drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in checkpw
Name: |
Denial of Service in checkpw |
|
ID: |
DSA-3192-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Di, 17. März 2015, 07:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0885 |
|
Applikationen: |
checkpw |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3192-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 17, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : checkpw CVE ID : CVE-2015-0885 Debian Bug : 780139
Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop).
For the stable distribution (wheezy), this problem has been fixed in version 1.02-1+deb7u1.
For the upcoming stable distribution (jessie), this problem has been fixed in version 1.02-1.1.
For the unstable distribution (sid), this problem has been fixed in version 1.02-1.1.
We recommend that you upgrade your checkpw packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVB8Y9AAoJEAVMuPMTQ89E+NgQAIRPOn6IUzOswKz2y56G8AB3 d54n11vzW7jEf3IXJXHC1Bk9rzCHYo+Gtofqt4ULpN+CO8GhpH/U1WYAtrZp15zk jZifegiWHn2dWJ0Fm6Qw0vWc2haWT7ap5AaROH6H0SBdVMw6cVWlC8cf5V68OyfY cNH8GyozThAEab1chd02sncn9V2JVAmhJO6q5h0bLokZG+TEDe6+HXEHQncoyB/l RV8T+2JTuKuk8awcBzHfDMj5pRww3MieMwJ7eMiK/C7op7w2tEcSdwFEOT+1bICt VYDMfIDt9NvLw0TWRu9ZxCCbG0jggEQ8OHEPW2rMaHsOQwBBV7DtEOvbfSZVyQQM 99EPKpXQSWJS8tDa84GZUNs8lum0wNbDuTua0GfNLhls7SSjL77VCoJkBmrN4M5V Bv/wEOeRlEx/lPdOOAjmMoMUBPmu9LG0/gOntcDMS7GWQueLUv42tCJyZfMzCvOE OXR1qED2zG7ji4my3bMJMeIbzRY7THEhtK1yLo/cXRcLBJkWAkgXHICMUzpJnyMV 9B983Ki9JwMjZ3xYKdpQvjnwTr7wxcRKTSmp9aXkqqED/iNithDKhWKofTHuec6Y 8MB5H0buN+O7oDIzo4OR+xJR+fd8zOWVCVNhM1WOYAsyON4kwXSIZnLNb1Hv0ekg bv0n2YsZ3eM9xMDYK1F7 =TKWJ -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1YXko9-0002ms-Kg@master.debian.org
|
|
|
|