From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1815-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
June 14, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libtorrent-rasterbar
Vulnerability : programming error
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1760
It was discovered that the Rasterbar Bittorrent library performed
insufficient validation of path names specified in torrent files, which
could lead to denial of service by overwriting files.
The old stable distribution (etch) doesn't include libtorrent-rasterbar.
For the stable distribution (lenny), this problem has been fixed in
version 0.13.1-2+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 0.14.4-1.
We recommend that you upgrade your libtorrent-rasterbar package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.diff.gz
Size/MD5 checksum: 5295 ad26ec230cfb51e8b1a11053c631e23a
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1.orig.tar.gz
Size/MD5 checksum: 1469775 9d6b112fedc5861402647ff72e95dba0
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.dsc
Size/MD5 checksum: 1688 615d598da6448acb06a5564b5af98504
Architecture independent packages:
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-doc_0.13.1-2+lenny1_all.deb
Size/MD5 checksum: 494718 2ff3232090c18212dceab0c240ad5b6a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_alpha.deb
Size/MD5 checksum: 2847180 bdc11c81ec50ef9c87e473a5adedef4d
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_alpha.deb
Size/MD5 checksum: 1191354 7fc10d95bb5fb39218ef46a4e0256aa0
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_alpha.deb
Size/MD5 checksum: 7486406 be3e0f535a318d69bd8d8f84987c00c9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_amd64.deb
Size/MD5 checksum: 991572 8bfc1c7c2a0e715830b6b869d6700826
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_amd64.deb
Size/MD5 checksum: 1958800 6f925903c79b0c09c861cfafc154fddb
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_amd64.deb
Size/MD5 checksum: 7578292 b5fda43c6ef50c504a11362f34efba69
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_arm.deb
Size/MD5 checksum: 1083396 265b8b109918bdb5a7cbd7a93a98f906
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_arm.deb
Size/MD5 checksum: 7278890 4f175b83c43250504e3e6e927b1aa95b
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_arm.deb
Size/MD5 checksum: 2081302 f75e702139b6e6df8282ca8db807358a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_armel.deb
Size/MD5 checksum: 863962 d3e22f0d17881578c94ff18577c7b0ff
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_armel.deb
Size/MD5 checksum: 2114218 28a9d8dd167a77c1c350c5f0c26656bb
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_armel.deb
Size/MD5 checksum: 7401594 096572e6a80d8e2629893d2eda7b06b2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_hppa.deb
Size/MD5 checksum: 1131024 69724d35147d2cb2d47f47b1dd2d09f2
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_hppa.deb
Size/MD5 checksum: 2188616 48986004e631fcb30dc617dd09d6bb7e
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_hppa.deb
Size/MD5 checksum: 7447584 9c0ef400fb8a6af2fed8e57572749e82
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_i386.deb
Size/MD5 checksum: 7466610 561fa4b4cc308ab89142ba8745144839
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_i386.deb
Size/MD5 checksum: 986646 fbae1919d47696f1160191896ee51fe2
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_i386.deb
Size/MD5 checksum: 1837994 706c48fe6df16cf87954938079b83bbd
ia64 architecture (Intel ia64)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)