Debian alert: New pwlib packages fix multiple vulnerabilities

Posted by dave on Feb 23, 2004 4:20 AM EDT
Mailing list
Mail this story
Print this story

Multiple vulnerabilities were discovered in pwlib, a library used to aid in writing portable applications, whereby a remote attacker could cause a denial of service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 448-1 [e-mail:security@debian.org] http://www.debian.org/security/ Matt Zimmerman February 22nd, 2004 http://www.debian.org/security/faq - --------------------------------------------------------------------------

Package : pwlib Vulnerability : several Problem-Type : remote Debian-specific: no CVE Id : CAN-2004-0097 Debian bug : 233888

Multiple vulnerabilities were discovered in pwlib, a library used to aid in writing portable applications, whereby a remote attacker could cause a denial of service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk.

For the current stable distribution (woody) this problem has been fixed in version 1.2.5-5woody1.

For the unstable distribution (sid), this problem will be fixed soon. Refer to Debian bug #233888 for details.

We recommend that you update your pwlib package.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.dsc Size/MD5 checksum: 639 2e057d4bb38abbdfebe95ca2962a2733 http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.diff.gz Size/MD5 checksum: 34683 4f5b334e860eea238244d82d8084f6bb http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5.orig.tar.gz Size/MD5 checksum: 749440 b320577dd1cff37cceea57c45de9de85

Alpha architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_alpha.deb Size/MD5 checksum: 130708 899913e27abbbaf9181e363fc5c00184 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_alpha.deb Size/MD5 checksum: 868610 579711836aa1cf6310b445f4f769074d http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_alpha.deb Size/MD5 checksum: 2270224 d51adae04e7caa1fb8c0c77c02ec366d http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_alpha.deb Size/MD5 checksum: 1543738 9903ecfadacc28839ba71daebb2ce272

ARM architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_arm.deb Size/MD5 checksum: 133952 48cb63c89f21dad3e721bbc44d350824 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_arm.deb Size/MD5 checksum: 861230 a1d5d4f66be1c134039139e1d4b686fd http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_arm.deb Size/MD5 checksum: 1841968 a17d84ac845f1bd3ce70f6aab66026f6 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_arm.deb Size/MD5 checksum: 1502856 d97cd24a9fca26db167d92ead0aa6077

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_i386.deb Size/MD5 checksum: 112508 656f942f7909fb0d76f39973111d5839 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_i386.deb Size/MD5 checksum: 788502 c389e02adcf493e704c2a5a1b129a883 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_i386.deb Size/MD5 checksum: 1838780 aacb8d43274e1bed588659640d174a2d http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_i386.deb Size/MD5 checksum: 1301568 c96d4b6b4004dd20dcf93f2b3081dcc3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_ia64.deb Size/MD5 checksum: 146510 f0f35a5d97c4e9c1bc4d71bc0c1f8d60 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_ia64.deb Size/MD5 checksum: 996212 e1bf67b0d5e64ba7910bc602b871e330 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_ia64.deb Size/MD5 checksum: 2466746 bf2a8caa6963954d1f7e95a978f76a5e http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_ia64.deb Size/MD5 checksum: 1774658 7231677252682b0260e5c57469cb420f

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_hppa.deb Size/MD5 checksum: 149596 707e83b5967383808e7f353754864cbd http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_hppa.deb Size/MD5 checksum: 991818 24b024ec88157f7d30bd853883b3aabd http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_hppa.deb Size/MD5 checksum: 2847570 b60a52e989ec6fe77edff22547013d13 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_hppa.deb Size/MD5 checksum: 1993572 dafc6b5a2adec05e389489c344b70a75

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_m68k.deb Size/MD5 checksum: 104312 e70cd451ac98f4d01615e1ec5096c816 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_m68k.deb Size/MD5 checksum: 858732 d513f7ca86a75a0b58cc2f120d47f05b http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_m68k.deb Size/MD5 checksum: 1891398 db5ec25f3f813da5be85a504ceae83bb http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_m68k.deb Size/MD5 checksum: 1297004 b963c654b1cb7b66101b3cbe83c3494e

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_mips.deb Size/MD5 checksum: 126130 86cb6659d891e1b9fecc915c1e06ea71 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_mips.deb Size/MD5 checksum: 758362 72c65ab5fd677f9a0f546f895142fe54 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_mips.deb Size/MD5 checksum: 1998404 15532db557ca3a7358330d30a3273cf1 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_mips.deb Size/MD5 checksum: 1457282 248b40bcf4cb8a5a5c5b4074b457d001

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_powerpc.deb Size/MD5 checksum: 107404 eadf9a2ae2a8672669b7692c53cf1e9e http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_powerpc.deb Size/MD5 checksum: 918814 3b180bd91862ae1f55f0d590359e6ffa http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_powerpc.deb Size/MD5 checksum: 2269394 12646912e9fead507821e021806b4dc5 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_powerpc.deb Size/MD5 checksum: 1659834 9077a25b959e5a7b4d804936ee7f69bb

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_s390.deb Size/MD5 checksum: 97532 1b421333f3099dc46539dc4df4078ce7 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_s390.deb Size/MD5 checksum: 832288 5f4ce30d3fc952317ca233dbd986ad3e http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_s390.deb Size/MD5 checksum: 1930542 e738de76f0665c761f5ff309ed238fa2 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_s390.deb Size/MD5 checksum: 1307926 08e82668880d288c18f472bf291a187c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_sparc.deb Size/MD5 checksum: 105478 19ef591ed5fbd335e3a1d6cf33e177f6 http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_sparc.deb Size/MD5 checksum: 781956 52cb039ef81f2ff5dd1e8b897063e304 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_sparc.deb Size/MD5 checksum: 1906046 049defa3090dc3a97a73c6e6d194d603 http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_sparc.deb Size/MD5 checksum: 1367208 b10e687e83792b0897872431bee9e118

These files will probably be moved into the stable distribution on its next revision.

- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [e-mail:debian-security-announce@lists.debian.org] Package info: 'apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAOXWZArxCt0PiXR4RAsiXAJ48z1yNupkT11kdzWHh9UOO/4l7kACfUK6e Th6O4khHENy4mb0qJc4V3jA= =05/e -----END PGP SIGNATURE-----

-- To UNSUBSCRIBE, email to [e-mail:debian-security-announce-request@lists.debian.org] with a subject of "unsubscribe". Trouble? Contact [e-mail:listmaster@lists.debian.org]

  Nav
» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.