DSA-426-1 netpbm-free -- güvensiz geçici dosyalar

To: debian-user-turkish@lists.debian.org
Subject: DSA-426-1 netpbm-free -- güvensiz geçici dosyalar
From: Halil Demirezen <halild@bilmuh.ege.edu.tr>
Date: Mon, 19 Jan 2004 11:35:39 +0200
Message-id: <[🔎] 20040119093539.GA18366@bilmuh.ege.edu.tr>

Rapor Tarihi:
	18 Ocak 2004

Etkilenen Paketler:
	netpbm-free

Güvenlik veritabanı referansları:
	Mitre'nin CVE sözlüğünde: CAN-2003-0924

Ek bilgi:
	netpbm çok fazla sayıda tek amaçlı programın oluşturduğu 
	grafik düzenleme aracıdır. Bu programların çoğu güvensiz bir şekilde
	yerel bir saldırganın problemli netpbm'i çalıştıran kullanıcı haklarıyla 
	düzenleyecegi geçici dosya oluşturmaktadır.

	Şu anki kararlı sürümde (Woody) bu problemler 2:9.20-8.4 versiyonunda
	düzeltilmiştir.
	
	Kararsız sürümde (sid) bu problemler 2:9.25-9 versiyonunda
	düzeltilmiştir.

	netpbm-free paketinizi güncellemenizi öneririz.


Düzeltilen bölümler:

	Debian GNU/Linux 3.0 (woody)

Kaynak:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz

Alpha: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb

ARM: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb

Intel IA-32: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb

Intel IA-64: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb

HPPA: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb

Motorola 680x0: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb

Big endian MIPS: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb

Little endian MIPS: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb

PowerPC: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb

IBM S/390: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb

Sun Sparc: 
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb


Listelenen dosyaların MD5 checksumları orjinal güvenlik duyurusunda mevcuttur:
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00021.html

Attachment: pgpAPH8g_TdiG.pgp
Description: PGP signature

Reply to:

Prev by Date: Re: Sadece bir paketi testing e yükseltmek
Next by Date: DSA-427-1 linux-kernel-2.4.17-mips+mipsel -- eksik sınır kontrolü
Previous by thread: Re: Sadece bir paketi testing e yükseltmek
Next by thread: DSA-427-1 linux-kernel-2.4.17-mips+mipsel -- eksik sınır kontrolü
Index(es):
- Date
- Thread