Debians sikkerhedsbulletin

DSA-287-1 epic -- bufferoverløb

Rapporteret den:

15. apr 2003

Berørte pakker:

epic

Sårbar:

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7103, BugTraq-id 7091.
I Mitres CVE-ordbog: CVE-2003-0324.

Yderligere oplysninger:

Timo Sirainen har opdaget flere problemer i EPIC, en populær klient til Internet Relay Chat (IRC). En ondsindet server kan lave særlige svarstrenge, der kan få klienten til at skrive ud over buffergrænser. Dette kan føre til et lammelsesangreb hvis klienten kun går ned, men kan også føre til udførelse af vilkårlig kode under den brugerid, som den chattende bruger har.

I den stabile distribution (woody) er disse problemer rettet i version 3.004-17.1.

I den gamle stabile distribution (potato) er disse problemer rettet i version 3.004-16.1.

I den ustabile distribution (sid) er disse problemer rettet i version 3.004-19.

Vi anbefaler at du opgraderer din EPIC-pakke.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.dsc; http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.diff.gz; http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.dsc; http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.diff.gz; http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.