[EMAIL PROTECTED] (Martin Schulze) writes: > -------------------------------------------------------------------------- > Debian Security Advisory DSA 765-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > July 22nd, 2005 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : heimdal > Vulnerability : buffer overflow > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2005-0469 > CERT advisory : VU#291924 > Debian Bug : 305574 > > Gaƫl Delalleau discovered a buffer overflow in the handling of the > LINEMODE suboptions in telnet clients. Heimdal, a free implementation > of Kerberos 5, also contains such a client. This can lead to the > execution of arbitrary code when connected to a malicious server. > > For the old stable distribution (woody) this problem has been fixed in > version 0.4e-7.woody.11. > > For the stable distribution (sarge) this problem has been fixed in > version 0.6.3-10.
Huh? DSA 758 says that a buffer overflow in the telnet _server_ was fixed in sarge by version 0.6.3-10sarge1. I would think that either 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed. > For the unstable distribution (sid) this problem has been fixed in > version 0.6.3-10. Similar story here, I'd say. > We recommend that you upgrade your heimdal package. > > [snip] -- Olaf Meeuwissen EPSON AVASYS Corporation, LAN FSF Associate Member #1962 sign up at http://member.fsf.org/ GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 Penguin's lib! -- I hack, therefore I am -- LPIC-2
