Bulletin d'alerte Debian
DSA-976-1 libast -- Dépassement de tampon
- Date du rapport :
- 15 février 2006
- Paquets concernés :
- libast, libast1
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2006-0224.
- Plus de précisions :
-
Johnny Mast a découvert un dépassement de tampon dans libast (the library of assorted spiffy things), qui pouvait permettre l'exécution de code arbitraire. Cette bibliothèque est utilisée par eterm qui est installé en modes setgid et setuid, ouvrant la porte à une vulnérabilité permettant la modification du fichier utmp.
Pour l'ancienne distribution stable (Woody), ces problèmes ont été corrigés dans la version 0.4-3woody2.
Pour l'actuelle distribution stable (Sarge), ces problèmes ont été corrigés dans la version 0.6-0pre2003010606sarge1.
Pour la distribution instable (Sid), ces problèmes seront bientôt corrigés.
Nous vous recommandons de mettre à jour vos paquets libast.
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.dsc
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Source :
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.dsc
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
- http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.