- --------------------------------------------------------------------------Debian Security Advisory DSA 731-1                     security@debian.org
https://www.debian.org/security/                             Martin Schulze
June 2nd, 2005                          https://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : krb4
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-0468 CAN-2005-0469
CERT advisories: VU#341908 VU#291924

Several problems have been discovered in telnet clients that could be
exploited by malicious daemons the client connects to.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2005-0468

    Gaël Delalleau discovered a buffer overflow in the env_opt_add()
    function that allow a remote attacker to execute arbitrary code.

CAN-2005-0469

    Gaël Delalleau discovered a buffer overflow in the handling of the
    LINEMODE suboptions in telnet clients.  This can lead to the
    execution of arbitrary code when connected to a malicious server.

For the stable distribution (woody) these problems have been fixed in
version 1.1-8-2.4.

For the testing distribution (sarge) these problems have been fixed in
version 1.2.2-11.2.

For the unstable distribution (sid) these problems have been fixed in
version 1.2.2-11.2.

We recommend that you upgrade your krb4 packages.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:     1184 6bdded56c97fa8107ef830b988f607e8
          Size/MD5 checksum:  1842344 72c2e4f7b2237d402d3bb826958b9cbf

  Architecture independent components:

          Size/MD5 checksum:    99064 d5181a379088ba2d6fff47daa2706573
          Size/MD5 checksum:    57774 fdea145b1d29e8eea163e9062750fac2
          Size/MD5 checksum:    57784 da4abd2e843f2e5498a3540e19fed314
          Size/MD5 checksum:    57766 921d105b7d61287fbf04b1ddb05e878e
          Size/MD5 checksum:    57752 cde4890f731272dedba748c59c5f4714

  Alpha architecture:

          Size/MD5 checksum:   343628 385d891e20b179630db9bf9396ef77b1
          Size/MD5 checksum:    95284 8f97fefadadb521ba59b9769e8ed4b4f
          Size/MD5 checksum:   190266 aae79a35aae04dfc4488551ab8f499d5
          Size/MD5 checksum:   176606 5a7833beb565f93423b6c48bc86daf3d
          Size/MD5 checksum:   133012 72aea2cc8984a2001f1e9a880f98fbdc
          Size/MD5 checksum:    69828 e4930a1afaab442b515fe6dcc409a41c
          Size/MD5 checksum:   255048 c7c459d7ca550084ef0a75231bd299af
          Size/MD5 checksum:    75540 6f20965b4456e941f305b8904989a407
          Size/MD5 checksum:    64304 ff8db60625d0b44db2c0abb68b83729f
          Size/MD5 checksum:    69874 a638ec98a6015fa5896da560da20a5ff
          Size/MD5 checksum:    68558 c96c16f3c02ea65c82ce6050ca14c2a7
          Size/MD5 checksum:   110480 c4a36bcaf819f5902d86d3c57e6a6dd0

  ARM architecture:

          Size/MD5 checksum:   279920 b36455f050c57063c9f1e32b49c1dc81
          Size/MD5 checksum:    88428 bb65f5be94241d6c2998eb0a145bbfa0
          Size/MD5 checksum:   164412 942498227ec66edf942ffe8ff97e5808
          Size/MD5 checksum:   149744 b38f69ee0b7637ec8b2d6d396a2d5b1f
          Size/MD5 checksum:   115090 973d6ed2dd4a4744cc8e723d5f062a30
          Size/MD5 checksum:    67992 a7b8e6979f72a62e00fb8ac3864ae998
          Size/MD5 checksum:   210692 5b4ea01a1eacb95190f03f790b056483
          Size/MD5 checksum:    71664 36485ac26d2bd938523e274d8b80ff0b
          Size/MD5 checksum:    65028 78a0bfa44d242db1325a48cad7b105cc
          Size/MD5 checksum:    67232 581df67f27708725e9221e203ff5bfc9
          Size/MD5 checksum:    66762 0768c6927572eb16500fee8cd3af8002
          Size/MD5 checksum:   100238 853c6c17ae900efa6973f91183e2e9df

  Intel IA-32 architecture:

          Size/MD5 checksum:   272108 10dee071c702df920b9495257a93ff61
          Size/MD5 checksum:    87084 57a158845fa61c3b05c55e43623cdc55
          Size/MD5 checksum:   158642 b66a77d5d02b86394988c8c978b9debd
          Size/MD5 checksum:   143100 6ffed02175cc521673662010a55c48a1
          Size/MD5 checksum:   114716 62f56816e19dc2b9511793f2ef9b435d
          Size/MD5 checksum:    67790 936feb9747d8b573165733977b2a8d01
          Size/MD5 checksum:   205748 8997300c132105857298903f02f8bf13
          Size/MD5 checksum:    71776 70ad9d8f4d10f5e5b5bd8ecb67032773
          Size/MD5 checksum:    63482 3195fbf3dfd0b4c1743193225bd9c8ec
          Size/MD5 checksum:    67244 c68dce5b363a95e7933463db11fd2267
          Size/MD5 checksum:    66598 4c3ec3e5f98f96a57f797616610c4fca
          Size/MD5 checksum:    99192 70a50c72572ce6218b61da2c0dd09a3e

