diff options
author | Michael Stone <mstone> | 1999-11-11 19:43:34 +0000 |
---|---|---|
committer | Michael Stone <mstone> | 1999-11-11 19:43:34 +0000 |
commit | 2def7dfddbf0d7fe82a1bb1f6edad5374ee762de (patch) | |
tree | eaa8cde32acacc1bc61d43cfa821ca744be2b833 | |
parent | 96fa6e3e424b50069a5f7e8d94e21331754c2cd8 (diff) |
Reports for nfs-server and proftpd
CVS version numbers
english/security/1999/19991111.wml: INITIAL -> 1.1
english/security/1999/19991111a.wml: INITIAL -> 1.1
-rw-r--r-- | english/security/1999/19991111.wml | 34 | ||||
-rw-r--r-- | english/security/1999/19991111a.wml | 39 |
2 files changed, 73 insertions, 0 deletions
diff --git a/english/security/1999/19991111.wml b/english/security/1999/19991111.wml new file mode 100644 index 00000000000..d61c8aa1fb5 --- /dev/null +++ b/english/security/1999/19991111.wml @@ -0,0 +1,34 @@ +<define-tag pagetitle>nfs-server</define-tag> +<define-tag report_date>1999-11-11</define-tag> +<define-tag packages>nfs-server</define-tag> +<define-tag description>buffer overflow in nfs server</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag moreinfo>The version of nfs-server that was distributed in Debian +GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed that the +total length of a path would never exceed (PATH_MAX_NAME_MAX). With a +read/write exported directory people could created longer paths and cause a +buffer overflow. + +<p>This has been addressed in version 2.2beta37-1slink.1, and we recommend you +upgrade your nfs-server package immediately.</define-tag> + +#use wml::debian::security + +<dl>Source: +<dd><a href=http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz>http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz</a></dd> +<dd><a href=http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.dsc>http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.dsc</a></dd> +<dd><a href=http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37.orig.tar.gz>http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37.orig.tar.gz</a></dd> +</dl> +<dl>Alpha: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb>http://security.debian.org/dists/slink/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb</a></dd> +</dl> +<dl>i386: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb>http://security.debian.org/dists/slink/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb</a></dd> +</dl> +<dl>m68k: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb>http://security.debian.org/dists/slink/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb</a></dd> +</dl> +<dl>Sparc: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb>http://security.debian.org/dists/slink/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb</a></dd> +</dl> diff --git a/english/security/1999/19991111a.wml b/english/security/1999/19991111a.wml new file mode 100644 index 00000000000..7ad278da519 --- /dev/null +++ b/english/security/1999/19991111a.wml @@ -0,0 +1,39 @@ +<define-tag pagetitle>proftpd</define-tag> +<define-tag report_date>1999-11-11</define-tag> +<define-tag packages>proftpd</define-tag> +<define-tag description>buffer overflows in proftpd</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag moreinfo>The proftpd version that was distributed in Debian +GNU/Linux 2.1 had several buffer overruns that could be exploited by remote +attackers. A short list of problems: +<ul> +<li>user input was used in snprintf() without sufficient checks +<li>there was an overflow in the log_xfer() routine +<li>you could overflow a buffer by using very long pathnames +</ul> +<p>Please note that this is not meant to be an exhaustive list. +<p>In addition to the security fixes a couple of Y2K problems were also fixed. +<p>We have made a new package with version 1.2.0pre9-4 to address these +issues, and we recommend to upgrade your proftpd package immediately. +</define-tag> + +#use wml::debian::security + +<dl>Source: +<dd><a href=http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9-4.diff.gz>http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9-4.diff.gz</a></dd> +<dd><a href=http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9-4.dsc>http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9-4.dsc</a></dd> +<dd><a href=http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9.orig.tar.gz>http://security.debian.org/dists/slink/updates/source/proftpd_1.2.0pre9.orig.tar.gz</a></dd> +</dl> +<dl>Alpha: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-alpha/proftpd_1.2.0pre9-4_alpha.deb>http://security.debian.org/dists/slink/updates/binary-alpha/proftpd_1.2.0pre9-4_alpha.deb</a></dd> +</dl> +<dl>i386: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-i386/proftpd_1.2.0pre9-4_i386.deb>http://security.debian.org/dists/slink/updates/binary-i386/proftpd_1.2.0pre9-4_i386.deb</a></dd> +</dl> +<dl>m68k: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-m68k/proftpd_1.2.0pre9-4_m68k.deb>http://security.debian.org/dists/slink/updates/binary-m68k/proftpd_1.2.0pre9-4_m68k.deb</a></dd> +</dl> +<dl>Sparc: +<dd><a href=http://security.debian.org/dists/slink/updates/binary-sparc/proftpd_1.2.0pre9-4_sparc.deb>http://security.debian.org/dists/slink/updates/binary-sparc/proftpd_1.2.0pre9-4_sparc.deb</a></dd> +</dl> |