Debians sikkerhedsbulletin

DSA-306-1 ircii-pana -- bufferoverløb, heltalsoverløb

Rapporteret den:
19. maj 2003
Berørte pakker:
ircii-pana
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7097, BugTraq-id 7096, BugTraq-id 7099, BugTraq-id 7100.
I Mitres CVE-ordbog: CVE-2003-0321, CVE-2003-0322, CVE-2003-0328.
Yderligere oplysninger:

Timo Sirainen har opdaget flere problemer i BitchX, en populær klient til Internet Relay Chat (IRC). På en ondsindet server kunne der fremstilles særlige svarstrenge, der kunne få klienten til at skrive ud over buffergrænser eller allokere en negativ mængde hukommelse. Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne også føre til udførelse af vilkårlig kode under den chattende brugers brugerid.

I den stabile distribution (woody) er disse problemer rettet i version 1.0-0c19-1.1.

I den gamle stabile distribution (potato) er disse problemer rettet i version 1.0-0c16-2.1.

I den ustabile distribution (sid) er disse problemer rettet i version 1.0-0c19-8.

Vi anbefaler at du opgraderer din BitchX-pakke.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.dsc
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_i386.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_m68k.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.dsc
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.diff.gz
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_arm.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_i386.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_m68k.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mips.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_s390.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.