Return-Path: debian-announce-admin@debian.or.jp Date: Tue, 27 Jun 2000 23:56:07 +0900 From: Fumitoshi UKAI Reply-To: debian-announce@debian.or.jp Subject: [debian-announce:00018] [SECURITY] New version of kon2 released To: debian-announce@debian.or.jp Message-Id: <87ya3rxjeg.wl@lichee.ukai.org> X-ML-Name: debian-announce X-Mail-Count: 00018 X-MLServer: fml [fml 2.2]; post only (only members can post) X-ML-Info: If you have a question, send a mail with the body "# help" (without quotes) to the address debian-announce-ctl@debian.or.jp; help= User-Agent: Wanderlust/2.2.15 (More Than Words) EMIKO/1.13.9 (Euglena tripteris) FLIM/1.13.2 (Kasanui) APEL/10.2 Emacs/20.7 (i386-debian-linux-gnu) MULE/4.0 (HANANOEN) Organization: Debian JP Project Mime-Version: 1.0 (generated by EMIKO 1.13.9 - "Euglena tripteris") Content-Type: text/plain; charset=ISO-2022-JP Precedence: bulk Lines: 51 -----BEGIN PGP SIGNED MESSAGE----- Debian JP Security Advisory security@debian.or.jp http://www.debian.or.jp/security/ Fumitoshi UKAI 6月27日 Package: kon2 Vulnerability type: local exploit Debian-specific: no Debian 2.1 で配布されているkon2パッケージには、バッファオーバーフローを おこすバグがあり、これを利用して、ローカルでkon2を起動できる任意のユーザが root権限を取得できてしまいます。 このバグは 0.3.9b-0slink3 で修正されています。ただちに kon2 パッケージを更新 することをお勧めします。 wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- このバージョンでは Intel ia32 アーキテクチャ用のものだけが リリースされています。 Source archives: http://ftp.debian.org/debian/dists/proposed-updates/kon2-0.3.9b-0slink3.dsc MD5 checksum: 3c95cca12768eb29c92e7aba923783dc http://ftp.debian.org/debian/dists/proposed-updates/kon2-0.3.9b-0slink3.diff.gz MD5 checksum: bb6fa2ce26de16d353ddc74253f4bd20 http://ftp.debian.org/debian/dists/proposed-updates/kon2-0.3.9b.orig.tar.gz MD5 checksum: 946b194800f59be9e82f6c7736875f78 Intel ia32 architecture: http://ftp.debian.org/debian/dists/proposed-updates/kon2-0.3.9b-0slink3_i386.deb MD5 checksum: 416358d5e0f6195ab3ff1a75d3d7e6fd -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface iQCVAwUBOVgpV89xwSV+IhjlAQE2XwP/dylOD1+kuOpDdKMVxtsUahRBOeKW81FO O2X3Hz7HfS72vbRBjSlqD5s2Nq8kDChKr+gG/llM2UYOXdLvix3/+jIKXs2sX8F+ 6JGqdjo4rzg9ODJkbxwOMIVp7L82IU4OxdZ83Wkjmwyri5tBwZyJw7yliTGzkhAs 2O4YBHVOlBo= =8EoL -----END PGP SIGNATURE-----