Debian-Sicherheitsankündigung
DSA-975-1 nfs-user-server -- Pufferüberlauf
- Datum des Berichts:
- 15. Feb 2006
- Betroffene Pakete:
- nfs-user-server
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Debian-Fehlerdatenbank: Fehler 350020.
In Mitres CVE-Verzeichnis: CVE-2006-0043. - Weitere Informationen:
-
Marcus Meissner entdeckte, dass Angreifer einen Pufferüberlauf im Code zur Pfadhandhabung auslösen können, indem sie Symlinks erstellen oder existierende missbrauchen, was möglicherweise zur Ausführung beliebigen Codes führen kann.
Diese Verwundbarkeit ist im Kernel-NFS-Server nicht vorhanden.
Diese Aktualisierung enthält eine Fehlerbehebung zur Handhabung von Symlink-Attributen. Dieser Fix hat keine Sicherheitsauswirkungen, aber als dieses DSA vorbereitet wurde, war er bereits für die nächste Zwischenveröffentlichung der Stable-Distribution vorgesehen, so dass wir entschieden, ihn vorab mit einzuschließen.
Für die alte Stable-Distribution (Woody) wurde dieses Problem in Version 2.2beta47-12woody1 behoben.
Für die Stable-Distribution (Sarge) wurde dieses Problem in Version 2.2beta47-20sarge2 behoben.
Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 2.2beta47-22 behoben.
Wir empfehlen Ihnen, Ihr nfs-user-server-Paket zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.0 (woody)
- Quellcode:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.dsc
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.diff.gz
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_alpha.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_alpha.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_arm.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_arm.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_i386.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_i386.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_ia64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_ia64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_hppa.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_hppa.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_m68k.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_m68k.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mips.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mips.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_s390.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_s390.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_sparc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_sparc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Quellcode:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.dsc
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.diff.gz
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_arm.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_arm.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_i386.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_i386.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mips.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mips.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_s390.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_s390.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.