Säkerhetsbulletin från Debian

DSA-837-1 mozilla-firefox -- buffertspill

Rapporterat den:

2005-10-02

Berörda paket:

mozilla-firefox

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 327452.
I Mitres CVE-förteckning: CVE-2005-2871.

Ytterligare information:

Tom Ferris upptäckte ett fel i IDN-värdnamnshanteringen i Mozilla Firefox, vilket även förekommer i andra webbläsare från samma familj, vilket gjorde det möjligt för angripare utifrån att utföra en överbelastningsattack och troligen exekvera godtycklig kod genom ett värdnamn med bindestreck.

För den stabila utgåvan (Sarge) har detta problem rättats i version 1.0.4-2sarge4.

För den instabila utgåvan (Sid) har detta problem rättats i version 1.0.6-5.

Vi rekommenderar att ni uppgraderar ert mozilla-firefox-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_s390.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_s390.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_sparc.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_sparc.deb; http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.