Ubuntu
heimdal package

Remotely exploitable buffer overflow in getterminaltype function

Bug #1176 reported by Björn Torkelsson
6
Affects Status Importance Assigned to Milestone
heimdal (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

As reported in Debian bug #315065 there is a remotely explotiable buffer overflow in getterminaltype.

See also http://www.pdc.kth.se/heimdal/advisory/2005-06-20/

It may also be worth taking a look at Debian bug #305574 or CAN-2005-0469.

As reported in Debian bug #315065 there is a remotely explotiable buffer overflow in getterminaltype.

See also http://www.pdc.kth.se/heimdal/advisory/2005-06-20/

It may also be worth taking a look at Debian bug #305574 or CAN-2005-0469.

See original description

CVE References

Revision history for this message
Björn Torkelsson (torkel) wrote : Patch for CAN-2005-0469

Patch for CAN-2005-0469, stolen from the Debian packege 0.6.3-10sarge1.

Revision history for this message
Björn Torkelsson (torkel) wrote : Patch for CAN-2005-2040

Patch for CAN-2005-2040, stolen from Debian 0.6.3-10sarge1.

Xavier Poinsard (xpoinsard)
Changed in heimdal:
assignee: nobody → motu
Revision history for this message
Martin Pitt (pitti) wrote :

> This bug is fixed for breezy, but the question remains open for hoary : are there security uploads for universe ?

Yes, the community is welcome to fix universe security bugs. Please see

 https://wiki.ubuntu.com/SecurityUpdateProcedures

for the details.

Revision history for this message
Björn Torkelsson (torkel) wrote : debdiff between 0.6.3-7ubuntu1 and 0.6.3-7ubuntu1.1

I finally found some time to do a debdiff for fixing CAN-2005-0469 and CAN-2005-2040. Please review it!

Revision history for this message
Martin Pitt (pitti) wrote :

Thanks for preparing the patch, I reviewed and uploaded it. I also fixed Warty while I was at it.

Changed in heimdal:
status: New → Fixed
Revision history for this message
Automated Backports Builder (john-dong+backport-builder) wrote : Build Started: listen

This is a notification that the automatic backport of listen from gutsy to feisty has started.

You will be notified again once the build is finished.

For additional info and build logs, please see: http://sharkattack.media.mit.edu/inventory/check_builds/101

Thanks,

The Backports Builder

Revision history for this message
Automated Backports Builder (john-dong+backport-builder) wrote : Notification of build FAIL for listen

Howdy! This message is to inform you that the build you requested of listen from gutsy to feisty has been completed.
Its status is: FAIL
For further information, build logs, and testing .deb packages, please see: http://sharkattack.media.mit.edu/inventory/check_builds/101

Thanks,
The Backports Builder

Revision history for this message
Björn Torkelsson (torkel) wrote :

What?

Something seems to be broken.

Revision history for this message
Matti Lindell (mlind) wrote :

the buildd failed to fetch some packages (http status was 404). Someone should trigger a rebuild.

Revision history for this message
Björn Torkelsson (torkel) wrote :

Yeah, but why this bug. It has absolutely nothing todo with listen and it was fixed and closed almost two years ago.

Revision history for this message
Automated Backports Builder (john-dong+backport-builder) wrote : Build Started: listen

This is a notification that the automatic backport of listen from gutsy to feisty has started.

You will be notified again once the build is finished.

For additional info and build logs, please see: http://sharkattack.media.mit.edu/inventory/check_builds/101

Thanks,

The Backports Builder

Revision history for this message
Automated Backports Builder (john-dong+backport-builder) wrote : Notification of build FAIL for listen

Howdy! This message is to inform you that the build you requested of listen from gutsy to feisty has been completed.
Its status is: FAIL
For further information, build logs, and testing .deb packages, please see: http://sharkattack.media.mit.edu/inventory/check_builds/101

Thanks,
The Backports Builder

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.