Sicherheit: Pufferüberläufe in abcmidi

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1043-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : abcmidi
Vulnerability : buffer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-1514

Erik Sjölund discovered that abcmidi-yaps, a translator for ABC music
description files into PostScript, does not check the boundaries when
reading in ABC music files resulting in buffer overflows.

For the old stable distribution (woody) these problems have been fixed in
version 17-1woody1.

For the stable distribution (sarge) these problems have been fixed in
version 20050101-1sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your abcmidi-yaps package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

abcmidi_17-1woody1.dsc
Size/MD5 checksum: 583 107476dd4ad487defacfbfd8c3a96afa
abcmidi_17-1woody1.diff.gz
Size/MD5 checksum: 16851 4ae528112f985ec0ba35550020beda18
abcmidi_17.orig.tar.gz
Size/MD5 checksum: 163596 4f068a14669ad8933666224418390464

Alpha architecture:

abcmidi_17-1woody1_alpha.deb
Size/MD5 checksum: 128232 c24867068caacbf84a41b2a9e7fa3c90
abcmidi-yaps_17-1woody1_alpha.deb
Size/MD5 checksum: 75578 7409e8157cbde2b3c5ee992c63484ba2

ARM architecture:

abcmidi_17-1woody1_arm.deb
Size/MD5 checksum: 101420 89bba26fa994a03b82673a37b2934691
abcmidi-yaps_17-1woody1_arm.deb
Size/MD5 checksum: 66524 3d4f68d5cb0c8fe8e0abd5598d2fab8b

Intel IA-32 architecture:

abcmidi_17-1woody1_i386.deb
Size/MD5 checksum: 96428 17ccb81420aa822130bfefe3a269b011
abcmidi-yaps_17-1woody1_i386.deb
Size/MD5 checksum: 62860 d556997bb5b1ade9384a5067c27901af

Intel IA-64 architecture:

abcmidi_17-1woody1_ia64.deb
Size/MD5 checksum: 156714 e494b5d790b98be710e5e0881421d0fb
abcmidi-yaps_17-1woody1_ia64.deb
Size/MD5 checksum: 92746 d55a047620de10bdf6612831724078e7

HP Precision architecture:

abcmidi_17-1woody1_hppa.deb
Size/MD5 checksum: 122528 513dcb5d2b61fc6a86bab96f3aa86e93
abcmidi-yaps_17-1woody1_hppa.deb
Size/MD5 checksum: 78878 bf7ed13fb36210aefd1ed9a928980bd2

Motorola 680x0 architecture:

abcmidi_17-1woody1_m68k.deb
Size/MD5 checksum: 92238 9c92fdcf7c16be04108a331d13483a00
abcmidi-yaps_17-1woody1_m68k.deb
Size/MD5 checksum: 57360 d8bc9d12f57494c52af4cf15b2b07c85

Big endian MIPS architecture:

abcmidi_17-1woody1_mips.deb
Size/MD5 checksum: 125182 8cca3436e0aad25567e991e6a93d760f
abcmidi-yaps_17-1woody1_mips.deb
Size/MD5 checksum: 71884 432c145bdb62f4cf743aa4124b4d89d4

Little endian MIPS architecture:

abcmidi_17-1woody1_mipsel.deb
Size/MD5 checksum: 124430 08213671a9ddaebe7fa858713fb3eb7f
abcmidi-yaps_17-1woody1_mipsel.deb
Size/MD5 checksum: 71998 fe477ac117017a3d1bfd743f09d8095a

PowerPC architecture:

abcmidi_17-1woody1_powerpc.deb
Size/MD5 checksum: 109436 30b7d3963c8fa8533886f121c3ed9692
abcmidi-yaps_17-1woody1_powerpc.deb
Size/MD5 checksum: 68702 20a761960d5961cd8ca3a55767a0d34b

IBM S/390 architecture:

abcmidi_17-1woody1_s390.deb
Size/MD5 checksum: 106662 f4d266bbc0d4a2dc29b49e3e8a185985
abcmidi-yaps_17-1woody1_s390.deb
Size/MD5 checksum: 63428 27aa8cea376b93d31c6a54fe223ff1de

Sun Sparc architecture:

abcmidi_17-1woody1_sparc.deb
Size/MD5 checksum: 116176 1109bc650b0f7acb938d7d6987e85249
abcmidi-yaps_17-1woody1_sparc.deb
Size/MD5 checksum: 69802 4df26235ffc4ee56ea8c5e86f5161f5b

