drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in xdelta3
Name: |
Ausführen beliebiger Kommandos in xdelta3 |
|
ID: |
DSA-3484-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie, Debian stretch |
|
Datum: |
Sa, 20. Februar 2016, 00:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765 |
|
Applikationen: |
XDelta |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3484-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xdelta3 CVE ID : CVE-2014-9765 Debian Bug : 814067
Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the main_get_appheader function, which may lead to the execution of arbitrary code.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.0.0.dfsg-1+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 3.0.8-dfsg-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 3.0.8-dfsg-1.1.
For the unstable distribution (sid), this problem has been fixed in version 3.0.8-dfsg-1.1.
We recommend that you upgrade your xdelta3 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJWxzifAAoJEAVMuPMTQ89E5BkP/R75kZvWctuo7+D+S+sqPkFc /n3w5o2FXUFIkp8GWj7WA+nECKEf95vNaBDukNdRv3c+WsDJ74wiAkKei9TGKwsa lt0lTvMOZDwyz6ZzKyCeJC64RhYduVwzYFYlzi96cv7whK67OgyTR1sdK6KS7rqs qHoVGs6f2mahy8LYTE57KszUz9im5ZRzC5Gzr0aYCi5q1Xwq1FJkZ3KoNUWrLWBm XB8e5GUTD0dJnjf2JmfB/cUhLuSnomHFBT3Dz8QuJRoTKCBIZv9aoly4tjVFIZpd cxAdt8E9gGe9jc86xk2c098LsI2ta9MfGUMaLhEIYqJF9NGnYAHCeatyj7yZnVIq 4NPdj7lXL1XmC/rtRWWYiI46wTfs1j60B95tEY3H9z9c83x67P3X1z5pEpv1Yq29 qjVvH3vkKA2YFjSo/DSs5Na3vJUE33o3aKPJ4fCmVAxJj8RQD8ktgd4JsomMu3i5 nUhuMl2VPU1JCyX9ckniqXo9Rtb5yDLvyA0lgxAk826fNboS4bFolcNC7Gx0BG3E hMXV2JSiS1SP559ct5nw8zMkggyX3vsYNScrahA3Y7SA7wnAbLTR9V2z/eFVRZfP NCxjVmrHDhx/r0K4bapLOsrLiICBld8dQVxzB+Qe7zRTjbh6Prc7UeCB+ahOjoar Zn0EbyC0roOV1QsHDIp5 =FAR5 -----END PGP SIGNATURE-----
|
|
|
|