Login
Newsletter
Werbung
Sicherheit: Integer-Überlauf in glibc
Aktuelle Meldungen Distributionen
Name: Integer-Überlauf in glibc
ID: DSA-149-1
Distribution: Debian
Plattformen: Debian potato
Datum: Mi, 14. August 2002, 13:00
Referenzen: Keine Angabe
Applikationen: GNU C library

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



--------------------------------------------------------------------------

Debian Security Advisory DSA 149-1                     security@debian.org

http://www.debian.org/security/                             Martin Schulze

August 13th, 2002   

--------------------------------------------------------------------------



Package        : glibc

Vulnerability  : integer overflow

Problem-Type   : remote

Debian-specific: no

CVE Id         : CAN-2002-0391

CERT advisory  : VU#192995



An integer overflow bug has been discovered in the RPC library used by

GNU libc, which is derived from the SunRPC library.  This bug could be

exploited to gain unauthorized root access to software linking to this

code.  The packages below also fix integer overflows in the malloc

code.  They also contain a fix from Andreas Schwab to reduce

linebuflen in parallel to bumping up the buffer pointer in the NSS DNS

code.



This problem has been fixed in version 2.1.3-23 for the old stable

distribution (potato), in version 2.2.5-11.1 for the current stable

distribution (woody) and in version 2.2.5-13 for the unstable

distribution (sid).



We recommend that you upgrade your libc6 packages immediately.



wget url

	will fetch the file for you

dpkg -i file.deb

        will install the referenced file.



If you are using the apt-get package manager, use the line for

sources.list as given below:



apt-get update

        will update the internal database

apt-get upgrade

        will install corrected packages



You may use an automated update by adding the resources from the

footer to the proper configuration.





Debian GNU/Linux 2.2 alias potato

---------------------------------



  Source archives:



    http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-23.dsc

      Size/MD5 checksum:     1104 fab9931ceace447e7d513cec2c7d91fb

    glibc_2.1.3-23.diff.gz
      Size/MD5 checksum:   148155 b00400b6be34c4c5c1c7e8e3a7cdb06c

    glibc_2.1.3.orig.tar.gz
      Size/MD5 checksum:  6598238 aea1bb5c28f793013153d1b8f91eb746



  Architecture independent components:



    glibc-doc_2.1.3-23_all.deb
      Size/MD5 checksum:  2189346 180b97ad493c41c29175b1cc916449e2

    i18ndata_2.1.3-23_all.deb
      Size/MD5 checksum:  1062194 ba1b1f29bb8ac0eb33ed87e4c046439c



  Alpha architecture:



    libc6.1_2.1.3-23_alpha.deb
      Size/MD5 checksum:  7199774 bcc40663c3bf214ac80807f692f502e5

    libc6.1-dbg_2.1.3-23_alpha.deb
      Size/MD5 checksum:  2111888 cf666e30b1cef0a678bb3c13bf35d938

    libc6.1-dev_2.1.3-23_alpha.deb
      Size/MD5 checksum:  3046458 62800f3e4fc5f60a2281933ab088da69

    libc6.1-pic_2.1.3-23_alpha.deb
      Size/MD5 checksum:  1115228 884ae735de6ac470674295c414210d01

    libc6.1-prof_2.1.3-23_alpha.deb
      Size/MD5 checksum:  1695960 9108a033696b9e173e95df4aa85edbcb

    libnss1-compat_2.1.3-23_alpha.deb
      Size/MD5 checksum:   208508 c3e9b47ee06985a658d5f688a4631554

    locales_2.1.3-23_alpha.deb
      Size/MD5 checksum:  2283736 62e4db154a76adc5573d4007729a5a8a

    nscd_2.1.3-23_alpha.deb
      Size/MD5 checksum:   108624 9df539fccf8eb9549d543e3dea60dd7f



