-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 472-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman April 3rd, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : fte Vulnerability : several Problem-Type : buffer overflows Debian-specific: no CVE Ids : CAN-2003-0648 Debian bug : #203871 Steve Kemp and Jaguar discovered a number of buffer overflow vulnerabilities in vfte, a version of the fte editor which runs on the Linux console, found in the package fte-console. This program is setuid root in order to perform certain types of low-level operations on the console. Due to these bugs, setuid privilege has been removed from vfte, making it only usable by root. We recommend using the terminal version (in the fte-terminal package) instead, which runs on any capable terminal including the Linux console. For the stable distribution (woody) these problems have been fixed in version 0.49.13-15woody1. For the unstable distribution (sid) these problems have been fixed in version 0.50.0-1.1. We recommend that you update your fte package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.dsc Size/MD5 checksum: 609 4ce3f8d5ce68e70d8f5800171eb3b4b2 http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.tar.gz Size/MD5 checksum: 559912 4e35205cf4256fbac041ba290e633f30 Alpha architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_alpha.deb Size/MD5 checksum: 74102 83dedc8a780725dbe8073b081a653828 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_alpha.deb Size/MD5 checksum: 199602 ab0c0c86670e4f2f64651f52f7a0403a http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_alpha.deb Size/MD5 checksum: 122700 7be26dee16c2d2938b4f8273562c56b3 http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_alpha.deb Size/MD5 checksum: 197942 5d6ee59128a9360e1c0dc62805c0e100 http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_alpha.deb Size/MD5 checksum: 207180 b85e97f12de35cee17d68ede3e933ba2 ARM architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_arm.deb Size/MD5 checksum: 71608 5e8d77bf80748f3607a99301d111c507 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_arm.deb Size/MD5 checksum: 150768 22e3b88059d61140e81222a043bc0e55 http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_arm.deb Size/MD5 checksum: 122718 e99955a854dbd95537b885921d2b20b5 http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_arm.deb Size/MD5 checksum: 148560 022486dd73f78054855e55efe3a90b3b http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_arm.deb Size/MD5 checksum: 156664 86d50122eb5b823bcb30a1d37ba351c5 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_i386.deb Size/MD5 checksum: 71626 16729e271bb38948ae89ba3766dc8491 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_i386.deb Size/MD5 checksum: 141516 1645111f30e339cbed6ef4bb13cb803f http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_i386.deb Size/MD5 checksum: 124322 d8fd1efd66cd696a88c6e403bdff0d2b http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_i386.deb Size/MD5 checksum: 140162 ff1d2c613b40834b5f23411a61560ead http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_i386.deb Size/MD5 checksum: 146778 385b06d99a0150e187dd98e94e29fe36 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_ia64.deb Size/MD5 checksum: 78128 c6eb92920b98887390928b1655502b9d http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_ia64.deb Size/MD5 checksum: 264434 d2ac6731be692ba2498107ef5d9cc6bc http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_ia64.deb Size/MD5 checksum: 122696 9ae248e75e671bc03a2964e3b7bb2cae http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_ia64.deb Size/MD5 checksum: 261032 2e18827c056d7f99993db4d0bebfe4fb http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_ia64.deb Size/MD5 checksum: 273122 60b262caccd4290008e40cb149b8301e HP Precision architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_hppa.deb Size/MD5 checksum: 73998 ac99b815a02e58311c53e1f8cb068c1c http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_hppa.deb Size/MD5 checksum: 207580 4ac741368c8ee3c9951c038a4eec914c http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_hppa.deb Size/MD5 checksum: 122706 d651c44366bda7660ad08b9c346c7a2e http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_hppa.deb Size/MD5 checksum: 205592 e52154184595ef322973d5f95772863c http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_hppa.deb Size/MD5 checksum: 214532 2e6bd1b6e35b6e5c84574495262698dc Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_m68k.deb Size/MD5 checksum: 70378 6655c66baab59b983f77f30ef3f16bb3 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_m68k.deb Size/MD5 checksum: 126710 f69dcd049d92ff4dac8494989c5cbede http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_m68k.deb Size/MD5 checksum: 122714 aadab6ad515ec1acfc39044cfc3d6c5b http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_m68k.deb Size/MD5 checksum: 125352 e6c5588ebd0808b3069ac09b1a8e7c7f http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_m68k.deb Size/MD5 checksum: 131720 2c15fec4f2e5234907a2e78f63f2cf8d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mips.deb Size/MD5 checksum: 71976 edf9be1182ff20fb63c34dd7bca5911d http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mips.deb Size/MD5 checksum: 189068 a58b831e5b5dcce139df5243ab9cfab9 http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mips.deb Size/MD5 checksum: 122808 2a9de827c427cd7b44223096c1b6fa53 http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mips.deb Size/MD5 checksum: 186822 f68f2e7bc58495a3d7a87e449e14ea7f http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mips.deb Size/MD5 checksum: 195160 47c26ca11949aad7dcbe5c7c1c6dff20 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mipsel.deb Size/MD5 checksum: 71926 65757722fa2cb9df9e6139037bd7603b http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mipsel.deb Size/MD5 checksum: 188276 8de060e1f996b7aa6847180430286c3b http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mipsel.deb Size/MD5 checksum: 122690 f7f79c453c5b94f111a3aa73c17dc9c0 http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mipsel.deb Size/MD5 checksum: 186174 3c1cda10c450f4694a950bfb3d818876 http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mipsel.deb Size/MD5 checksum: 194628 b9bde5aa9ac546bc44dc7c3e73cc65a8 PowerPC architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_powerpc.deb Size/MD5 checksum: 72144 f2e256f4e7802a8c65f4f0159d27851a http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_powerpc.deb Size/MD5 checksum: 153434 f6b1ad3a7e77af9daac9114f00e62b7c http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_powerpc.deb Size/MD5 checksum: 122704 20fa2128e9d5d6456cfafe399d876d9e http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_powerpc.deb Size/MD5 checksum: 151558 716c7bcdefe356a338341c08fcf4ea59 http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_powerpc.deb Size/MD5 checksum: 159448 2b7e59957df4ff0d66bf46b481c0de46 IBM S/390 architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_s390.deb Size/MD5 checksum: 70960 e9d119f457361dc983eab526ad826143 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_s390.deb Size/MD5 checksum: 149092 5012101938d0597fc421ac09c2b10c66 http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_s390.deb Size/MD5 checksum: 122702 0a6176acf340fc75396c89d64e891675 http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_s390.deb Size/MD5 checksum: 147520 8245176bfb3c5ffaa1aff525ddc9f50b http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_s390.deb Size/MD5 checksum: 155422 cca9f5f4fdafcb89bdee5afb117bf125 Sun Sparc architecture: http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_sparc.deb Size/MD5 checksum: 72158 26de448213afdbaf9dae2920448f7370 http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_sparc.deb Size/MD5 checksum: 142988 1612dd5fc622aeb1de19dbec8840e457 http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_sparc.deb Size/MD5 checksum: 122710 1c3903d536725137443aa9680cd3500f http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_sparc.deb Size/MD5 checksum: 141242 0c7d30f936f0f86e11beea711977fb77 http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_sparc.deb Size/MD5 checksum: 149172 5723b04f45c2d3a8ed480c34a683af34 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAb5ohArxCt0PiXR4RAiFzAJ9fmHuMD68iw2eEYI2WTpY3u9ol3QCcC6xy Y00d4Fd8MKjBCr8+c2oVeUs= =nnVM -----END PGP SIGNATURE-----