Säkerhetsbulletin från Debian
DSA-263-1 netpbm-free -- matematiskt spill
- Rapporterat den:
- 2003-03-17
- Berörda paket:
- netpbm-free
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2003-0146.
CERTs information om sårbarheter, bulletiner och incidenter: VU#378049, VU#630433. - Ytterligare information:
-
Al Viro och Alan Cox upptäckte flera matematiska spillfel i NetPBM, en uppsättning omvandlingsverktyg för grafik. Dessa program installeras inte setuid root men installeras ofta för att förbereda data för behandling. Denna sårbarhet kan göra det möjligt för angripare utifrån att orsaka en överbelastningsattack eller exekvera godtycklig kod.
För den stabila utgåvan (Woody) har detta problem rättats i version 9.20-8.2.
Den gamla stabila utgåvan (Potato) verkar inte påverkas av detta problem.
För den instabila utgåvan (Sid) har detta problem rättats i version 9.20-9.
Vi rekommenderar att ni uppgraderar ert netpbm-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.2.dsc
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.2.diff.gz
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_mips.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mips.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_mips.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_s390.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_s390.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_s390.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.