  ARM architecture:



    libc6_2.1.3-23_arm.deb
      Size/MD5 checksum:  2023440 073e6f63d7b903494eaf1262362292bf

    libc6-dbg_2.1.3-23_arm.deb
      Size/MD5 checksum:  2334748 7c1c717179ca03c7ff002dd34e487b55

    libc6-dev_2.1.3-23_arm.deb
      Size/MD5 checksum:  2366020 66bc6ac73988db445abcf9ff5d177081

    libc6-pic_2.1.3-23_arm.deb
      Size/MD5 checksum:   751768 fe821267709cf3d6bee83da37a36f240

    libc6-prof_2.1.3-23_arm.deb
      Size/MD5 checksum:  1067544 0f489c9e65a37756ac25132795a1f821

    locales_2.1.3-23_arm.deb
      Size/MD5 checksum:  2284536 059b2ea5d1210e5770a9e0dc47aed57a

    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-23_arm.deb

      Size/MD5 checksum:    36780 7b8e88375ffb58bd40fa9111d0a5c564



  Intel IA-32 architecture:



    libc6_2.1.3-23_i386.deb
      Size/MD5 checksum:  1901000 894439e9f3d544dc52372fbef522e836

    libc6-dbg_2.1.3-23_i386.deb
      Size/MD5 checksum:  2442224 c3c057e7d45ba6edce0030e055b10f8f

    libc6-dev_2.1.3-23_i386.deb
      Size/MD5 checksum:  2169778 45a617aef82db01660bb510974df387c

    libc6-pic_2.1.3-23_i386.deb
      Size/MD5 checksum:   671066 7f297cbe84c43d4a3b7dec5a70b0f593

    libc6-prof_2.1.3-23_i386.deb
      Size/MD5 checksum:   935076 fb8b3c44eb7bdf9d61403a34b2a14f93

    libnss1-compat_2.1.3-23_i386.deb
      Size/MD5 checksum:    38566 4dfd40d9097842e662588165cc65acff

    locales_2.1.3-23_i386.deb
      Size/MD5 checksum:  2284376 e041080ef4089cd5db7affa9dd8244de

    nscd_2.1.3-23_i386.deb
      Size/MD5 checksum:    36000 45aa1f42a52db67528c7359c791c1d7d



  Motorola 680x0 architecture:



    libc6_2.1.3-23_m68k.deb
      Size/MD5 checksum:  1884908 9eb87d46499750746c258d8f081eb2e0

    libc6-dbg_2.1.3-23_m68k.deb
      Size/MD5 checksum:  2446618 9eea7fd8488e943da7b538f61d338ac7

    libc6-dev_2.1.3-23_m68k.deb
      Size/MD5 checksum:  2097566 917e0570cea6f65f8095b3e15626214b

    libc6-pic_2.1.3-23_m68k.deb
      Size/MD5 checksum:   575612 e00fd91666d6cda92357d29d2f93ffe1

    libc6-prof_2.1.3-23_m68k.deb
      Size/MD5 checksum:   844118 c17108ce47cca5f871fec13bb5ba13d5

    libnss1-compat_2.1.3-23_m68k.deb
      Size/MD5 checksum:    36836 f7d3c32050d84caf22f6c5bdedc25520

    locales_2.1.3-23_m68k.deb
      Size/MD5 checksum:  2284384 7f8ccb2cfecabc671f5ef658c8e773a6

    nscd_2.1.3-23_m68k.deb
      Size/MD5 checksum:    34954 2e1c2abfe0a563cee3ab6a7e67aadce8



