Debians sikkerhedsbulletin

DSA-976-1 libast -- bufferoverløb

Rapporteret den:
15. feb 2006
Berørte pakker:
libast, libast1
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2006-0224.
Yderligere oplysninger:

Johnny Mast har opdaget et bufferoverløb i libast, "library of assorted spiffy things" (biblioteket med forskellige fikse ting), der kunne føre til udførelse af vilkårlig kode. Biblioteket anvendes af eterm, der installeres setgid uid, hvilket førte til en sårbarhed der muligjorde ændring af utmp-filen.

I den gamle stabile distribution (woody) er dette problem rettet i version 0.4-3woody2.

I den stabile distribution (sarge) er dette problem rettet i version 0.6-0pre2003010606sarge1.

I den ustabile distribution (sid) vil dette problem snart blive rettet.

Vi anbefaler at du opgraderer dine libast-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.dsc
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_alpha.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_arm.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_i386.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_ia64.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_hppa.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_m68k.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mips.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mipsel.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_powerpc.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_s390.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_sparc.deb
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:
http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.dsc
http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_alpha.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_amd64.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_arm.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_i386.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_ia64.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_hppa.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_m68k.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mips.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mipsel.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_powerpc.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_s390.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_sparc.deb
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.