Aviso de seguridad de Debian
DSA-095-1 gpm -- vulnerabilidad de root local
- Fecha del informe:
- 27 de dic de 2001
- Paquetes afectados:
- gpm
- Vulnerable:
- Sí
- Referencias a bases de datos de seguridad:
- En el diccionario CVE de Mitre: CVE-2001-1203.
- Información adicional:
-
El paquete 'gpm' cotiene el programa
gpm-root, que se puede utilizar par crear menús activados por ratón en la consola. Entre otros problemas, el programagpm-rootcontiene una vulnerabilidad de cadena de formato, que permite a un atacante obtener privilegios de root.Esto ha sido arreglado en la versión 1.17.8-18.1, y recomendamos que actualice su paquete 1.17.8-18 inmediatamente.
- Arreglado en:
-
Debian GNU/Linux 2.2 (potato)
- Fuentes:
- http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
- http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb
- http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.