drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in xbuffy
Name: |
Ausführen beliebiger Kommandos in xbuffy |
|
ID: |
DSA-2921-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian squeeze, Debian wheezy, Debian jessie |
|
Datum: |
So, 4. Mai 2014, 23:23 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0469 |
|
Applikationen: |
xbuffy |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2921-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez May 04, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xbuffy CVE ID : CVE-2014-0469
Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts.
By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash or even remote code execution.
For the oldstable distribution (squeeze), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb6u1.
For the stable distribution (wheezy), this problem has been fixed in version 3.3.bl.3.dfsg-8+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 3.3.bl.3.dfsg-9.
For the unstable distribution (sid), this problem has been fixed in version 3.3.bl.3.dfsg-9.
We recommend that you upgrade your xbuffy packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCgAGBQJTZqtGAAoJEG3bU/KmdcClSCQH/jaytTnWyJpaBCj9RgsL2ulO 7elVLmvLwN2Tfo5hwmWzW1ibPTDaF+T19CPptimNmHx2wor0rDdNswfZFGqep4H0 TBBln9VdTrdlwkjMZwhlgceMIza+1/WlAWh/h1UFa+2Z5obyBIfDJ1mbgASsjISs qWz3mSxJfUXV6nmQys+5b8gmbjdcMYCHk63TWkLOZrtqbMm4jIFPw7zwkehmrddr PTyuKm8Dd+J2VSr3rnzfzVIDBxCBkU/np2Fh9ay6kpDXP2r1rGoYHoeHN50eKTPV lMVmqPnsXJWsZOr82p2s+xwbvDxsOCHsfxMSMDCGx7QmBPrVNbPukpFFWuv5w34= =Xx9R -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20140504210411.GA4251@scapa.corsac.net
|
|
|
|