drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in cvs
Name: |
Pufferüberlauf in cvs
|
|
ID: |
DSA-505-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian woody |
|
Datum: |
Mi, 19. Mai 2004, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0396 |
|
Applikationen: |
CVS |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Debian Security Advisory DSA 505-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 19th, 2004 http://www.debian.org/security/faq --------------------------------------------------------------------------
Package : cvs Vulnerability : heap overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0396
Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System. Malformed "Entry" Lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory. This was prooven to be exploitable.
For the stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-9woody4.
For the unstable distribution (sid) this problem has been fixed in version 1.12.5-6.
We recommend that you upgrade your cvs package immediately.
Upgrade Instructions --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody --------------------------------
Source archives:
cvs_1.11.1p1debian-9woody4.dsc Size/MD5 checksum: 693 c4580daf3d02e68bf271c3fc2fa9fe8c cvs_1.11.1p1debian-9woody4.diff.gz Size/MD5 checksum: 52212 a44f53ccf950679f3257a2f3487220b7 cvs_1.11.1p1debian.orig.tar.gz Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
cvs_1.11.1p1debian-9woody4_alpha.deb Size/MD5 checksum: 1178736 503ab302999d5fec9c4cb41f735bc2ab
ARM architecture:
cvs_1.11.1p1debian-9woody4_arm.deb Size/MD5 checksum: 1105276 8b2536e975a3272b5d10590bd768b6c7
Intel IA-32 architecture:
cvs_1.11.1p1debian-9woody4_i386.deb Size/MD5 checksum: 1085994 195aa822dbd450bbb3321f17442b3644
Intel IA-64 architecture:
cvs_1.11.1p1debian-9woody4_ia64.deb Size/MD5 checksum: 1270986 2adee3e24f61234e0c597c55983257df
HP Precision architecture:
cvs_1.11.1p1debian-9woody4_hppa.deb Size/MD5 checksum: 1147338 e1a7eec47c9f6ca11d342c7a680abd93
Motorola 680x0 architecture:
cvs_1.11.1p1debian-9woody4_m68k.deb Size/MD5 checksum: 1065866 5238933fe0b1d9a9e7e2506cc39d8411
Big endian MIPS architecture:
cvs_1.11.1p1debian-9woody4_mips.deb Size/MD5 checksum: 1129740 c6e9a932c2bdabbfee51c792d813a439
Little endian MIPS architecture:
cvs_1.11.1p1debian-9woody4_mipsel.deb Size/MD5 checksum: 1131106 05424d6056d0c9123c88b7e7f6b27f7d
PowerPC architecture:
cvs_1.11.1p1debian-9woody4_powerpc.deb Size/MD5 checksum: 1116184 1fe49f6356a160087cf669f7afc12700
IBM S/390 architecture:
cvs_1.11.1p1debian-9woody4_s390.deb Size/MD5 checksum: 1097006 6e98ead7e926fc07203cf43e84b1152d
Sun Sparc architecture:
cvs_1.11.1p1debian-9woody4_sparc.deb Size/MD5 checksum: 1107284 47f8dad7b309c9c19542bf1fc9502f77
These files will probably be moved into the stable distribution on its next update.
-------------------------------------------------------------------------------- - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAqyGzW5ql+IAeqTIRAjZyAJ4mtABnKF6VAFCZxb0CE4of0iukRwCguIi6 qlV+sX6Sz2V14AW5qdH7J/I= =iN93 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|