Debian Security Advisory
DSA-976-1 libast -- buffer overflow
- Date Reported:
- 15 Feb 2006
- Affected Packages:
- libast, libast1
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2006-0224.
- More information:
-
Johnny Mast discovered a buffer overflow in libast, the library of assorted spiffy things, that can lead to the execution of arbitrary code. This library is used by eterm which is installed setgid uid which leads to a vulnerability to alter the utmp file.
For the old stable distribution (woody) this problem has been fixed in version 0.4-3woody2.
For the stable distribution (sarge) this problem has been fixed in version 0.6-0pre2003010606sarge1.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your libast packages.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.dsc
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.dsc
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.