Debians sikkerhedsbulletin

DSA-878-1 netpbm-free -- bufferoverløb

Rapporteret den:

28. okt 2005

Berørte pakker:

netpbm-free

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-2978.

Yderligere oplysninger:

Et bufferoverløb er fundet i pnmtopng-komponenten i pakken netpbm, en samling værktøjer til konvertering af grafik. Denne sårbarhed kunne gøre det muligt for en angriber at udføre vilkårlig kode som en lokal bruger vha. en særligt fremstillet PNM-fil.

Den gamle stabile distribution (woody) er ikke sårbar over for dette problem.

I den stabile distribution (sarge) er dette problem rettet i version 10.0-8sarge1.

I den ustabile distribution (sid) er dette problem rettet i version 10.0-10.

Vi anbefaler at du opgraderer dine netpbm-free-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.dsc; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.diff.gz; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter

For at rapportere et problem med webstedet sendes en e-mail på engelsk til debian-www@lists.debian.org. Se Debians kontaktside for andre kontaktoplysninger.

Senest opdateret: Søn 16. nov 2008 kl. 08.14.57 UTC
Ophavsretsbeskyttet © 2005-2008 SPI; Se licensbetingelserne
Debian er et registreret varemærke tilhørende Software in the Public Interest, Inc.