Debians sikkerhedsbulletin

DSA-190-1 wmaker -- bufferoverløb

Rapporteret den:
7. nov 2002
Berørte pakker:
wmaker
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2002-1277.
Yderligere oplysninger:

Al Viro har fundet i koden til billedbehandling i Window Maker, en populær windowmanager der ligner NEXTSTEP. Når der blev oprettet et billede, blev der reserveret en buffer ved at gange billedets bredde med højden, men der blev ikke kontrolleret for overløb. Dette gjorde det muligt at få bufferen til at løbe over, hvilket kunne udnyttes ved at anvende specielt fremstillet billedfiler (for eksempel ved forhåndsvisninger af temaer).

Dette problem er rettet i version 0.80.0-4.1 i den aktuelle stabile distribution (woody). Pakker til mipsel-arkitekturen er endnu ikke tilgængelige.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
alpha (DEC Alpha):
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
arm (ARM):
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
hppa (HP PA RISC):
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
i386 (Intel ia32):
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
ia64 (Intel ia64):
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
m68k (Motorola Mc680x0):
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
mips (MIPS (Big Endian)):
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
powerpc (PowerPC):
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
s390 (IBM S/390):
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb
sparc (Sun SPARC/UltraSPARC):
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.