Debians sikkerhedsbulletin
DSA-081-1 w3m -- bufferoverløb
- Rapporteret den:
- 18. okt 2001
- Berørte pakker:
- w3m, w3m-ssl
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2895.
I Mitres CVE-ordbog: CVE-2001-0700. - Yderligere oplysninger:
-
I SNS Advisory No. 32 blev der rapporteret om en sårbarhed i form af et bufferoverløb, i rutinen som fortolker MIME-headere returneret fra webservere. En ondsindet webserver-administrator kunne udnytte dette og få webbrowseren til at udføre vilkårlig kode.
w3m håndterer MIME-headere indeholdt i forspørgsels- og svarmeddelelser i HTTP-kommunikation som enhver anden webbrowser. Et bufferoverløb kan opstå når w3m modtager en MIME-indpakket header i base64-format.
Vedligeholderen har rettet problemet i version 0.1.10+0.1.11pre+kokb23-4 af w3m og w3m-ssl (udgaven med SSL-understøttelse), i Debian GNU/Linux 2.2.
Vi anbefaler at du omgående opgraderer dine w3m-pakker.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.dsc
- http://security.debian.org/dists/stable/updates/main/source/w3m-ssl_0.1.10+0.1.11pre+kokb23-4.dsc
- http://security.debian.org/dists/stable/updates/main/source/w3m-ssl_0.1.10+0.1.11pre+kokb23-4.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23.orig.tar.gz
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m_0.1.10+0.1.11pre+kokb23-4_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/w3m_0.1.10+0.1.11pre+kokb23-4_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/w3m_0.1.10+0.1.11pre+kokb23-4_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_i386.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m_0.1.10+0.1.11pre+kokb23-4_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.
MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.