Login
Newsletter
Werbung

Sicherheit: Integer-Überlauf in XDR-Bibliothek von glibc
Aktuelle Meldungen Distributionen
Name: Integer-Überlauf in XDR-Bibliothek von glibc
ID: DSA-282-1
Distribution: Debian
Plattformen: Debian potato
Datum: Mi, 9. April 2003, 13:00
Referenzen: Keine Angabe
Applikationen: GNU C library

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 282-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 9th, 2003 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package : glibc
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2003-0028
CERT advisory : VU#516825 CA-2003-10

eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function which is also present in GNU libc. This
function is part of the XDR (external data representation)
encoder/decoder derived from Sun's RPC implementation. Depending upon
the application, this vulnerability can cause buffer overflows and
could possibly be exploited to execute arbitray code.

For the stable distribution (woody) this problem has been
fixed in version 2.2.5-11.5.

For the old stable distribution (potato) this problem has been
fixed in version 2.1.3-25.

For the unstable distribution (sid) this problem has been
fixed in version 2.3.1-16.

We recommend that you upgrade your libc6 packages.


Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc
Size/MD5 checksum: 1060 56a209944950edd0e7bd154bb49a6ff0
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz
Size/MD5 checksum: 148278 ed41b49981c00c3c8799dc42c48563b1
glibc_2.1.3.orig.tar.gz
Size/MD5 checksum: 6598238 aea1bb5c28f793013153d1b8f91eb746

Architecture independent components:

glibc-doc_2.1.3-25_all.deb
Size/MD5 checksum: 2189610 2de18b6bcac4404202be85090543bb87
i18ndata_2.1.3-25_all.deb
Size/MD5 checksum: 1062446 fce8025de5390b19f589fe14288e1490

Alpha architecture:

libc6.1_2.1.3-25_alpha.deb
Size/MD5 checksum: 7199918 ce96f899259e0417372c668a170e18a1
libc6.1-dbg_2.1.3-25_alpha.deb
Size/MD5 checksum: 2112200 ad2937b154f5e40068ceed8884a42356
libc6.1-dev_2.1.3-25_alpha.deb
Size/MD5 checksum: 3046684 d33720e2c0fd326d21937f21ef1578b7
libc6.1-pic_2.1.3-25_alpha.deb
Size/MD5 checksum: 1115488 5d0a8f7b4148800f107639b9d1d818cd
libc6.1-prof_2.1.3-25_alpha.deb
Size/MD5 checksum: 1696222 31f623fc298ce12d933f62783c1583fc
libnss1-compat_2.1.3-25_alpha.deb
Size/MD5 checksum: 208516 59815120c8589b8076f4525339f6118f
locales_2.1.3-25_alpha.deb
Size/MD5 checksum: 2283954 e5fa51311b742dc3dc0e076d4857aae3
nscd_2.1.3-25_alpha.deb
Size/MD5 checksum: 108820 bf71281f4ed4b96cbefc43324c1ba918

ARM architecture:

http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_arm.deb
Size/MD5 checksum: 2023934 e6a514185544633a811f44b7c36ba3dc
libc6-dbg_2.1.3-25_arm.deb
Size/MD5 checksum: 2334808 f7a24f185f1d8235d1bd30c2423203c9
libc6-dev_2.1.3-25_arm.deb
Size/MD5 checksum: 2365074 917a9a8f2d788823cb09ee6c8cdd50b1
libc6-pic_2.1.3-25_arm.deb
Size/MD5 checksum: 751958 3160ce39d3d4e8b3487a619f224ae134
libc6-prof_2.1.3-25_arm.deb
Size/MD5 checksum: 1067736 17870d339d81bc1714c71a5b2261e883
locales_2.1.3-25_arm.deb
Size/MD5 checksum: 2284744 fca6760d3066bf602cfcab6b720cd33e
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_arm.deb
Size/MD5 checksum: 36982 5016bad86595811847c897c273aafbed