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

abcmidi_20050101-1sarge1.dsc
Size/MD5 checksum: 600 74cac04e7657e9ccf68bd67bcf035480
abcmidi_20050101-1sarge1.diff.gz
Size/MD5 checksum: 4862 1af2c71fb21d7e0c3f2e60ab8b1d2fc7
abcmidi_20050101.orig.tar.gz
Size/MD5 checksum: 258937 fc1c31f21787e9af297bc6f4c6f6c4c9

Alpha architecture:

abcmidi_20050101-1sarge1_alpha.deb
Size/MD5 checksum: 210498 8ccc1bb8c6fcc40d63d0192ddf0d859b
abcmidi-yaps_20050101-1sarge1_alpha.deb
Size/MD5 checksum: 120276 a6bb198acbdf3ca3f6d87ba265aa04e2

AMD64 architecture:

abcmidi_20050101-1sarge1_amd64.deb
Size/MD5 checksum: 191240 c62ad4d06f2bb20c6dbbbd6304ec50d6
abcmidi-yaps_20050101-1sarge1_amd64.deb
Size/MD5 checksum: 112368 3758f99ae7b5f42c466c051639ad2da4

ARM architecture:

abcmidi_20050101-1sarge1_arm.deb
Size/MD5 checksum: 175272 b6bbac5297bce450d9d425859a3225dc
abcmidi-yaps_20050101-1sarge1_arm.deb
Size/MD5 checksum: 108694 3784bb09cf9abbb5284b92fbae6a6a6b

Intel IA-32 architecture:

abcmidi_20050101-1sarge1_i386.deb
Size/MD5 checksum: 173644 663f6cd1fec90675a43b3d4b1552116b
abcmidi-yaps_20050101-1sarge1_i386.deb
Size/MD5 checksum: 107938 41fb3cdba637d5a2a710ecb6672ed62b

Intel IA-64 architecture:

abcmidi_20050101-1sarge1_ia64.deb
Size/MD5 checksum: 240806 72dd903dc8388fb40a561f6ecf6feb69
abcmidi-yaps_20050101-1sarge1_ia64.deb
Size/MD5 checksum: 140168 6553d95fdde031a11b7433296f24c39e

HP Precision architecture:

abcmidi_20050101-1sarge1_hppa.deb
Size/MD5 checksum: 198396 5c68cf5d3810a82242a142d10b1fe890
abcmidi-yaps_20050101-1sarge1_hppa.deb
Size/MD5 checksum: 118444 305f9b82434fc6ce1e2ab0def0eb126a

Motorola 680x0 architecture:

abcmidi_20050101-1sarge1_m68k.deb
Size/MD5 checksum: 159550 146f2de69b6490e777170dcffdd2dc6f
abcmidi-yaps_20050101-1sarge1_m68k.deb
Size/MD5 checksum: 98368 1063016a10f14a5be30a72345c5a0253

Big endian MIPS architecture:

abcmidi_20050101-1sarge1_mips.deb
Size/MD5 checksum: 211522 97878ba78e7b22aaeff4bd8132a0be98
abcmidi-yaps_20050101-1sarge1_mips.deb
Size/MD5 checksum: 115374 06f9bc17f963527f2468b0031c319b68

Little endian MIPS architecture:

abcmidi_20050101-1sarge1_mipsel.deb
Size/MD5 checksum: 210546 4422fdc2847dbac9475860dfdd870d8c
abcmidi-yaps_20050101-1sarge1_mipsel.deb
Size/MD5 checksum: 115802 b52bdba0575a6477dfcf8342d4a8cd72

PowerPC architecture:

abcmidi_20050101-1sarge1_powerpc.deb
Size/MD5 checksum: 185160 311b5b372be6992a45c7b2b27284cdae
abcmidi-yaps_20050101-1sarge1_powerpc.deb
Size/MD5 checksum: 112072 e2a824f7b4524229f5f9911b4eb4bbdc

IBM S/390 architecture:

abcmidi_20050101-1sarge1_s390.deb
Size/MD5 checksum: 189798 0d11c701e1059f595033b7fc3c34aa8e
abcmidi-yaps_20050101-1sarge1_s390.deb
Size/MD5 checksum: 111020 292f21fcdc55aaa0fa4aa1dc7c6da8c0

Sun Sparc architecture:

abcmidi_20050101-1sarge1_sparc.deb
Size/MD5 checksum: 178060 7f9837e5c63eb088d2845cad487aef2b
abcmidi-yaps_20050101-1sarge1_sparc.deb
Size/MD5 checksum: 108698 a291dcbc19963289ca15d2a061161f6e

These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETx1AW5ql+IAeqTIRArG6AJ9tWiVnkd/UDkqzU0WQ1b2pUbIHMgCfQLob
qQoPWsFbLc7UTqDU3Z03BFs=
=c9F0
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org