Porada dotycząca bezpieczeństwa Debiana

DSA-937-1 tetex-bin -- przepełnienia buforów

Data Zgłoszenia:

12.01.2006

Narażone Pakiety:

Podatny:

Tak

Odnośniki do baz danych na temat bezpieczeństwa:

W systemie śledzenia błędów Debiana: Błąd 342292.
W słowniku CVE Mitre-a CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.

Więcej informacji:

"infamous41md" oraz Chris Evans odkryli kilka przepełnień buforów opartych na stosach w pakiecie xpdf, narżedziu do obsługi plików PDF (Portable Document Format), które są także obecne w tetex-bin, binarnych plikach dla teTeX, które mogą prowadzić do zablokowania systemu poprzez rozbicie się aplikacji, bądź też do uruchomienia dowolnego kodu.

Dla starej stabilnej dystrybucji (woody) błedy te zostały poprawione w wersji 1.0.7+20011202-7.7.

Dla stabilnej dystrybucji (sarge) błędy te zostaną poprawione w wersji 2.0.2-30sarge4.

Dla niestabilnej dystrybucji (sid) błędy te zostały poprawione w wersji 0.4.3-2 of poppler against which tetex-bin links.

Rekomendujemy, byś uaktualnił swój pakiet tetex-bin.

Naprawiony w:

Debian GNU/Linux 3.0 (woody)

Źródło:: http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Źródło:: http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb; http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb

Sumy kontrolne MD5 wymienionych plików dostępne są w oryginalnej poradzie.

Ta strona jest również dostępna w następujących językach:

dansk Deutsch English español français Português svenska

Jak ustawić domyślny język dokumentu

Aby zgłosić problem ze stroną www, prześlij wiadomość po angielsku na debian-www@lists.debian.org lub po polsku na debian-l10n-polish@lists.debian.org. Inne informacje kontaktowe możesz uzyskać na stronie kontaktowej Debiana.