Debians sikkerhedsbulletin
DSA-1882-1 xapian-omega -- manglende fornuftighedskontrol af inddata
- Rapporteret den:
- 9. sep 2009
- Berørte pakker:
- xapian-omega
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2009-2947.
- Yderligere oplysninger:
-
Man opdagede at xapian-omega, en CGI-grænseflade til søgning i xapian-databaser, ikke på korrekt vis indkapslede brugerleverede inddata når der blev vist exceptions. En angriber kunne anvende dette til at udføre skripter på tværs af websteder gennem fabrikerede søgeforespørgsler, medførende en exception, og stjæle potentielt følsomme oplysninger fra webapplikationer, der kører på det samme domæne eller indlejre søgemaskinen på et websted.
I den gamle stabile distribution (etch), er dette problem rettet i version 0.9.9-1+etch1.
I den stabile distribution (lenny), er dette problem rettet i version 1.0.7-3+lenny1.
I distributionen testing (squeeze) og i den ustabile (sid) distribution, vil dette problem snart blive rettet.
Vi anbefaler at du opgraderer dine xapian-omega-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.dsc
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.diff.gz
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_sparc.deb
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.dsc
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.