Säkerhetsbulletin från Debian
DSA-1432-1 link-grammar -- buffertspill
- Rapporterat den:
- 2007-12-16
- Berörda paket:
- link-grammar
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 450695.
I Mitres CVE-förteckning: CVE-2007-5395. - Ytterligare information:
-
Alin Rad Pop upptäckte att link-grammar, Carnegie Mellon Universitys länkgrammatikparser för engelska, inte utförde tillräcklig validering i sin tokeniserare, vilket kunde göra det möjligt för skadliga indatafiler att exekvera godtyckliga kommandon.
För den gamla stabila utgåvan (Sarge) finns inte detta paket.
För den stabila utgåvan (Etch) har detta problem rättats i version 4.2.2-4etch1.
För den instabila utgåvan (Sid) har detta problem rättats i version 4.2.5-1.
Vi rekommenderar att ni uppgraderar ert link-grammar-paket.
- Rättat i:
-
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_sparc.deb
- http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.