Rapor Tarihi: 18 Ocak 2004 Etkilenen Paketler: netpbm-free Güvenlik veritabanı referansları: Mitre'nin CVE sözlüğünde: CAN-2003-0924 Ek bilgi: netpbm çok fazla sayıda tek amaçlı programın oluşturduğu grafik düzenleme aracıdır. Bu programların çoğu güvensiz bir şekilde yerel bir saldırganın problemli netpbm'i çalıştıran kullanıcı haklarıyla düzenleyecegi geçici dosya oluşturmaktadır. Şu anki kararlı sürümde (Woody) bu problemler 2:9.20-8.4 versiyonunda düzeltilmiştir. Kararsız sürümde (sid) bu problemler 2:9.25-9 versiyonunda düzeltilmiştir. netpbm-free paketinizi güncellemenizi öneririz. Düzeltilen bölümler: Debian GNU/Linux 3.0 (woody) Kaynak: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb ARM: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb HPPA: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb Listelenen dosyaların MD5 checksumları orjinal güvenlik duyurusunda mevcuttur: http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00021.html
Attachment:
pgpAPH8g_TdiG.pgp
Description: PGP signature