Intel IA-32 architecture:

libc6_2.1.3-25_i386.deb
Size/MD5 checksum: 1901232 019aca330943c17d314ae87464b654c6
libc6-dbg_2.1.3-25_i386.deb
Size/MD5 checksum: 2441750 a9b73986fbb65ef2eec1335d13481bb6
libc6-dev_2.1.3-25_i386.deb
Size/MD5 checksum: 2169958 3816e3c7fc581adf8868324a6503f22d
libc6-pic_2.1.3-25_i386.deb
Size/MD5 checksum: 671274 8e3b1b42a5fc9953d248cac0b7146e20
libc6-prof_2.1.3-25_i386.deb
Size/MD5 checksum: 935210 3adc57ffc755ab2d95d03e0f33c18de3
libnss1-compat_2.1.3-25_i386.deb
Size/MD5 checksum: 38556 4281ff663459bdbf52024c594604f8c4
locales_2.1.3-25_i386.deb
Size/MD5 checksum: 2284744 f22d70017e7537fcb161725ca68809bd
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_i386.deb
Size/MD5 checksum: 36204 b64c7ef4d4ec2e2e2de0eb49ccbff267

Motorola 680x0 architecture:

libc6_2.1.3-25_m68k.deb
Size/MD5 checksum: 1884776 f0323fc95c3eb4819f6c3f913eea5453
libc6-dbg_2.1.3-25_m68k.deb
Size/MD5 checksum: 2446050 1809c359872b94018d7bd04131d04652
libc6-dev_2.1.3-25_m68k.deb
Size/MD5 checksum: 2097998 cc8987d786bef19216338bb50299dea5
libc6-pic_2.1.3-25_m68k.deb
Size/MD5 checksum: 576380 1f99e9eb9da988da48b059ff7c175b39
libc6-prof_2.1.3-25_m68k.deb
Size/MD5 checksum: 844748 5bb29050d14341d69ecba8643eca8533
libnss1-compat_2.1.3-25_m68k.deb
Size/MD5 checksum: 36832 5cff62892015c1c869e1f9c8583a0e60
locales_2.1.3-25_m68k.deb
Size/MD5 checksum: 2270750 484df9fcf1bd58c6f7d7b125986f6c9a
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_m68k.deb
Size/MD5 checksum: 35148 a179ad916fd453b1b6660c3023e22353

PowerPC architecture:

libc6_2.1.3-25_powerpc.deb
Size/MD5 checksum: 2101592 8c099a7124ae32fcf1c1ea734aeb1f07
libc6-dbg_2.1.3-25_powerpc.deb
Size/MD5 checksum: 2518230 fe1f796d18277e58c5f75f0019d8aac7
libc6-dev_2.1.3-25_powerpc.deb
Size/MD5 checksum: 2380426 8467963a2af5595d795afd7119ad8f70
libc6-pic_2.1.3-25_powerpc.deb
Size/MD5 checksum: 743210 70136f1f255a87b254e17f4144820e7c
libc6-prof_2.1.3-25_powerpc.deb
Size/MD5 checksum: 1132696 168fcacf40eb78e99669ffd26d4ec5df
locales_2.1.3-25_powerpc.deb
Size/MD5 checksum: 2284068 b8787c7b9029dd9dc021b60cf8262fba
nscd_2.1.3-25_powerpc.deb
Size/MD5 checksum: 37652 181378af0b85dac729bca4436f354f49

Sun Sparc architecture:

libc6_2.1.3-25_sparc.deb
Size/MD5 checksum: 2076574 32f74e27acada04b8b5344bfa7532f1c
libc6-dbg_2.1.3-25_sparc.deb
Size/MD5 checksum: 2496670 d4a4d61cb5ba3c2d1dd3ebc1f0ec3ef1
libc6-dev_2.1.3-25_sparc.deb
Size/MD5 checksum: 2355240 5596239d4bfbfeb711a4db522ad0e06a
libc6-pic_2.1.3-25_sparc.deb
Size/MD5 checksum: 745926 a4e6e7ff040a259e649b3cab797e7d5c
libc6-prof_2.1.3-25_sparc.deb
Size/MD5 checksum: 1055698 8049f65395dd312e1e201791e08f1063
locales_2.1.3-25_sparc.deb
Size/MD5 checksum: 2270580 9edfe83f497ab6c0dde0c388ee3b4857
nscd_2.1.3-25_sparc.deb
Size/MD5 checksum: 36926 a3fd355456bf9fc7a9cb29ab2798cf69


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.5.dsc
Size/MD5 checksum: 1358 2128dd49633cd5c3b1988cbfb97b7854
glibc_2.2.5-11.5.diff.gz
Size/MD5 checksum: 398887 8dcf7e8e201645f9356aa94b2fa51e98
glibc_2.2.5.orig.tar.gz
Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9

