Debians sikkerhedsbulletin
DSA-287-1 epic -- bufferoverløb
- Rapporteret den:
- 15. apr 2003
- Berørte pakker:
- epic
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7103, BugTraq-id 7091.
I Mitres CVE-ordbog: CVE-2003-0324. - Yderligere oplysninger:
-
Timo Sirainen har opdaget flere problemer i EPIC, en populær klient til Internet Relay Chat (IRC). En ondsindet server kan lave særlige svarstrenge, der kan få klienten til at skrive ud over buffergrænser. Dette kan føre til et lammelsesangreb hvis klienten kun går ned, men kan også føre til udførelse af vilkårlig kode under den brugerid, som den chattende bruger har.
I den stabile distribution (woody) er disse problemer rettet i version 3.004-17.1.
I den gamle stabile distribution (potato) er disse problemer rettet i version 3.004-16.1.
I den ustabile distribution (sid) er disse problemer rettet i version 3.004-19.
Vi anbefaler at du opgraderer din EPIC-pakke.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.dsc
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.diff.gz
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.dsc
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.diff.gz
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.