[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:27233] [SECURITY] [DSA 029-2] New proftpd packages for m68k available (from debian-security-announce@lists.debian.org)

From: KISE Hiroshi <fuyuneko@xxxxxxxxxxxx>
Subject: [debian-users:27233] [SECURITY] [DSA 029-2] New proftpd packages for m68k available (from debian-security-announce@lists.debian.org)
Date: Tue, 6 Mar 2001 12:12:54 +0900
X-dispatcher: imput version 20000414(IM141)
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 3.0pl#17]; post only (only members can post)
References: <20010306031453.P24756@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Message-id: <200103060312.MAA13329@xxxxxxxxxxxxxxxxxxxxxxxxxx>
X-mail-count: 27233
X-mailer: Mew version 1.94.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)

debian-security-announce@lists.debian.orgに、
[DSA 029-1](proftpdのさまざまな弱点について)の補足が流れました。
これは、[DSA 029-1]で欠けていた、m68k用パッケージの情報です。
(Webのほうには記述されています)

修正済みバージョンは1.2.0pre10-2potato1です。このバージョンへの
アップデートをおすすめします。

以下、アナウンスの引用です。

From: Martin Schulze <joey@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: [SECURITY] [DSA 029-2] New proftpd packages for m68k available
Date: Tue, 6 Mar 2001 03:14:53 +0100

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - ----------------------------------------------------------------------------
> Debian Security Advisory DSA-029-2                       security@debian.org
> http://www.debian.org/security/                               Martin Schulze
> March 6, 2001
> - ----------------------------------------------------------------------------
> 
> Package        : proftpd
> Vulnerability  : remote DOS & potential buffer overflow
> Debian-specific: no
> 
> In Debian Security Advisory DSA 029-1 we have reported several
> vulnerabilities in proftpd that have been fixed.  For details please
> read the main advisory.  This upload fixes:
> 
>  1. A memory leak which can result in a denial of service, as reported
>     by Wojciech Purczynski.  The default configuration of proftpd
>     in Debian is not vulnerable.
> 
>  2. A similar memory leak affects the USER command, also as reported
>     by Wojciech Purczynski.
> 
>  3. Format string vulnerabilities reported by Przemyslaw Frasunek.
> 
> The most recent advisory covering proftpd missed one architecture that
> was released with Debian GNU/Linux 2.2.  Therefore this advisory is
> only an addition to DSA 029-1 and only adds the relevant package for
> the Motorola 680x0 architecture.
> 
> We recommend you upgrade your sudo packages for m68k immediately.
> 
> wget url
> 	will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.

(中略)
> - ----------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

以上です。
-- 
喜瀬“冬猫”浩＠南国沖縄

Prev by Date: [debian-users:27232] Re: [SECURITY] [DSA 011-2] New mgetty packages for m68k and powerpc available (from debian-security-announce@lists.debian.org)
Next by Date: [debian-users:27234] [SECURITY] [DSA 031-2] New sudo packages for powerpc available (from debian-security-announce@lists.debian.org)
Previous by thread: [debian-users:27232] Re: [SECURITY] [DSA 011-2] New mgetty packages for m68k and powerpc available (from debian-security-announce@lists.debian.org)
Next by thread: [debian-users:27234] [SECURITY] [DSA 031-2] New sudo packages for powerpc available (from debian-security-announce@lists.debian.org)
Index(es):
- Date
- Thread