Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1626-1] New httrack packages fix arbitrary code executi

From Thijs Kinkhorst@1:229/2 to All on Fri Aug 1 10:10:06 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1626-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
August 01, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : httrack
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
BugTraq ID : 30425

Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to
execute arbitrary code when passed excessively long URLs.

For the stable distribution (etch), this problem has been fixed in
version 3.40.4-3.1+etch1.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 3.42.3-1.

We recommend that you upgrade your httrack package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.dsc
Size/MD5 checksum: 950 277074178046b94ceebefa5f5eaee9de
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4.orig.tar.gz
Size/MD5 checksum: 1626176 9e4de064afc1dfcb6f50b773f8081f1c
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.diff.gz
Size/MD5 checksum: 7597 005a605bfabc7f0830d8db87d3ee67fe

Architecture independent packages:

http://security.debian.org/pool/updates/main/h/httrack/httrack-doc_3.40.4-3.1+etch1_all.deb
Size/MD5 checksum: 516676 9f2c726cbc7e6f97dfeda4f8a72c8e77

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 441370 a37aaf592b7ab95fd11eeec082d4919a
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 395946 7eea58a1b8a7d6d11501ec2e879f0167
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 61108 0894913629340bd559c929d07a05f19f
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 31766 63db4ac65e705d74d1eab458b33f56e5
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_amd64.deb
Size/MD5 checksum: 491618 e8a2076bb272020be529c39a53eea534

arm architecture (ARM)

http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 33424 eed7c807ccebd9db0722545849938d0f
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 281686 1b4a63e9fea5cdbcd49eb02354fd0608
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 350912 9c85eea85e7bf24b734f259ecba0a303
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 443078 64a26f96bfb086474c47a9f37d9db15d
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_arm.deb
Size/MD5 checksum: 59448 70d880740666db737ef8cbc8730e5377

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 34180 5ac05721cb623cf7c25b9bffbc81ad6d
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 65948 7a8fa1831ffadffab827c2a8ecc44068
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 321760 ee4562bcf5255b6addf8ac0b673d19fe
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 440990 594b8679acb8e05c9b0bede368a86ad3
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_hppa.deb
Size/MD5 checksum: 438154 2bc91f3ebd931a161595b2c95253d15a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 32152 4f545c6163fc8516c6d0dae9ddf6082e
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 59458 4c81a59964535c95ccdb08916fc47f63
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 482448 8db927e07b642477f60cb0e4beeb2b3e
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 438432 ae91317aa8eb3a32fdf6b5be6a3c153b
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_i386.deb
Size/MD5 checksum: 365534 c38c17f82ea6b110c52d17d6a8098563

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 92114 88d98af0e94dbe1137db57341c0d7fe3
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 35186 fcf89c422fdac82f9e436bd4ff13d161
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 736406 a4a9b2fdd5d4ba5e0147e56e39a81bb3
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 450002 523074d62431c05143a8db9d0d3ca8b3
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_ia64.deb
Size/MD5 checksum: 501600 b0b7938e039dc12e6289353407a66f24

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mips.deb
Size/MD5 checksum: 422550 ddefd0cf52d210266bc10c1d6dfec2f1

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	157:55:18
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,755

[SECURITY] [DSA 1626-1] New httrack packages fix arbitrary code executi

Who's Online

Recent Visitors

System Info