Debians sikkerhedsbulletin

DSA-976-1 libast -- bufferoverløb

Rapporteret den:

15. feb 2006

Berørte pakker:

libast, libast1

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2006-0224.

Yderligere oplysninger:

Johnny Mast har opdaget et bufferoverløb i libast, "library of assorted spiffy things" (biblioteket med forskellige fikse ting), der kunne føre til udførelse af vilkårlig kode. Biblioteket anvendes af eterm, der installeres setgid uid, hvilket førte til en sårbarhed der muligjorde ændring af utmp-filen.

I den gamle stabile distribution (woody) er dette problem rettet i version 0.4-3woody2.

I den stabile distribution (sarge) er dette problem rettet i version 0.6-0pre2003010606sarge1.

I den ustabile distribution (sid) vil dette problem snart blive rettet.

Vi anbefaler at du opgraderer dine libast-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.dsc; http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz; http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_alpha.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_arm.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_i386.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_ia64.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_hppa.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_m68k.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mips.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mipsel.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_powerpc.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_s390.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_sparc.deb; http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.dsc; http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_alpha.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_amd64.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_arm.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_i386.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_ia64.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_hppa.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_m68k.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mips.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_s390.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_sparc.deb; http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.