6175543 2001-03-05 19:14 -0700 /86 rader/ <debian-security-announce@LISTS.DEBIAN.ORG> Sänt av: joel@lysator.liu.se Importerad: 2001-03-06 05:54 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: security@debian.org Mottagare: Bugtraq (import) <15752> Ärende: [SECURITY] [DSA 029-2] New proftpd packages for m68k available ------------------------------------------------------------ From: debian-security-announce@LISTS.DEBIAN.ORG To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <9qZY1D.A.wHF.ygEp6@murphy> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-029-2 security@debian.org http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : proftpd Vulnerability : remote DOS & potential buffer overflow Debian-specific: no In Debian Security Advisory DSA 029-1 we have reported several vulnerabilities in proftpd that have been fixed. For details please read the main advisory. This upload fixes: 1. A memory leak which can result in a denial of service, as reported by Wojciech Purczynski. The default configuration of proftpd in Debian is not vulnerable. 2. A similar memory leak affects the USER command, also as reported by Wojciech Purczynski. 3. Format string vulnerabilities reported by Przemyslaw Frasunek. The most recent advisory covering proftpd missed one architecture that was released with Debian GNU/Linux 2.2. Therefore this advisory is only an addition to DSA 029-1 and only adds the relevant package for the Motorola 680x0 architecture. We recommend you upgrade your sudo packages for m68k immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/proftpd_1.2.0pre10-2potato1_m68k.deb MD5 checksum: 96315bb133a487e81944e6cef2358d09 These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6pEXfW5ql+IAeqTIRAsz2AJwOrxkUrpW6RT0hWAVsCg90ZMiciwCgmndv 8GEjTQj0xmDRdyBZ7VA2kNI= =SYKg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org (6175543) --------------------------------(Ombruten)