Debians sikkerhedsbulletin

DSA-767-1 ekg -- heltalsoverløb

Rapporteret den:

27. jul 2005

Berørte pakker:

ekg

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-1852.

Yderligere oplysninger:

Marcin Slusarz har opdaget to heltalsoverløbssårbarheder i libgadu, et bibliotek der leveres og anvendes af ekg, en Gadu Gadu-konsolklient og et chatprogram. Sårbarhederne kunne medføre udførelse af vilkårlig kode.

Biblioteket anvendes også af andre pakker som eksempelvis kopete, der bør genstartes for at kunne drage nytte af denne opdatering.

Den gamle stabile distribution (woody) indeholder ikke pakken ekg.

I den stabile distribution (sarge) er disse problemer rettet i version 1.5+20050411-5.

I den ustabile distribution (sid) er disse problemer rettet i version 1.5+20050718+1.6rc3-1.

Vi anbefaler at du opgraderer din ekg-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.dsc; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.diff.gz; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_m68k.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_m68k.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.