Debians sikkerhedsbulletin

DSA-767-1 ekg -- heltalsoverløb

Rapporteret den:
27. jul 2005
Berørte pakker:
ekg
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2005-1852.
Yderligere oplysninger:

Marcin Slusarz har opdaget to heltalsoverløbssårbarheder i libgadu, et bibliotek der leveres og anvendes af ekg, en Gadu Gadu-konsolklient og et chatprogram. Sårbarhederne kunne medføre udførelse af vilkårlig kode.

Biblioteket anvendes også af andre pakker som eksempelvis kopete, der bør genstartes for at kunne drage nytte af denne opdatering.

Den gamle stabile distribution (woody) indeholder ikke pakken ekg.

I den stabile distribution (sarge) er disse problemer rettet i version 1.5+20050411-5.

I den ustabile distribution (sid) er disse problemer rettet i version 1.5+20050718+1.6rc3-1.

Vi anbefaler at du opgraderer din ekg-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.dsc
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.diff.gz
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_alpha.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_alpha.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_arm.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_arm.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_i386.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_i386.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_ia64.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_ia64.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_hppa.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_hppa.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_m68k.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_m68k.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mips.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mips.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mipsel.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mipsel.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_powerpc.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_powerpc.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_s390.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_s390.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_sparc.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_sparc.deb
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.