Architecture independent components:

glibc-doc_2.2.5-11.5_all.deb
Size/MD5 checksum: 2698954 a4b3499f4f86d31796017956595f18c2
locales_2.2.5-11.5_all.deb
Size/MD5 checksum: 3391768 ccf4d44b92bc9d5d17f38a9f4e1f9e54

Alpha architecture:

libc6.1_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 4557940 1a32112ed1286c8acb2a576d9123f151
libc6.1-dbg_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 1350992 069cdc00a62c8c06a5020a85506c1f4b
libc6.1-dev_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 2981174 929ab468024510f2078b36a5a4e1997f
libc6.1-pic_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 1321576 7336a7d74fa1e5d68fa650cc55d5c30f
libc6.1-prof_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 1538914 854241cd12a452ed8f04dcf66a531464
nscd_2.2.5-11.5_alpha.deb
Size/MD5 checksum: 69640 1095af53ee6857b7a7592ec708fd153d

ARM architecture:

libc6_2.2.5-11.5_arm.deb
Size/MD5 checksum: 3686180 9547c339fdde263e06f9c9fb18d9ac05
libc6-dbg_2.2.5-11.5_arm.deb
Size/MD5 checksum: 2767164 787a84cf5162546ac48a2e8a19707cfc
libc6-dev_2.2.5-11.5_arm.deb
Size/MD5 checksum: 2863216 772ff3fe834e555803f84751fc1845c2
libc6-pic_2.2.5-11.5_arm.deb
Size/MD5 checksum: 1182134 d104d8825db6427367db4d776071c8b5
libc6-prof_2.2.5-11.5_arm.deb
Size/MD5 checksum: 1282574 3e3cc28c6ec11f334624156cd813ab2d
nscd_2.2.5-11.5_arm.deb
Size/MD5 checksum: 59440 662fe182f46f986741e9461d241a8ad0

Intel IA-32 architecture:

libc6_2.2.5-11.5_i386.deb
Size/MD5 checksum: 3383242 88a2bbfffcc4125509cf78631b1d3a2f
libc6-dbg_2.2.5-11.5_i386.deb
Size/MD5 checksum: 2433570 019e5dbe83388bfa12fdad4f48717ca9
libc6-dev_2.2.5-11.5_i386.deb
Size/MD5 checksum: 2390800 5ced1e1586515842f2300c1cd140f67b
libc6-pic_2.2.5-11.5_i386.deb
Size/MD5 checksum: 841732 50e4e73d3c7add8af88d4df27c872d85
libc6-prof_2.2.5-11.5_i386.deb
Size/MD5 checksum: 935936 bd742abc5d56e19955c8794165b96504
nscd_2.2.5-11.5_i386.deb
Size/MD5 checksum: 59142 505aed2356c75ea29148f90fd03f7432

Intel IA-64 architecture:

libc6.1_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 4438298 4bea230883a4b96e2315984f885c5162
libc6.1-dbg_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 8369294 589c5c026edf5410aed18f8fb0865ce5
libc6.1-dev_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 3556560 022504d7f330daefb5298aedd6f03b88
libc6.1-pic_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 1365928 bab379b7a288decf813563f2c0d2a0dc
libc6.1-prof_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 1638180 7c3ccfd83eb009382c18fa561a058d14
nscd_2.2.5-11.5_ia64.deb
Size/MD5 checksum: 69704 47978d0dcb743b86bb9b29b1fbe62b5d

HP Precision architecture:

libc6_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 4171184 8f780d2ac704c5e8b3468702cbfb0428
libc6-dbg_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 3060650 8d77b1e94bd87eb1f4a005908bcdac32
libc6-dev_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 2897378 9a06f0ea55d096be897b8e22f3f5b473
libc6-pic_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 1280628 630bdfa4d8865f29a7ec206be2823070
libc6-prof_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 1445686 1af3470215cb24f454394a6af687fece
nscd_2.2.5-11.5_hppa.deb
Size/MD5 checksum: 62562 4b1a20714a54b034ca938f272f702c9c

Motorola 680x0 architecture:

libc6_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 3505802 e3a4f018e815abf9667178065abdca9e
libc6-dbg_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 2430342 f087e51e37cc299f7417eb7d728f846a
libc6-dev_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 2284984 31dd21b885ee48bd36af9a4ae3d2a98d
libc6-pic_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 731598 555c94e942e75e4caee44c6dabb69975
libc6-prof_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 838994 5e694f497bd3b0ed883d66b09cfffbb3
nscd_2.2.5-11.5_m68k.deb
Size/MD5 checksum: 57994 720e10db51e651c92ce2233c956d9bb5

