Säkerhetsbulletin från Debian
DSA-074-1 wmaker -- buffertspill
- Rapporterat den:
- 2001-08-12
- Berörda paket:
- wmaker
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2001-1027.
- Ytterligare information:
-
Alban Hertroys hittade ett buffertspill i Window Maker (en populär
fönsterhanterare för X).
Koden som hanterar titlar i fönsterlistemenyn kontrollerade inte längden
på titeln när de kopierades till en buffert.
Då program kan ändra titeln genom att använda data som inte kan betros
(t.ex lägger de flesta webbläsare in titeln på webbsidan som visas i
titeln på sitt fönster), kunde detta utnyttjas utifrån.
Detta har rättats i version 0.61.1-4.1 av Debianpaketet, och uppströms i version 0.65.1. Vi rekommenderar att du uppgraderar ditt Window Maker-paket omedelbart.
- Rättat i:
-
Debian GNU/Linux 2.2 (potato)
- Källkod:
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.