drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in apt
Name: |
Pufferüberlauf in apt |
|
ID: |
DSA-3031-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
Mi, 24. September 2014, 08:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6273 |
|
Applikationen: |
APT |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3031-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 23, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : apt CVE ID : CVE-2014-6273
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary code execution.
Two regression fixes were included in this update:
* Fix regression from the previous update in DSA-3025-1 when the custom apt configuration option for Dir::state::lists is set to a relative path (#762160).
* Fix regression in the reverificaiton handling of cdrom: sources that may lead to incorrect hashsum warnings. Affected users need to run "apt-cdrom add" again after the update was applied.
For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u5.
We recommend that you upgrade your apt packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUIZySAAoJEAVMuPMTQ89EpYgQAJV8hIcR+bcVcknG/UFghYxa a9xWm4+QymddTn7ob56UVwTjQX+kOEOGRibSTRuBtD28VXO8KkEsQorORN/MYaHR hQ0sH17gylhZ3Z5DxexHtQdRjdXmQih+p4ByUeQlc0vQkuCSzbEqVjDGDCe9mylI tFqAsnDepKbiULtIryXptA08cxoIjEIQWhaTALGrbHcjczoj1tFwxdFIv0dQLcBe VO1aiGka+s1X6HVVInf47BDzJWcnJ7nMmqUqrllwBHpoES2711aV/FfkA4Ip27qp 0+ZNwYudHVXqPhhyTrfseUGFIBk5yhZY4pNXNutrVK3OfOL9ojl9pcOZcA7ffWSF j1ZGO6gBsZuX1B9Mvzwk0cakmxajK8sMsbmXd6vqsGNMfqQu04lezE3E14qUmrU+ HIsCfI/ioOiZolVOQ97NoNIBO5u6B0jQX8zzYsIavRYjTSfbWBXmgs+om5nhEA0o KtjXwgiAUZAY4ZZY6XJJuOHLKti9gI2mr5ngveBiBQifT8hg6d7elguuS+mpd79C SqyjxAVRdM3zhJFdnuIymP3trGD5pNcEdgMatTHA0DaL7+qqxNUrYDktSWA2EHqa 6rxvvZ54zHb0juq5cvYLxg9FLABTuK9/65+CDJQAno0ZV4IEop4HyZg/lAj/B1Pz mPsR+i5n2DFdnhZaLqcb =EYc2 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1XWSn5-0007LX-RA@master.debian.org
|
|
|
|