  PowerPC architecture:



    libc6_2.1.3-23_powerpc.deb
      Size/MD5 checksum:  2101478 ef81eebd639c73cef1b6d910913058d4

    libc6-dbg_2.1.3-23_powerpc.deb
      Size/MD5 checksum:  2517200 0e170bd0a01d01e6c44a6fe85e3056a6

    libc6-dev_2.1.3-23_powerpc.deb
      Size/MD5 checksum:  2380042 82af0513632431f82ffec6912c782d18

    libc6-pic_2.1.3-23_powerpc.deb
      Size/MD5 checksum:   743014 be4973cecf36b2dc8e33ffa0573913af

    libc6-prof_2.1.3-23_powerpc.deb
      Size/MD5 checksum:  1132472 f11cb90405083361a3addeb735724815

    locales_2.1.3-23_powerpc.deb
      Size/MD5 checksum:  2283704 776af7d11c1e3a0b41ac7322abf81246

    nscd_2.1.3-23_powerpc.deb
      Size/MD5 checksum:    37452 9a00c606d8a3f5ec16d253765355bbdc



  Sun Sparc architecture:



    libc6_2.1.3-23_sparc.deb
      Size/MD5 checksum:  2076470 9c89607e5d402f52f3578580a8bb4c0a

    libc6-dbg_2.1.3-23_sparc.deb
      Size/MD5 checksum:  2495688 17d6d081161f2d756bb974316190b6ce

    libc6-dev_2.1.3-23_sparc.deb
      Size/MD5 checksum:  2355028 727a6a0542c43d86177c79a51d560c25

    libc6-pic_2.1.3-23_sparc.deb
      Size/MD5 checksum:   745696 c6e2b1afe850f55ebc1600ad18ebcaf2

    libc6-prof_2.1.3-23_sparc.deb
      Size/MD5 checksum:  1055728 10634306a00615a663fdead44cc8f8b8

    locales_2.1.3-23_sparc.deb
      Size/MD5 checksum:  2283704 c07c6afac2b862d94ccbe9ed8b87ad39

    nscd_2.1.3-23_sparc.deb
      Size/MD5 checksum:    36740 3c0720f9dbd0215c00decd1c2370934c





Debian GNU/Linux 3.0 alias woody

--------------------------------



  Source archives:



    http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.1.dsc

      Size/MD5 checksum:     1246 79869668189c33771fdc17a48cb2ba5d

    glibc_2.2.5-11.1.diff.gz
      Size/MD5 checksum:   396579 018ba95238c0fedde2e360fdcd757e17

    glibc_2.2.5.orig.tar.gz
      Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9



  Architecture independent components:



    glibc-doc_2.2.5-11.1_all.deb
      Size/MD5 checksum:  2698580 9181224e951dd9c3464973173065c518

    locales_2.2.5-11.1_all.deb
      Size/MD5 checksum:  3390398 f8d520a37520621488cb96d4bb3752e5



  Alpha architecture:



    libc6.1_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:  4557192 ad951f4d913d4e3bd331e8fc408488e6

    libc6.1-dbg_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:  1350384 2ba78e7c6df9d7d0e18ed1ab9b39bb60

    libc6.1-dev_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:  2980682 a43da2552972e33cfbccb9e72e861ef8

    libc6.1-pic_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:  1321090 e2fbca67cc8b64e2581b2ef662835189

    libc6.1-prof_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:  1538396 7b26f630aed6c7ba6075716ba9c51c0e

    nscd_2.2.5-11.1_alpha.deb
      Size/MD5 checksum:    69274 71567a01655c36dae53e6458866cfc66



  ARM architecture:



    libc6_2.2.5-11.1_arm.deb
      Size/MD5 checksum:  3685496 6cb722cbc27d5de0d3df2e42aadefa01

    libc6-dbg_2.2.5-11.1_arm.deb
      Size/MD5 checksum:  2766464 e0dc7a1816a9d5224a08651c8c52d33e

    libc6-dev_2.2.5-11.1_arm.deb
      Size/MD5 checksum:  2862852 e617636521b972c556c907e6831c3b14

    libc6-pic_2.2.5-11.1_arm.deb
      Size/MD5 checksum:  1181714 978de3e73221b438429660d32d5faad3

    libc6-prof_2.2.5-11.1_arm.deb
      Size/MD5 checksum:  1282154 054bfd6dbb1789c96364417795ebe777

    nscd_2.2.5-11.1_arm.deb
      Size/MD5 checksum:    59032 987f67056bd666c3815e78a9a659fdaa



