Debianin tietoturvatiedote

DSA-306-1 ircii-pana -- puskurin ylivuotoja, kokonaisluvun ylivuoto

Ilmoitettu:
19. 5.2003
Vaikutuksen alaiset paketit:
ircii-pana
Altis:
Kyllä
Viittaukset tietoturvatietokantoihin:
Bugtraq-tietokannassa (SecurityFocuksella): BugTraq-tunniste 7097, BugTraq-tunniste 7096, BugTraq-tunniste 7099, BugTraq-tunniste 7100.
Mitren CVE-sanakirjassa: CVE-2003-0321, CVE-2003-0322, CVE-2003-0328.
Lisätietoa:

Timo Sirainen havaitsi useita ongelmia BitchX:ssä, suositussa IRC-ohjelmassa (Internet Relay Chat). Pahantahtoinen palvelin voi tuottaa erityismallisia vastausmerkkijonoja, saaden asiakasohjelman kirjoittamaan puskurin rajojen yli tai varaamaan negatiivisen määrän muistia. Tämä saattaa johtaa palvelunestoon mikäli asiakasohjelma ainoastaan kaatuu, mutta myös mielivaltaisen koodin suorittamiseen, chattailevan käyttäjän tunnuksella.

Nämä ongelmat on korjattu vakaan jakelun (woody) versiossa 1.0-0c19-1.1 .

Nämä ongelmat on korjattu aiemman vakaan jakelun (potato) versiossa 1.0-0c16-2.1 .

Nämä ongelmat on korjattu epävakaan jakelun (sid) versiossa 1.0-0c19-8 .

Suosittelemme päivittämään BitchX-paketin.

Korjattu:

Debian GNU/Linux 2.2 (potato)

Lähde:
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.dsc
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_i386.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_m68k.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Lähde:
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.dsc
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_sparc.deb

Listattujen tiedostojen MD5-tarkistussummat ovat luettavissa alkuperäisestä tiedotteesta.