Debians sikkerhedsbulletin

DSA-743-1 ht -- bufferoverløb, heltalsoverløb

Rapporteret den:
8. jul 2005
Berørte pakker:
ht
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2005-1545, CVE-2005-1546.
Yderligere oplysninger:

Flere problemer er opdaget i ht, et program til vising, redigering og analysering af forskellige ekskvérbare filer. Problemerne kunne medføre udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposure har fundet frem til følgende problemer:

  • CAN-2005-1545

    Tavis Ormandy fra Gentoo Linux Security Team har opdaget et heltalsoverløb i ELF-fortolkerenr.

  • CAN-2005-1546

    Forfatterne har opdaget et bufferoverløb i PE-fortolkeren.

I den gamle stabile distribution (woody) er disse problemer rettet i version 0.5.0-1woody4. Hvad angår arkitekturen HP Precision, anbefales det at du ikke længere bruger denne pakke, da vi ikke kan levere en opdateret pakke fordi det ikke længere er muligt at oversætte den.

I den stabile distribution (sarge) er disse problemer rettet i version 0.8.0-2sarge4.

I den ustabile distribution (sid) er disse problemer rettet i version 0.8.0-3.

Vi anbefaler at du opgraderer din ht-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.dsc
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.diff.gz
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.dsc
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.diff.gz
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.