  Intel IA-64 architecture:

          Size/MD5 checksum:   398268 43b250a185940d6ac1cc4335cbbd14ce
          Size/MD5 checksum:   102836 5d18cf741757b9eae39dcce5e3962ec2
          Size/MD5 checksum:   199410 3343a4f437f9d33ed9bebda1c326f72b
          Size/MD5 checksum:   183592 668a7a06840dd9c228e8f64eed5c5788
          Size/MD5 checksum:   138298 52838f237341a2eab6a7eecb5fcd0496
          Size/MD5 checksum:    71908 11fd865cd3661a4875dc4ea4d562ec2a
          Size/MD5 checksum:   291830 5fd2ac4e78cb548dbe8773a9a5da9c34
          Size/MD5 checksum:    78640 698e1eb66a8ae2cf8feabbfbd7658802
          Size/MD5 checksum:    66322 e20bb0f8243b9caf3c9c7f61e6e2b8ec
          Size/MD5 checksum:    72076 c12992a64c8b92f1878177b2ce5e890a
          Size/MD5 checksum:    70918 46e8152817fa20a2f30295fbe4f91f09
          Size/MD5 checksum:   122086 b53c727cc5108441a4145e3495439b35

  HP Precision architecture:

          Size/MD5 checksum:   311738 71b00c42d72d091b992719493997de7e
          Size/MD5 checksum:    92164 abaa4cc522e36047318997a536fdea44
          Size/MD5 checksum:   180700 9b35e3d04c5e36cbf6e90fcb70281342
          Size/MD5 checksum:   167878 a4834233237bde1bfd2fb96dba8bdcd9
          Size/MD5 checksum:   120244 01a5853992258debe90f87458682890d
          Size/MD5 checksum:    69364 ef4e9cbf7b03e073bf7cb6ecd42aaaa9
          Size/MD5 checksum:   231080 1c0a2fbc3994f9fb15b3d1a101cf7d14
          Size/MD5 checksum:    73532 8f534c3312c774bc6bd8beb1c54ec69d
          Size/MD5 checksum:    66488 e60ebb3799435f5d33442ca190172a68
          Size/MD5 checksum:    68878 0d20475688f4901c954fffcf540e8235
          Size/MD5 checksum:    68374 d3d241066bc9bd531ad2404de65d5987
          Size/MD5 checksum:   110428 794d58b8be6410cf6d5594f431a07711

  Motorola 680x0 architecture:

          Size/MD5 checksum:   262944 81abba94aad783d45ed84f44f7a2e6bf
          Size/MD5 checksum:    86084 b790e831c8ff77f6fd5e54cc473d6bc0
          Size/MD5 checksum:   155526 3062befc48d0b1f958e93cdbe65035ff
          Size/MD5 checksum:   147140 c002b4fd4d0cd6efe25d07e49f871f02
          Size/MD5 checksum:   112848 75998a16d2bf4edca6af48c38bcc1aed
          Size/MD5 checksum:    67514 b1cc103e0d1c1c5d392a08594c0d3e31
          Size/MD5 checksum:   198468 2e24ebe415736fdf332d1b2c2db6b464
          Size/MD5 checksum:    71310 a82e05d6c009555f8d2788ef41fb5d7c
          Size/MD5 checksum:    63398 07f48ce7b80ac08cda10cc2a57b34aaf
          Size/MD5 checksum:    67258 9052a2a7f470d1f779ab9bde552612c8
          Size/MD5 checksum:    66608 e679a6617eed815715b1dd47e5430ca0
          Size/MD5 checksum:    99236 349493159779745c909813254b90e7e9

  Big endian MIPS architecture:

          Size/MD5 checksum:   304602 e0d472f64a5e3130cc6a20d403941c5e
          Size/MD5 checksum:    90250 7ffd51ee617628af6ff0b7eb90091e66
          Size/MD5 checksum:   178064 9124e10afec4272b4f4201062c8452eb
          Size/MD5 checksum:   163104 2eb839ecca8cd194be4128f835412b64
          Size/MD5 checksum:   118420 add9ccbd16e845cd638831070b019c4b
          Size/MD5 checksum:    68774 bd74f1da9d070086b823b9d6baf188f4
          Size/MD5 checksum:   226288 d19bd6224a4d21683413bf77b19c73b5
          Size/MD5 checksum:    73250 9d76edb03f8544b4044110809c4b5d05
          Size/MD5 checksum:    64882 60b6f64f2ed498ec9194fc424aef89d9
          Size/MD5 checksum:    67624 fa9a078cc07fe86487f3e1b887d78ae9
          Size/MD5 checksum:    66918 56f9840d2bc2110079a731e868a08a91
          Size/MD5 checksum:   102202 a3c52e9cca3b3bccd9ed6bb6ded7e07a

