Debians sikkerhedsbulletin

DSA-677-1 sympa -- bufferoverløb

Rapporteret den:
11. feb 2005
Berørte pakker:
sympa
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2005-0073.
Yderligere oplysninger:

Erik Sjölund har opdaget at et supportskript til sympa, et program til håndtering af postlister, kører setuid sympa og er sårbar overfor et bufferoverløb. Dette kunne potentielt gøre det muligt at udføre vilkårlig kode under brugerid'en sympa.

I den stabile distribution (woody) er dette problem rettet i version 3.3.3-3woody2.

I den ustabile distribution (sid) vil dette problem snart blive rettet.

Vi anbefaler at du opgraderer din sympa-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.dsc
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.diff.gz
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3.orig.tar.gz
Arkitekturuafhængig komponent:
http://security.debian.org/pool/updates/main/s/sympa/wwsympa_3.3.3-3woody2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.