Debians sikkerhedsbulletin
DSA-069-1 xloadimage -- buffer-overløb
- Rapporteret den:
- 9. aug 2001
- Berørte pakker:
- xloadimage
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 3006.
I Mitres CVE-ordbog: CVE-2001-0775. - Yderligere oplysninger:
-
Den version af
xloadimage(en billedfremviser til X) som blev distribueret med Debian GNU/Linux 2.2 har et buffer-overløb i den kode der håndterer billeder i FACES-format. Dette kunne udnyttes af en angriber ved at snyde nogen til at kigge på et specielt fremstillet billede vha.xloadimagehvilket kan give angriberen mulighed for at udføre vilkårlig kode.Dette problem er rettet i version 4.1-5potato1.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1-5potato1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1-5potato1.dsc
- http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1-5potato1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/xloadimage_4.1-5potato1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/xloadimage_4.1-5potato1_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/xloadimage_4.1-5potato1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/xloadimage_4.1-5potato1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/xloadimage_4.1-5potato1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/xloadimage_4.1-5potato1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.