Säkerhetsinformation / 2002 / Säkerhetsinformation -- DSA-190-1 wmaker

Säkerhetsbulletin från Debian

DSA-190-1 wmaker -- buffertspill

Rapporterat den:

2002-11-07

Berörda paket:

wmaker

Sårbara:

Ja

Referenser i säkerhetsdatabaser:

I Mitres CVE-förteckning: CVE-2002-1277.

Ytterligare information:

Al Viro upptäckte ett problem i bildhanteringskoden i Window Maker, en populär Nextstep-liknande fönsterhanterare. När en bild skapades allokerades en buffert genom att multiplicera bildens bredd och höjd, men ingen test gjordes för spill, vilket gjorde det möjligt att spilla bufferten. Detta kunde utnyttjas genom att skapa specialskrivna bilder (till exempel vid förhandsgranskning av teman).

Detta problem har rättats i version 0.80.0-4.1 för den nuvarande stabila utgåvan (Woody). Paket för mipsel-arkitekturen är ännu inte tillgängliga.

Rättat i:

Debian GNU/Linux 3.0 (woody)

Källkod:

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc

alpha (DEC Alpha):

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb

arm (ARM):

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb

hppa (HP PA RISC):

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb

i386 (Intel ia32):

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb

ia64 (Intel ia64):

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb

m68k (Motorola Mc680x0):

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb

mips (MIPS (Big Endian)):

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb

powerpc (PowerPC):

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb

s390 (IBM S/390):

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb

sparc (Sun SPARC/UltraSPARC):

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.