Bulletin d'alerte Debian

DSA-1958-1 libtool -- Augmentation de droits

Date du rapport :
29 décembre 2009
Paquets concernés :
libtool
Vulnérabilité :
Oui
Références dans la base de données de sécurité :
Dans le dictionnaire CVE du Mitre : CVE-2009-3736.
Plus de précisions :

ltdl, une enveloppe de dlopen indépendante du système pour GNU Libtool, peut être piégée pour charger et exécuter des modules d'un répertoire arbitraire, ce qui pourrait être utilisé pour exécuter du code arbitraire avec les droits de l'utilisateur exécutant une application utilisant libltdl.

Pour la distribution oldstable (Etch), ce problème a été corrigé dans la version 1.5.22-4+etch1.

Pour la distribution stable (Lenny), ce problème a été corrigé dans la version 1.5.26-4+lenny1.

Pour la distribution testing (Squeeze) et la distribution unstable (Sid), ce problème a été corrigé dans la version 2.2.6b-1.

Nous vous recommandons de mettre à jour vos paquets libtool.

Corrigé dans :

Debian GNU/Linux 4.0 (etch)

Source :
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc
Composant indépendant de l'architecture :
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Source :
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz
Composant indépendant de l'architecture :
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.