drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in w3m und w3m-ssl
Name: |
Pufferüberlauf in w3m und w3m-ssl |
|
ID: |
DSA-081-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Fr, 19. Oktober 2001, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
w3m, w3m |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Debian Security Advisory DSA 081-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 18th, 2001
--------------------------------------------------------------------------
Packages : w3m, w3m-ssl
Vulnerability : Buffer Overflow
Problem-Type : remote code execution
Debian-specific: no
In SNS Advisory No. 32 a buffer overflow vulnerability has been
reported in the routine which parses MIME headers that are returned
from web servers. A malicious web server administrator could exploit
this and let the client web browser execute arbitrary code.
We are awfully sorry, but the powerpc version in our announcement DSA
081-1 was built on the wrong distribution (unstable instead of
stable), and thus depended on a wrong version of the glibc. We had to
remove that file and cannot provide a fixed version.
For the powerpc architecture there is only a very old version of w3m
available. We recommend that you don't use w3m on the powerpc
distribution. If you require a text browser please check out links
and lynx which are both good and stable.
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7zuQoW5ql+IAeqTIRAsfAAJ4jHmz6YfaIYk5xF7NisUGRzMZAPwCfaOLr
D+NaZwivx+ZyBg4LBlhUm74=
=bWU9
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|