[SECURITY] New version of lsof fixes buffer overflow
-----BEGIN PGP SIGNED MESSAGE-----
We have received reports that the lsof package is distributed in
Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow
it is possible for local users to gain root-access. We have fixed
this problem in version 4.37-3.
We recommend you upgrade your lsof package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
- -------------------------------
This version of Debian was released only for the Intel and the
Motorola 68xxx architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.diff.gz
MD5 checksum: d85b3e241693c64c64a523dbc36227ef
ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37-3.dsc
MD5 checksum: 55472cf9e28bddc396ddda653b064a29
ftp://ftp.debian.org/debian/dists/proposed-updates/lsof_4.37.orig.tar.gz
MD5 checksum: af883ff0eb3b1c0f0134a79f18158257
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.35_4.37-3_i386.deb
MD5 checksum: e91000cbaaf9661a1fbb1a268fb5cf7b
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/lsof-2.0.36_4.37-3_m68k.deb
MD5 checksum: 09aa6eccd186a12aeb152f265e37c8b2
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBNtcR4ajZR/ntlUftAQFVBgMAg0A/HjleQ3ljBjggOVQ4VEGvkV8WP6Y6
/N9Jak7HP2Wy8hG7W/Wq5cZ0+JWwLPNDv6MbPItCCuIrC8803hm5ie6hpiAo8fiS
o/xS6VcJTeBGxF/2UXz7vvS7AA/FuaNc
=g5Hf
-----END PGP SIGNATURE-----
Reply to: