Debian-Sicherheitsankündigung
DSA-1088-1 centericq -- Pufferüberlauf
- Datum des Berichts:
- 03. Jun 2006
- Betroffene Pakete:
- centericq
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Debian-Fehlerdatenbank: Fehler 340959.
In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 15600.
In Mitres CVE-Verzeichnis: CVE-2005-3863. - Weitere Informationen:
-
Mehdi Oudad und Kevin Fernandez entdeckten einen Pufferüberlauf in der ktools-Bibliothek, die von centericq, einem Instant Messenger Client mit Unterstützung für mehrere Protokolle und Textmodus, verwendet wird. Dieser Pufferüberlauf könnte zur Folge haben, dass lokale und entfernte Angreifer beliebigen Code ausführen.
Für die alte Stable-Distribution (Woody) wurde dieses Problem in Version 4.5.1-1.1woody2 behoben.
Für die Stable-Distribution (Sarge) wurde dieses Problem in Version 4.20.0-1sarge4 behoben.
Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 4.21.0-6 behoben.
Wir empfehlen Ihnen, Ihr centericq-Paket zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.0 (woody)
- Quellcode:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Quellcode:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.dsc
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.diff.gz
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_alpha.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_alpha.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_alpha.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_alpha.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_amd64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_arm.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_arm.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_arm.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_arm.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_i386.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_i386.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_i386.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_i386.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_ia64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_ia64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_ia64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_ia64.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_hppa.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_hppa.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_hppa.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_hppa.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_m68k.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_m68k.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_m68k.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_m68k.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mips.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mips.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mips.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mips.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mipsel.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mipsel.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mipsel.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mipsel.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_powerpc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_powerpc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_powerpc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_powerpc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_s390.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_s390.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_s390.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_s390.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_sparc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_sparc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_sparc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_sparc.deb
- http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.