Debian alert: gpm (gpm-root) format string vulnerabilities

Posted by dave on Dec 27, 2001 11:22 AM EDT
Mailing list
Mail this story
Print this story

The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-095-1                   security@debian.org
http://www.debian.org/security/                    Robert van der Meulen
December 27, 2001
- ------------------------------------------------------------------------


Package        : gpm
Problem type   : local root vulnerability
Debian-specific: no

The package 'gpm' contains the 'gpm-root' program, which can be used to
create mouse-activated menus on the console.
Among other problems, the gpm-root program contains a format string
vulnerability, which allows an attacker to gain root privileges.

This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade
your 1.17.8-18 package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz
      MD5 checksum: 8c48aa1656391d3755c289a87db13bf0
    http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
      MD5 checksum: bafbe8ffe73d3b5783e9841f1894af77
    http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz
      MD5 checksum: 9d50c299bf925996546efaf32de1db7b

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb
      MD5 checksum: 0e50705cadfd58777d02fa6806c10bdf
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
      MD5 checksum: cbeeeac3795318255126814d71b7b945
    http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb
      MD5 checksum: f5dd9e395259b037d20e013e112a55e8

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb
      MD5 checksum: 6b41896ddfed4a119d17e5d8e8391384
    http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
      MD5 checksum: f02444fc5a9a6a7c7da0e1cb19df24a6
    http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb
      MD5 checksum: 0ae3eb96377394d65e0e8031d0019147

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb
      MD5 checksum: 18c837abec8360db146681d2a713177a
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
      MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb
      MD5 checksum: 815a1e90fe36e603f0803f92b6898f19
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb
      MD5 checksum: 514a1baee569e548349f7c4dc2941f3d
    http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb
      MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb
      MD5 checksum: ce61772d26c799bce33d729ed7fc67b7
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
      MD5 checksum: 923894ee7bdc1a8e648881eaf5f372da
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb
      MD5 checksum: 019de1ecb144e3d10b5978ea640a24c4
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb
      MD5 checksum: 88d75f4b1f85e6aee903f886b311e127
    http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb
      MD5 checksum: 1ea940b2e3c5d7fade43d75ed3253569

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb
      MD5 checksum: aa2415e6f489af235e173d6d5a69b05f
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
      MD5 checksum: cd823ce39eb4125ed4a8dd0c17362107
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb
      MD5 checksum: 0188cb6c4ffd82a146812e53c1387918

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb
      MD5 checksum: b703c2e30b52446508f18951551839a3
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
      MD5 checksum: b8a75b6ab45f649b9e458cf778545a9e
    http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb
      MD5 checksum: fa4ae1bda04f3b13622d6e6bc9ffcb35
  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8K4LkFLJHZigagQ4RAqikAKC7ogsUzIlAreE5/Mki78uqCnvPpgCgqdRl
t+b1OntlAE3rvVNBC/0vej8=
=ByVf
-----END PGP SIGNATURE-----


  Nav
» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.