---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Debian update for cheesetracker SECUNIA ADVISORY ID: SA21759 VERIFY ADVISORY: http://secunia.com/advisories/21759/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for cheesetracker. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the XM loader in cheesetracker/loaders/loader_xm.cpp when handling input files. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution via a specially crafted input file. SOLUTION: Apply updated package. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.dsc Size/MD5 checksum: 659 94fe4cfb651e3fd373a79d8928b7c24c http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.diff.gz Size/MD5 checksum: 14286 c3e831161af73cb234e5ccee329e90ae http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9.orig.tar.gz Size/MD5 checksum: 842246 d2cb55cd35eaaaef48454a5aad41a08d Alpha architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_alpha.deb Size/MD5 checksum: 1138458 aa9cab8b149d4824c4f19ef8f89f2200 AMD64 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_amd64.deb Size/MD5 checksum: 929228 67b42bf5ca9b7b7c230bb21a5ec3942d ARM architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_arm.deb Size/MD5 checksum: 1159110 04e55102d781a572aa1e091a75c7c615 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_hppa.deb Size/MD5 checksum: 1248130 547aa7324369bb2572d28558a418bd6f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_i386.deb Size/MD5 checksum: 904204 286d04ae0c9893c894b67d2336e9aae9 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_ia64.deb Size/MD5 checksum: 1292230 d6e5e7d89f45509cccb1a51498629bdf Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_m68k.deb Size/MD5 checksum: 977470 6287cf1f532affc53921547dd9b9a6a4 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_powerpc.deb Size/MD5 checksum: 968684 839f5a35fe36eb2f12627d5b9e6bbd8b IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_s390.deb Size/MD5 checksum: 871530 9b6f802a60f568a537d7f6e40f15e4da Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_sparc.deb Size/MD5 checksum: 975272 c0cc12c0095961806788d1871acbbf54 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.9.9-6. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://www.us.debian.org/security/2006/dsa-1166 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------