Debians sikkerhedsbulletin
DSA-298-1 epic4 -- bufferoverløb
- Rapporteret den:
- 2. maj 2003
- Berørte pakker:
- epic4
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7098, BugTraq-id 7095, BugTraq-id 7094, BugTraq-id 7093.
I Mitres CVE-ordbog: CVE-2003-0323. - Yderligere oplysninger:
-
Timo Sirainen har opdaget flere problemer i EPIC4, en populær klient til Internet Relay Chat (IRC). På en ondsindet server kunne der laves særlige svarstrenge, der kunne få klienten til at skrive ud over buffergrænser. Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne også føre til udførelse af vilkårlig kode under den chattende brugers brugerid.
I den stabile distribution (woody) er disse problemer rettet i version 1.1.2.20020219-2.1.
I den gamle stabile distribution (potato) er disse problemer rettet i version pre2.508-2.3.
I den ustabile distribution (sid) er disse problemer rettet i version 1.1.11.20030409-1.
Vi anbefaler at du opgraderer din EPIC4-pakke.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3.dsc
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3.diff.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1.dsc
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1.diff.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.