Big endian MIPS architecture:

libc6_2.2.5-11.5_mips.deb
Size/MD5 checksum: 3864536 60e8e46396d13b5415f4e5110aeca6a5
libc6-dbg_2.2.5-11.5_mips.deb
Size/MD5 checksum: 3846240 108d7042f8e2ae5e68b0820b0e4ce69b
libc6-dev_2.2.5-11.5_mips.deb
Size/MD5 checksum: 2979598 fe7f138cdaf9c42121fbbc24157b2b51
libc6-pic_2.2.5-11.5_mips.deb
Size/MD5 checksum: 1204054 f5d9a0ebfb33cc4e2acf955c3fbc9319
libc6-prof_2.2.5-11.5_mips.deb
Size/MD5 checksum: 1358510 854c9a6368a0c390a6a9373e92da15ad
nscd_2.2.5-11.5_mips.deb
Size/MD5 checksum: 61080 cf386c07d34d99674e73b16b2b8fe9e6

Little endian MIPS architecture:

libc6_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 3731790 7f14fa28975e1023bab01b019d32e3c5
libc6-dbg_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 3753344 6760272aa32f5afb0402e9149abe54d8
libc6-dev_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 2984884 05a09ecdfcdf0f2ee7589cf649d95a9f
libc6-pic_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 1198332 a152c9a640c969828dfb0ef9ce806d93
libc6-prof_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 1353506 a0127e7260805cfd20cf604ffde9c15b
nscd_2.2.5-11.5_mipsel.deb
Size/MD5 checksum: 61056 468295bec5af9dcabf0f591719d659a4

PowerPC architecture:

libc6_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 3980054 5b21b7902fc0240705358219791a2973
libc6-dbg_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 2869772 70ddcfb567a6e0e96dcf80b7e3429213
libc6-dev_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 2819998 ec855989ee52ac696f3555b6ae8a6304
libc6-pic_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 1148640 ce2682dc94bd7918cfc5a5b2f9f90472
libc6-prof_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 1343480 4f19534a5b36c5dc8697978b26753c4e
nscd_2.2.5-11.5_powerpc.deb
Size/MD5 checksum: 60092 a86a046ffed960dabe01589d9b6846e7

IBM S/390 architecture:

libc6_2.2.5-11.5_s390.deb
Size/MD5 checksum: 3937044 cef155bc1380cedf6e1a04379ad69680
libc6-dbg_2.2.5-11.5_s390.deb
Size/MD5 checksum: 1229072 077a044ce92840fbf1f27cf0704cf63c
libc6-dev_2.2.5-11.5_s390.deb
Size/MD5 checksum: 2612750 c59fabc87136ebf25a7d240f98255eee
libc6-pic_2.2.5-11.5_s390.deb
Size/MD5 checksum: 1108308 a5110bc5152b349ec8b07c15219fdb8d
libc6-prof_2.2.5-11.5_s390.deb
Size/MD5 checksum: 1187274 2395e11b270c409e0a61965c9b43ede5
nscd_2.2.5-11.5_s390.deb
Size/MD5 checksum: 61084 e85a53a12a4977648c689e94b9235ac0

Sun Sparc architecture:

libc6_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 3863234 2a6e1727718ad00a306354d2e8620074
libc6-dbg_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 2816434 7a20f9ec7b96ef6eed505d778ac2f61c
libc6-dev_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 2800138 0396a67a7d87f85a7ca1b353d59b92c8
libc6-dev-sparc64_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 1631874 8096a1edf9446b961adf4d6169317c9b
libc6-pic_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 1146550 147836fbf781cc0d675ca7642569ece5
libc6-prof_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 1258128 5bd59e0275a5507b8c1567e4c64f88db
libc6-sparc64_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 4184708 6fc94ccb2e7e6f880e45e40a94ca2e92
nscd_2.2.5-11.5_sparc.deb
Size/MD5 checksum: 59990 b47df77ad5958347d6c5fba0b14ce678


These files will probably be moved into the stable distribution on
its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+lAHlW5ql+IAeqTIRAoyJAJ9ollYSSLQBiFkVbCSgO12W7BYMtwCfYtHg
w3aKolALv9NlabgFa5EATjk=
=uLMo
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung