Säkerhetsbulletin från Debian

DSA-113-1 ncurses -- buffertspill

Rapporterat den:

2002-02-18

Berörda paket:

ncurses

Sårbara:

Referenser i säkerhetsdatabaser:

I Mitres CVE-förteckning: CVE-2002-0062.

Ytterligare information:

Flera buffertspill rättades i "ncurses"-biblioteket i november 2000. Tyvärr missades en, vilken kan leda till krascher när ncursesprogram används i stora fönster.

Common Vulnerabilities and Exposures project har tilldelat detta problem namnet CAN-2002-0062.

Detta problem har rättats för den stabila utgåvan av Debian i version 5.0-6.0potato2. Uttestnings- och den instabila utgåvan av Debian innehåller ncurses 5.2, vilken inte påverkas av detta problem.

Det finns inga kända sätt att utnyttja detta problem, men vi rekommenderar att alla användare uppgraderar ncurses omedelbart.

Rättat i:

Debian GNU/Linux 2.2 (potato)

Källkod:: http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz
Arkitekturoberoende komponent:: http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb; http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb
Alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb
ARM:: http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb
Intel ia32:: http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb
Motorola 680x0:: http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb
PowerPC:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.