Debian-Sicherheitsankündigung
DSA-074-1 wmaker -- Pufferüberlauf
- Datum des Berichts:
- 12. Aug 2001
- Betroffene Pakete:
- wmaker
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In Mitres CVE-Verzeichnis: CVE-2001-1027.
- Weitere Informationen:
-
Alban Hertroys hat einen Pufferüberlauf in Window-Maker (einem
beliebten Window-Manager für X) gefunden. Der Code, der Titel in der
Window-Liste behandelt, überprüft nicht die Länge der Titel, wenn sie
in einen Puffer kopiert werden. Da Applikationen den Titel unter
Verwendung von Daten, denen nicht vertraut werden kann, setzen
(z.B. inkludieren die meisten Web-Browser den Titel der angezeigten
Webseite im Titel des Fensters), kann
dieses aus der Ferne ausgenutzt werden.
Dieses wurde in der Version 0.61.1-4.1 des Debian-Pakets behoben, sowie in der Original-Version 0.65.1. Wir empfehlen Ihnen, das Window-Maker-Paket umgehend zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 2.2 (potato)
- Quellcode:
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.