Originally Published: Sunday, 2 July 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Debian Security Advisory- canna

The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SR_INIT command with a very long usernamd or groupname.

   Page 1 of 1  

------------------------------------------ Debian Security Advisory security@debian.org http://www.debian.org/security/ Wichert Akkerman ------------------------------------------ July 2, 2000

Package : canna Problem type : remote exploit Debian-specific: no

The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SR_INIT command with a very long usernamd or groupname.

This has been fixed in version 3.5b2-24slink1, and recommend that you upgrade your canna package immediately.

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

Debian GNU/Linux 2.1 alias slink -----------------------------------------

This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture.

The packages for the Sun sparc architecture are not available at this moment; they will be announced on :

http://security.debian.org/ when they are.

Sources Archive:

http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.diff.gz http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.dsc http://security.debian.org/dists/stable/updates/source/canna_3.5b2.orig.tar.gz

Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/canna-utils_3.5b2-24slink1_alpha.deb http://security.debian.org/dists/stable/updates/binary-alpha/canna_3.5b2-24slink1_alpha.deb http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g-dev_3.5b2-24slink1_alpha.deb http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g_3.5b2-24slink1_alpha.deb

Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/canna-utils_3.5b2-24slink1_i386.deb http://security.debian.org/dists/stable/updates/binary-i386/canna_3.5b2-24slink1_i386.deb

Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/canna-utils_3.5b2-24slink1_m68k.deb http://security.debian.org/dists/stable/updates/binary-m68k/canna_3.5b2-24slink1_m68k.deb http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g-dev_3.5b2-24slink1_m68k.deb http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g_3.5b2-24slink1_m68k.deb

These files will be moved into:

ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Debian GNU/Linux 2.2 alias potato -------------------------------------------

Please note that potato has not been released yet. However since it is in the final stages of the release process security updates are already being distributed.

The updated packages for potato have already been installed in the archive.

For not yet released architectures please refer to the appropriate directory: ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .





   Page 1 of 1