Debians sikkerhedsbulletin

DSA-113-1 ncurses -- bufferoverløb

Rapporteret den:

18. feb 2002

Berørte pakker:

ncurses

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2002-0062.

Yderligere oplysninger:

I november 2000 blev flere bufferoverløb i biblioteket "ncurcses". Desværre blev en overset. Dette kan være til nedbrud når man ncurses-programmet anvendes i store vinduer.

Projektet "Common Vulnerabilities and Exposures" har tildelt navnet CAN-2002-0062 til dette problem.

Problemet er rettet i version 5.0-6.0potato2 i Debians stabile udgivelse. Test og den ustabile distribution indeholder ncurses 5.2, der ikke er påvirket af problemet.

Der er ingen kendte udnyttelser af problemet, men vi anbefaler at alle brugere omgående opgraderer ncurses.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:: http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb; http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb
Alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb
ARM:: http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb
Intel ia32:: http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb
Motorola 680x0:: http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb
PowerPC:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.