Debian update for gkrellm-newsticker - Secunia Advisories - Vulnerability Intelligence

Debian update for gkrellm-newsticker
Secunia Advisory:	SA8651	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-04-24
Popularity:	6,086 views

Critical:	Moderately critical
Impact:	DoS System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.0 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0205 CVE-2003-0206

Description: Debian reports two vulnerabilities in gkrellm-newsticker, which can be exploited by a malicious person to cause a DoS (Denial of Service) on a user's system or potentially compromise it. The first vulnerability is caused by an input validation error because special shell characters are not escaped properly. This can be exploited to execute arbitrary commands on a clients system if the ticker title is clicked using the URL given by the feed. The second vulnerability is caused by an error in handling link or title elements, which are longer than a single line. This can be exploited to cause a DoS if a malicious server is visited. Solution: Updated packages: -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updat...ticker/gkrellm-newsticker_0.3-3.1.dsc Size/MD5 checksum: 736 48df0aef0622167773057cd7bf0fd17f http://security.debian.org/pool/updat...er/gkrellm-newsticker_0.3-3.1.diff.gz Size/MD5 checksum: 2468 bc17c9c128b8a2550f7812dae9f4b163 http://security.debian.org/pool/updat...er/gkrellm-newsticker_0.3.orig.tar.gz Size/MD5 checksum: 25849 41a647c4671f6801ed9b3a3de7d414ca Alpha architecture: http://security.debian.org/pool/updat.../gkrellm-newsticker_0.3-3.1_alpha.deb Size/MD5 checksum: 43506 47726e8c350b581bbf453f5d5c231dbd ARM architecture: http://security.debian.org/pool/updat...er/gkrellm-newsticker_0.3-3.1_arm.deb Size/MD5 checksum: 37756 addfe4f87f35f0243a83b0e5e9286646 Intel IA-32 architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_i386.deb Size/MD5 checksum: 36030 48cc15c0da005d6b53757dfcee318dd0 Intel IA-64 architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_ia64.deb Size/MD5 checksum: 47160 f195d6caee4c186ed2ee6921eb454daa HP Precision architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_hppa.deb Size/MD5 checksum: 43974 5140d9e63e1647ff314c0c4044ddd4d3 Motorola 680x0 architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_m68k.deb Size/MD5 checksum: 42164 3a2f0b85e3c7d6ee741c121f719c33ad Big endian MIPS architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_mips.deb Size/MD5 checksum: 36786 84ba4b61bd0c3c32459829a27ed1b010 Little endian MIPS architecture: http://security.debian.org/pool/updat...gkrellm-newsticker_0.3-3.1_mipsel.deb Size/MD5 checksum: 35532 ead6c8290f38890b11188406c990180d PowerPC architecture: http://security.debian.org/pool/updat...krellm-newsticker_0.3-3.1_powerpc.deb Size/MD5 checksum: 41210 cb1ee388ea55ce2d4e5e7d7f2af1cf52 IBM S/390 architecture: http://security.debian.org/pool/updat...r/gkrellm-newsticker_0.3-3.1_s390.deb Size/MD5 checksum: 42644 1c1bc26dcf280c12df5785c6ba6afe24 Sun Sparc architecture: http://security.debian.org/pool/updat.../gkrellm-newsticker_0.3-3.1_sparc.deb Size/MD5 checksum: 39512 4a731f1d3ff438ab0d8b2fd3852a45a0 -- Debian GNU/Linux unstable alias sid -- Not fixed yet. Provided and/or discovered by: Debian credits Brian Campbell. Original Advisory: http://www.debian.org/security/2003/dsa-294

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

2nd Dec, 2008

New advisories:	14
New vulnerabilities:	21
Updated advisories:	26

Less // 366 views

Linksys WRT160N Cross-Site Scripting Vulnerability

Less // 348 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 271 views

Debian update for flamethrower

Not // 267 views

flamethrower Insecure Temporary Files

Less // 321 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 307 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 307 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 292 views

Rumpus Multiple Vulnerabilities

Less // 310 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 329 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.