  Intel IA-32 architecture:



    libc6_2.2.5-11.1_i386.deb
      Size/MD5 checksum:  3382744 d3ba49265e9fde0970f708fea7ddae2d

    libc6-dbg_2.2.5-11.1_i386.deb
      Size/MD5 checksum:  2433044 cbb2fa15021ae82d9353d1d88a96ba7a

    libc6-dev_2.2.5-11.1_i386.deb
      Size/MD5 checksum:  2390292 8630f1a02caf20876e82840a838241cb

    libc6-pic_2.2.5-11.1_i386.deb
      Size/MD5 checksum:   841280 cfa7b6681591aab3266f1ca7ac35939d

    libc6-prof_2.2.5-11.1_i386.deb
      Size/MD5 checksum:   935494 e725fac4935fd8aa780c3887b014fa7b

    nscd_2.2.5-11.1_i386.deb
      Size/MD5 checksum:    58758 4dfeec37cf7d17ba7b97cdc0ae212de8



  Intel IA-64 architecture:



    libc6.1_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:  4438820 9cb2d858cd43643f96fef63d6b6b4af6

    libc6.1-dbg_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:  8368982 418cc7e7910b0c263e92d3d06542281c

    libc6.1-dev_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:  3557310 fbd4d8af758d51eaa6c2bbdfccd7c496

    libc6.1-pic_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:  1365864 3dacb81411f9ce5ddb87f2ca91705634

    libc6.1-prof_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:  1637738 cb46289104d694407fff032e6e3a8678

    nscd_2.2.5-11.1_ia64.deb
      Size/MD5 checksum:    69372 8efa69ab5be9fe478931a074d5bc11e2



  HP Precision architecture:



    libc6_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:  4170456 2ce8d62384d0b2d7057ed4eb74287f1e

    libc6-dbg_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:  3059890 68e017540ce0fb32873b6df284529bd7

    libc6-dev_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:  2896794 f0b9bd279a9493785d4b28328fec2a70

    libc6-pic_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:  1280038 23ac064e84645473f49bf6fc9d385875

    libc6-prof_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:  1445194 22a590dd3755bdf74de17b310fe906d2

    nscd_2.2.5-11.1_hppa.deb
      Size/MD5 checksum:    62174 c86a749100a105b875822b2711ec088f



  Motorola 680x0 architecture:



    libc6_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:  3505360 57c817ed4f56c5a4257c46a112f3aaac

    libc6-dbg_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:  2430120 db2050aeef18c9f256034a872053a8a4

    libc6-dev_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:  2283726 d2c1a60e81e43a196344dd01d4ebb65d

    libc6-pic_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:   730762 4e7a16b50a46df933d9b4bf7fc7050b2

    libc6-prof_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:   838730 b6248b68b035bce86c7c756a794ad786

    nscd_2.2.5-11.1_m68k.deb
      Size/MD5 checksum:    57606 367201b7fcbbb5616e9f9a2cdbeb5129



  Big endian MIPS architecture:



    libc6_2.2.5-11.1_mips.deb
      Size/MD5 checksum:  3863882 77b36c2f0b81d50cb4a0847ee01f3d19

    libc6-dbg_2.2.5-11.1_mips.deb
      Size/MD5 checksum:  3845492 c0d77fa8be54768dbb052af24cf70c36

    libc6-dev_2.2.5-11.1_mips.deb
      Size/MD5 checksum:  2979284 e861030039fd5fd898646cb82e95ebec

    libc6-pic_2.2.5-11.1_mips.deb
      Size/MD5 checksum:  1203580 8c72614f19762ea13482e81e29af4107

    libc6-prof_2.2.5-11.1_mips.deb
      Size/MD5 checksum:  1358006 7e75df4325e20f2478fd54d441fcc715

    nscd_2.2.5-11.1_mips.deb
      Size/MD5 checksum:    60704 d2387e9cad995ee10b0513d3b6e79fb9



