Debian-Sicherheitsankündigung

DSA-074-1 wmaker -- Pufferüberlauf

Datum des Berichts:
12. Aug 2001
Betroffene Pakete:
wmaker
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2001-1027.
Weitere Informationen:
Alban Hertroys hat einen Pufferüberlauf in Window-Maker (einem beliebten Window-Manager für X) gefunden. Der Code, der Titel in der Window-Liste behandelt, überprüft nicht die Länge der Titel, wenn sie in einen Puffer kopiert werden. Da Applikationen den Titel unter Verwendung von Daten, denen nicht vertraut werden kann, setzen (z.B. inkludieren die meisten Web-Browser den Titel der angezeigten Webseite im Titel des Fensters), kann dieses aus der Ferne ausgenutzt werden.

Dieses wurde in der Version 0.61.1-4.1 des Debian-Pakets behoben, sowie in der Original-Version 0.65.1. Wir empfehlen Ihnen, das Window-Maker-Paket umgehend zu aktualisieren.

Behoben in:

Debian GNU/Linux 2.2 (potato)

Quellcode:
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.