Debian Security Advisory
DSA-1432-1 link-grammar -- buffer overflow
- Date Reported:
- 16 Dec 2007
- Affected Packages:
- link-grammar
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 450695.
In Mitre's CVE dictionary: CVE-2007-5395. - More information:
-
Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's link grammar parser for English, performed insufficient validation within its tokenizer, which could allow a malicious input file to execute arbitrary code.
For the old stable distribution (sarge), this package is not present.
For the stable distribution (etch), this problem has been fixed in version 4.2.2-4etch1.
For the unstable distribution (sid), this problem has been fixed in version 4.2.5-1.
We recommend that you upgrade your link-grammar package.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.