Package : glibc Vulnerability : division by zero Problem-Type : remote Debian-specific: no CVE Id : CAN-2002-0391 CERT advisory : VU#192995
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially replaced potential integer overflows in connection with malloc() with more likely divisions by zero. This called for an update. For completeness the original security advisory said:
An integer overflow bug has been discovered in the RPC library used by GNU libc, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the malloc code.
This is fixed in version 2.2.5-11.2 for the current stable distribution (woody) by using a patch from the stable glibc-2_2 branch by Wolfgang and in version 2.1.3-24 for the old stable release (potato).
We recommend that you upgrade your libc6 packages.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato ---------------------------------