Debian-Sicherheitsankündigung

DSA-113-1 ncurses -- Pufferüberlauf

Datum des Berichts:
18. Feb 2002
Betroffene Pakete:
ncurses
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2002-0062.
Weitere Informationen:

Verschiedene Pufferüberläufe wurden in der »ncurses« Bibliothek im November 2000 behoben. Unglücklicherweise wurde einer übersehen. Er kann zu Abstürzen führen, wenn ncurses-Programme in großen Fenstern verwendet werden.

Das Common Vulnerabilities and Exposures Project hat diesem Problem den Namen CAN-2002-0062 zugewiesen.

Dieses Problem wurde in Version 5.0-6.0potato2 für den stable Release von Debian behoben. Die testing und unstable Releases beinhalten ncurses 5.2, das nicht von diesem Problem betroffen ist.

Es gibt keine bekannte Ausnutzung dieses Problems, aber wir empfehlen allen Benutzern, ncurses unverzüglich zu aktualisieren.

Behoben in:

Debian GNU/Linux 2.2 (potato)

Quellcode:
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz
Architektur-unabhängige Dateien:
http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb
http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb
Alpha:
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb
ARM:
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb
Intel ia32:
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb
Motorola 680x0:
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.