Debians sikkerhedsbulletin
DSA-769-1 gaim -- hukommelsesjusteringsfejl
- Rapporteret den:
- 29. jul 2005
- Berørte pakker:
- gaim
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2005-2370.
- Yderligere oplysninger:
-
Szymon Zygmunt og Michal Bartoszkiewicz har opdaget en hukommelsesjusteringsfejl i libgadu (fra ekg, en Gada Gadu-konsolklient til chat), der også er indeholdt i gaim, et chat-program der understøtter flere protokoller. Denne fejl kan ikke udnyttes på x86-arkitekturen, men på andre som fx Sparc, og kan føre til en busfejl, dvs. med andre ord et lammelsesangreb (DoS, denial of service).
Den gamle stabile distribution (woody) lader ikke til at være påvirket af dette problem.
I den stabile distribution (sarge) er dette problem rettet i version 1.2.1-1.4.
I den ustabile distribution (sid) vil dette problem snart blive rettet.
Vi anbefaler at du opgraderer din gaim-pakke.
- Rettet i:
-
Debian GNU/Linux 3.1 (sarge)
- Kildekode:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.dsc
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.diff.gz
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_alpha.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_alpha.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_arm.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_arm.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_i386.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_i386.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_ia64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_ia64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_hppa.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_hppa.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_m68k.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_m68k.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mips.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mips.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_s390.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_s390.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_sparc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_sparc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.