Säkerhetsbulletin från Debian

DSA-1432-1 link-grammar -- buffertspill

Rapporterat den:
2007-12-16
Berörda paket:
link-grammar
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 450695.
I Mitres CVE-förteckning: CVE-2007-5395.
Ytterligare information:

Alin Rad Pop upptäckte att link-grammar, Carnegie Mellon Universitys länkgrammatikparser för engelska, inte utförde tillräcklig validering i sin tokeniserare, vilket kunde göra det möjligt för skadliga indatafiler att exekvera godtyckliga kommandon.

För den gamla stabila utgåvan (Sarge) finns inte detta paket.

För den stabila utgåvan (Etch) har detta problem rättats i version 4.2.2-4etch1.

För den instabila utgåvan (Sid) har detta problem rättats i version 4.2.5-1.

Vi rekommenderar att ni uppgraderar ert link-grammar-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_ia64.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mips.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mipsel.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_powerpc.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_s390.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_sparc.deb
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.