![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 7 Sep 1999 13:30:00 +0200 (CEST)
From: joey@finlandia.Infodrom.North.DE (Martin Schulze)
To: debian-security-announce@lists.debian.org (Debian Security Announcements)
Subject: [SECURITY] New versions of INN fixes "news" exploit
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Martin Schulze
September 7, 1999
- ----------------------------------------------------------------------------
We have a report covering a buffer overflow in the inews program as
provided by the INN news server. This program is used by local
clients to inject news articles to the server. In order to be able to
connect to the news server through a Unix domain socket it needs to
run setgid "news". Exploiting this bug local users woule gain "news"
privileges. After that they are able to modify the configuration for
the INN server as well as destroy News databases and files.
We recommend you upgrade your inews-inn package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.1 alias slink
- --------------------------------
This version of Debian was released only for the Intel, the
Motorola 68xxx, the alpha and the Sun sparc architecture. However,
the alpha architecture didn't provide an INN package.
Source archives:
http://security.debian.org/dists/stable/updates/source/inn_1.7.2-4.1.diff.gz
MD5 checksum: f390efec27637bb3d5cd53451a2ba65c
http://security.debian.org/dists/stable/updates/source/inn_1.7.2-4.1.dsc
MD5 checksum: ec896efa2c7fbe1aca281ab6772d9abe
http://security.debian.org/dists/stable/updates/source/inn_1.7.2.orig.tar.gz
MD5 checksum: f8b569ef42bb553dab7af5513bf483aa
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/inewsinn_1.7.2-4.1_i386.deb
MD5 checksum: e8af9fe66b95da403230c2d4443cfe35
http://security.debian.org/dists/stable/updates/binary-i386/inn-dev_1.7.2-4.1_i386.deb
MD5 checksum: 46d80892430881d7c6c457a1432b4c31
http://security.debian.org/dists/stable/updates/binary-i386/inn_1.7.2-4.1_i386.deb
MD5 checksum: 7c63df29c5738ae27d12bcb3edd5535f
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/inewsinn_1.7.2-4.1_m68k.deb
MD5 checksum: 38a7c7c28bfb91a6589aba6856d1a235
http://security.debian.org/dists/stable/updates/binary-m68k/inn-dev_1.7.2-4.1_m68k.deb
MD5 checksum: 1c838c021a852596181014b4dd11aae5
http://security.debian.org/dists/stable/updates/binary-m68k/inn_1.7.2-4.1_m68k.deb
MD5 checksum: 720a757f190bf251465fc5d9d05fb041
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/inewsinn_1.7.2-4.1_sparc.deb
MD5 checksum: 5ccb952a839a84ab9009836877c80a4d
http://security.debian.org/dists/stable/updates/binary-sparc/inn-dev_1.7.2-4.1_sparc.deb
MD5 checksum: 63789ec335c7adda7528d82900d61e4c
http://security.debian.org/dists/stable/updates/binary-sparc/inn_1.7.2-4.1_sparc.deb
MD5 checksum: d738c7f83a15856286354380b044d536
Debian GNU/Linux pre2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/unstable/updates/source/inn_1.7.2.orig.tar.gz
MD5 checksum: f8b569ef42bb553dab7af5513bf483aa
http://security.debian.org/dists/unstable/updates/source/inn_1.7.2-11.diff.gz
MD5 checksum: 2ec0d842fed6c4ef59de277733190738
http://security.debian.org/dists/unstable/updates/source/inn_1.7.2-11.dsc
MD5 checksum: 138bddce53fd1ded38a46fba6a96b32c
Alpha architecture:
http://security.debian.org/dists/unstable/updates/binary-alpha/inewsinn_1.7.2-11_alpha.deb
MD5 checksum: c8f58a885d85e4d7cc969df52fc8a8f4
http://security.debian.org/dists/unstable/updates/binary-alpha/inn-dev_1.7.2-11_alpha.deb
MD5 checksum: d80226ba4d80a14c3b2e016caf99de53
http://security.debian.org/dists/unstable/updates/binary-alpha/inn_1.7.2-11_alpha.deb
MD5 checksum: 5dfccb7c9b15599c06d09a85e46c91e5
ARM architecture:
http://security.debian.org/dists/unstable/updates/binary-arm/inewsinn_1.7.2-11_arm.deb
MD5 checksum: ee521e7c5c9190b4f2062d81eaf9077c
http://security.debian.org/dists/unstable/updates/binary-arm/inn-dev_1.7.2-11_arm.deb
MD5 checksum: 63903547ad0255cd157aa48594e040e6
http://security.debian.org/dists/unstable/updates/binary-arm/inn_1.7.2-11_arm.deb
MD5 checksum: 4369dda02495f0aaf126049ebeee3992
Intel ia32 architecture:
http://security.debian.org/dists/unstable/updates/binary-i386/inewsinn_1.7.2-11_i386.deb
MD5 checksum: c69b719ecbaab0703e576b77186b271a
http://security.debian.org/dists/unstable/updates/binary-i386/inn-dev_1.7.2-11_i386.deb
MD5 checksum: 248b439045b860acc2d1890e8f6b0f5c
http://security.debian.org/dists/unstable/updates/binary-i386/inn_1.7.2-11_i386.deb
MD5 checksum: c1868b74810c5158a29846f6123c972d
Motorola 680x0 architecture:
http://security.debian.org/dists/unstable/updates/binary-m68k/inewsinn_1.7.2-11_m68k.deb
MD5 checksum: c220190df2517eae2d88103f056b0a16
http://security.debian.org/dists/unstable/updates/binary-m68k/inn-dev_1.7.2-11_m68k.deb
MD5 checksum: 141b786979c37ce268844507d2311b99
http://security.debian.org/dists/unstable/updates/binary-m68k/inn_1.7.2-11_m68k.deb
MD5 checksum: caf20157c31f3ee8affae4ae534494b5
PowerPC architecture:
http://security.debian.org/dists/unstable/updates/binary-powerpc/inewsinn_1.7.2-11_powerpc.deb
MD5 checksum: 86155c15e9354397127de54953687708
http://security.debian.org/dists/unstable/updates/binary-powerpc/inn-dev_1.7.2-11_powerpc.deb
MD5 checksum: 75adc804b2cd683313837a8e2458b94e
http://security.debian.org/dists/unstable/updates/binary-powerpc/inn_1.7.2-11_powerpc.deb
MD5 checksum: 3fe559ccee892aeac719b061260c4975
Sun Sparc architecture:
http://security.debian.org/dists/unstable/updates/binary-sparc/inewsinn_1.7.2-11_sparc.deb
MD5 checksum: 3992a3513c1b7c9acdc9d9a507177f57
http://security.debian.org/dists/unstable/updates/binary-sparc/inn-dev_1.7.2-11_sparc.deb
MD5 checksum: 3147dc1de268fb79d8550b1e98268dae
http://security.debian.org/dists/unstable/updates/binary-sparc/inn_1.7.2-11_sparc.deb
MD5 checksum: 1716450113c13ac880a2455b75396d14
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBN9T3NxRNm5Suj3z1AQGo+QP+NfZYuls2wxuzCblyqL899cOvU3U/f18v
fYmcJIW3aY8xvh0h+AmcFL0DFnz6+2IEpkuLLDjHz4EBJoMii1yr1xovzwUuIf1b
2j5PV8bEN8dH2LWeqBc+05QhYm3o6RbXqdqpdtva2eT5/dKr5gOOsj1+Zu4FgpT5
0aEBhso7IWo=
=CAEn
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org