Ubuntu
nas package

[Sync request] Sync nas (1.8-4) from Debian unstable (main)

Bug #96723 reported by Michael Bienia
256
Affects Status Importance Assigned to Milestone
nas (Ubuntu)
Fix Released
Low
Unassigned
Ubuntu ubuntu-7.04
Breezy
Fix Released
Low
Kees Cook
Dapper
Fix Released
Low
Kees Cook
Edgy
Fix Released
Low
Kees Cook
Feisty
Fix Released
Low
Unassigned
Ubuntu ubuntu-7.04

Bug Description

Binary package hint: nas

Please sync nas (1.8-4) from Debian unstable (main).

The Ubuntu package has no changes.

The package builds cleanly in a feisty pbuilder.

Thanks.

Changelog:

nas (1.8-4) unstable; urgency=high

   * High-urgency upload to fix multiple security holes (CVE-2007-1543,
     CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
    + accept_att_local buffer overflow through USL connection
    + server termination through unexistent ID in AddResource
    + bcopy crash caused by integer overflow in ProcAuWriteElement
    + invalid memory pointer caused by big num_actions in
      ProcAuSetElements
    + another invalid memory pointer caused by big num_actions in
      ProcAuSetElements
    + invalid memory pointer in compileInputs
    + exploits bug 3 in read mode (requires something playing on
      the server)
    + NULL pointer caused by too much connections
    + Closes: #416038

 -- Steve McIntyre <email address hidden> Mon, 26 Mar 2007 00:29:10 +0100

nas (1.8-3) unstable; urgency=medium

  * Added Portuguese debconf translation, thanks to Miguel Figueiredo.
    Closes: #408181.
  * Added Spanish debconf translation, thanks to Steve Lord Flaubert.
    Closes: #409805.

 -- Steve McIntyre <email address hidden> Thu, 8 Feb 2007 00:23:46 +0000

Revision history for this message
Kees Cook (kees) wrote :

I'm going to be doing a full security update for nas on breezy through edgy, and feisty will need it too. Debian's changes are entirely the security fix AFAICT.

Changed in nas:
status: Unconfirmed → Confirmed
assignee: nobody → keescook
importance: Undecided → Medium
status: Unconfirmed → In Progress
assignee: nobody → keescook
status: Unconfirmed → In Progress
assignee: nobody → keescook
status: Unconfirmed → In Progress
Kees Cook (kees)
Changed in nas:
importance: Undecided → Medium
importance: Undecided → Medium
importance: Medium → Low
importance: Medium → Low
importance: Medium → Low
Revision history for this message
Kees Cook (kees) wrote :

Published in USN-446-1.

Changed in nas:
status: In Progress → Fix Released
status: In Progress → Fix Released
status: In Progress → Fix Released
importance: Undecided → Low
Revision history for this message
Sebastien Bacher (seb128) wrote :

[Updating] nas (1.8-2 [Ubuntu] < 1.8-4 [Debian])
 * Trying to add nas...
  - <nas_1.8.orig.tar.gz: already in distro - downloading from librarian>
  - <nas_1.8-4.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <nas_1.8-4.dsc: downloading from http://ftp.debian.org/debian/>
I: nas [main] -> libaudio2_1.8-2 [main].
I: nas [main] -> nas-bin_1.8-2 [universe].
I: nas [main] -> nas_1.8-2 [universe].
I: nas [main] -> nas-doc_1.8-2 [main].
I: nas [main] -> libaudio-dev_1.8-2 [main].

Changed in nas:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.