Hosting Provided By

[SECURITY] [DSA 1288-2] New pptpd packages fix regression

From: Moritz Muehlenhoff <jmm(at)debian.org>
Date: Sun Sep 02 2007 - 17:01:08 EDT

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

-------------------------------------------------------------------------- Debian Security Advisory DSA 1288-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 2nd, 2007 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : pptpd 
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-0244

A regression in the handling of out-of-order sequence numbers of some MPPE implementations was fixed. For reference the original advisory below:

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service.

The oldstable distribution (sarge) is not affected by this problem.

For the stable distribution (etch) this problem has been fixed in version 1.3.0-2etch2.

For the unstable distribution (sid) this problem has been fixed in version 1.3.4-1.

We recommend that you upgrade your pptpd packages.

Upgrade Instructions

- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Do you need help?

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

- -------------------------------

Source archives:

    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2.dsc
      Size/MD5 checksum:      599 9098a1a6ebac37015c1159a2c6a21655
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2.diff.gz
      Size/MD5 checksum:    11339 495273aeca7469ef97b157af54b8b89e
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0.orig.tar.gz
      Size/MD5 checksum:   204099 75d494e881f7027f4e60b114163f6b67

Alpha architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_alpha.deb
      Size/MD5 checksum:    21576 86f8e1420d2b39f23ca52aad8b9462f8
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_alpha.deb
      Size/MD5 checksum:    64776 12d4251d52d6aa4faec9d89c3f9a0c54

Do you need more help?

AMD64 architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_amd64.deb
      Size/MD5 checksum:    20446 a6a3007abffaf4393940ac641396e909
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_amd64.deb
      Size/MD5 checksum:    59294 db123a85074522fa397403360f3c0afe

ARM architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_arm.deb
      Size/MD5 checksum:    20204 c9b704f2fe5f4f70f04ae9a68673f7d2
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_arm.deb
      Size/MD5 checksum:    60602 68586cc6440aa2f92eb4930386dc81c4

HP Precision architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_hppa.deb
      Size/MD5 checksum:    21030 eecadad57b44403e9ddf91691922744a
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_hppa.deb
      Size/MD5 checksum:    59872 ca8b7cefd65e309eb73ded39aa28b83a

Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_i386.deb
      Size/MD5 checksum:    20182 ddbd3620e2252b06c58850f0c9470f2f
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_i386.deb
      Size/MD5 checksum:    57504 4ac1a61fbec2faba596b3ff4b8c7dc85

Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_ia64.deb
      Size/MD5 checksum:    23678 706574fe45f2dbb66df8433a181ce108
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_ia64.deb
      Size/MD5 checksum:    73974 b1fbb3a8d5f21cb4800f39b2fac15e9b

Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_mips.deb
      Size/MD5 checksum:    20754 fb8a7880d78b0aa9584d81eb8455195f
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_mips.deb
      Size/MD5 checksum:    59778 db4a1e66a2af55f1dbd1367661e9b988

Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_mipsel.deb
      Size/MD5 checksum:    20878 03784167b79d65347c14eb5295bbf364
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_mipsel.deb
      Size/MD5 checksum:    60392 43255efe577c7dfad1bde0667040f44f

PowerPC architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_powerpc.deb
      Size/MD5 checksum:    20554 a70b545ca9e62f8460da3a2deb308dac
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_powerpc.deb
      Size/MD5 checksum:    61330 7bbb717e342da28d24a7c46edf24c7c0
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek

Can we help you?

IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_s390.deb
      Size/MD5 checksum:    20496 8eee9314e2285efb7c06b54047a02adf
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_s390.deb
      Size/MD5 checksum:    58274 7b7f426cb51fca01579a5480d562ec77

Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch2_sparc.deb
      Size/MD5 checksum:    20164 5d7de3ee3845dfb7583a8d4df13ea0b7
    
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch2_sparc.deb
      Size/MD5 checksum:    57050 0cf177e1bc22d8d8c157dcff87b7c86f

These files will probably be moved into the stable distribution on its next update.

--------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG2yRjXm3vHE4uyloRAvFLAJ9lYrGnyxhsMXXdCTDlf4OlwVej8ACeNvnj AOrKpwexK77cI/Bg0mR6r1Q=
=Tcdo
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Sep 2 17:06:46 2007

This message: [ Message body ]
Next message: Moritz Muehlenhoff: "[SECURITY] [DSA 1367-1] New krb5 packages fix arbitrary code execution"
Previous message: Moritz Muehlenhoff: "[SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:58:05 EDT