  Little endian MIPS architecture:



    libc6_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:  3731092 5f537aa6ad70002211455c699abb555c

    libc6-dbg_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:  3752938 1e409ec03cc57ed27e3b35bd744fe688

    libc6-dev_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:  2971866 336b39822595b14a1921dc65a0de0cff

    libc6-pic_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:  1197810 a8d8498b3282aed435f9f8ab0b3d6905

    libc6-prof_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:  1352706 b9d9fb7a200eecb96a96cc2972e3918f

    nscd_2.2.5-11.1_mipsel.deb
      Size/MD5 checksum:    60660 712ec0abed411be2481b59b619700b61



  PowerPC architecture:



    libc6_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:  3979450 db1a19a43c4d3ffdc65fbd77b7061563

    libc6-dbg_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:  2869066 8271009f50b47fbd0d4086a5fb62c330

    libc6-dev_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:  2819446 c2700b6a232bc0b953d019da37d56b0b

    libc6-pic_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:  1148186 969a1ac7ad4dd77d070303e4ab6a2a6a

    libc6-prof_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:  1343068 21cce061fc164921f95ca9519a2a1a45

    nscd_2.2.5-11.1_powerpc.deb
      Size/MD5 checksum:    59694 d31b8b79e38842293a6db5846e5c4dc6



  IBM S/390 architecture:



    libc6_2.2.5-11.1_s390.deb
      Size/MD5 checksum:  3906476 1d3ea71124678f9b862274d2af1408a6

    libc6-dbg_2.2.5-11.1_s390.deb
      Size/MD5 checksum:  1211024 3b0aaca4a4a389c555f8dbd9d6b34e5c

    libc6-dev_2.2.5-11.1_s390.deb
      Size/MD5 checksum:  2594858 40cc49d566485948afbceccba63d7e5d

    libc6-pic_2.2.5-11.1_s390.deb
      Size/MD5 checksum:  1091428 7036c91f2e6a7eaaeebd7897f4581aca

    libc6-prof_2.2.5-11.1_s390.deb
      Size/MD5 checksum:  1170368 2745dec6bf2387b0661df18860ed1b4b

    nscd_2.2.5-11.1_s390.deb
      Size/MD5 checksum:    60546 8498d01698260ac6ec0d3c2f8fff7c1a



  Sun Sparc architecture:



    libc6_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  3862746 d91466f4b9e4897cbafc4c1199be88f3

    libc6-dbg_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  2816146 513bed2e76f70042ca7f7e7b15c8cca8

    libc6-dev_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  2752262 8a3f9191051db7997178ae485ef85dbc

    libc6-dev-sparc64_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  1630266 dee3f3529595b9a563262776642275f6

    libc6-pic_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  1146040 1721ff7fef4439939c307eee7b1f44f7

    libc6-prof_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  1257694 ee6c1c61a1908f92e3317c7d2207a0c2

    libc6-sparc64_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:  4185158 712673f9663ac49811d127a6bb30ce47

    nscd_2.2.5-11.1_sparc.deb
      Size/MD5 checksum:    59606 a1f86066822e4778df6b420f7dad13fa





  These files will probably be moved into the stable distribution on

  its next revision.



---------------------------------------------------------------------------------


For apt-get: deb http://security.debian.org/ stable/updates main

For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main

Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.7 (GNU/Linux)



iD8DBQE9WMGlW5ql+IAeqTIRAueEAJ4gEM5pbTdjl+/VOSXm+LMwGQwMEACeNEsg

MNbu5zhItuQM/gKE7Kr9vu0=

=F4kf

-----END PGP SIGNATURE-----





-- 

To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung