fe4e35b8a8b03746f5 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_powerpc.deb Size/MD5 checksum: 144386 0f35c9cd34a61ae4b94d77544edd1e48 IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_s390.deb Size/MD5 checksum: 100554 717b9cd9da21deaf958a55490d1e9190 http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_s390.deb Size/MD5 checksum: 136704 911498ec823201e76f3cc1737dfa2d4c Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_sparc.deb Size/MD5 checksum: 104778 960e5ad3d3440798498dde2761a2195e http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_sparc.deb Size/MD5 checksum: 144502 46c24e1d6d2bb57a80f3080cf1c2b238 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDKQXVW5ql+IAeqTIRAm2yAJ9YW6HOuxrILTIArodmBw7o7e9AagCcCzWF BmxcLxJtepBq0QvIAzlk/DU= =Ymqt - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQyo63yh9+71yA2DNAQJwqAP/YBYzgodilGa1St2DWVDhX0fXupRc/QED 26LpNEseNsb30Qwueaq2POwyf7VrPO3HbI62kENj2AywOH1iSNMYHoBkgH9BMhrE URgzeKEsnykzPWjtHzFvnSTEU5a6BuFFEheK1+AstUldJq8e+IuXwXSJmQBUwQ5g g45TWh054zk= =ZsDK -----END PGP SIGNATURE-----