Debians sikkerhedsbulletin
DSA-677-1 sympa -- bufferoverløb
- Rapporteret den:
- 11. feb 2005
- Berørte pakker:
- sympa
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2005-0073.
- Yderligere oplysninger:
-
Erik Sjölund har opdaget at et supportskript til sympa, et program til håndtering af postlister, kører setuid sympa og er sårbar overfor et bufferoverløb. Dette kunne potentielt gøre det muligt at udføre vilkårlig kode under brugerid'en sympa.
I den stabile distribution (woody) er dette problem rettet i version 3.3.3-3woody2.
I den ustabile distribution (sid) vil dette problem snart blive rettet.
Vi anbefaler at du opgraderer din sympa-pakke.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.dsc
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.diff.gz
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/s/sympa/wwsympa_3.3.3-3woody2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.