  Little endian MIPS architecture:

          Size/MD5 checksum:   303732 84d9c7313173a91c70371e33d12c971d
          Size/MD5 checksum:    90316 2a973e74a40781b2e05f2dceb11c4bad
          Size/MD5 checksum:   178078 37d00c3747b795629154764d4db28213
          Size/MD5 checksum:   158686 ec9e639437ad9c68b6ffc0db2773e051
          Size/MD5 checksum:   118758 fe6efb310ccbcabf13028f5008d218d5
          Size/MD5 checksum:    68656 a92b7618e49210329f110cabeb93b5bc
          Size/MD5 checksum:   226050 3ebd562fe260e9e8c70f2a02880f6ece
          Size/MD5 checksum:    73282 7d4d97299530c714800c6f99050bdc64
          Size/MD5 checksum:    64932 ad168d3a89f9fd9290242de1e1335fe0
          Size/MD5 checksum:    67602 d85a197d8b507e4d4e50acb393fecd07
          Size/MD5 checksum:    66882 45dc7776f1e9f909941a05eee19dbb43
          Size/MD5 checksum:   101912 9ce7246c238d060447332ac9d8584a89

  PowerPC architecture:

          Size/MD5 checksum:   282010 374baf39fbffb0cc98d7bd4c13688988
          Size/MD5 checksum:    88678 c567f1fbb394af02942b23668f52af66
          Size/MD5 checksum:   171132 cb3bfe6b32be2e9c1f5712d1b381d9e0
          Size/MD5 checksum:   169994 25ad92567a7e0ace023f7cbdd917dbdd
          Size/MD5 checksum:   115448 c3dd348d1d10470e62eff7364162fc72
          Size/MD5 checksum:    68326 068509fc76c447a7549f940554e3b3bc
          Size/MD5 checksum:   211518 5964bdb97e3b0b90ca97d9471b4212a3
          Size/MD5 checksum:    72268 16c8559a8cae6686753350ea3dd449a0
          Size/MD5 checksum:    64766 0f0fc03670705067eab1a3bf4e6befc3
          Size/MD5 checksum:    67666 44080a82d1037846a397fa00cec92c9c
          Size/MD5 checksum:    66998 620da25542e3c5fe8657b3dc45a4e1aa
          Size/MD5 checksum:   102684 eb922602d3d560c40bcb8b385268a288

  IBM S/390 architecture:

          Size/MD5 checksum:   287378 b40e9e8af76d5dceb55f21bb853f7586
          Size/MD5 checksum:    90396 0536d5f3e46164fb5c998477099975b0
          Size/MD5 checksum:   162898 ea8dd76318466528e8b021219772343c
          Size/MD5 checksum:   155000 88ac614a6931f767f82b316fe4c258ba
          Size/MD5 checksum:   117886 a82b53c07c6a73e29fa9279f5a06d78f
          Size/MD5 checksum:    68576 19c939cd07039b4b42e56a6356c02b90
          Size/MD5 checksum:   218086 debdcaa92fd945fcd156b79731f6cfc7
          Size/MD5 checksum:    72894 fbdc7a602f69fdffcb69b5f9398c0365
          Size/MD5 checksum:    64046 8610853cae5583efe5fd49982db5bac0
          Size/MD5 checksum:    68116 54e802f210fa9f21c6d12769902b1134
          Size/MD5 checksum:    67450 90e886b70ad94e702ff640db3fd016d5
          Size/MD5 checksum:   104424 f06bab5fa74964259bc7104a19bce7a7

  Sun Sparc architecture:

          Size/MD5 checksum:   294108 b06d895de425511f0abde356af9e163f
          Size/MD5 checksum:    89138 54c80cefac79167c2ef8de7a380e08ce
          Size/MD5 checksum:   163624 658704d0ad8418bfeb52ae5708806bf5
          Size/MD5 checksum:   154464 87af698b933adbfaaf72eec45da508a1
          Size/MD5 checksum:   115784 ec720b15cbfbfdb55056190fcc8b494b
          Size/MD5 checksum:    67984 a3272a6ce028be872f411d5befd13941
          Size/MD5 checksum:   215084 bd150a94c5369be95e7603d38bfff84b
          Size/MD5 checksum:    71862 93ab23f2c49bdf289ae2c378592181f6
          Size/MD5 checksum:    64350 50c3ba9fe7ae504fa74b534eb000b276
          Size/MD5 checksum:    67806 b9591b67e8353a686abc2b66c1ff41ec
          Size/MD5 checksum:    66696 51ec19d73f9407189e9f64c29cbb2379
          Size/MD5 checksum:   102106 06334ad3db62bb37744cd1bd4df1d3e8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org