Debian-Sicherheitsankündigung

DSA-149-1 glibc -- Integer-Überlauf

Datum des Berichts:

13. Aug 2002

Betroffene Pakete:

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 5356.
In Mitres CVE-Verzeichnis: CVE-2002-0391.
CERTs Verwundbarkeiten, Hinweise und Ereignis-Notizen: VU#192995.

Weitere Informationen:

Ein Integer-Überlauf wurde in der von der GNU libc verwendeten RPC-Bibliothek entdeckt, die von der SunRPC-Bibliothek abgeleitet ist. Dieser Fehler kann dazu ausgenutzt werden, um unberechtigten root-Zugriff durch Software zu erlangen, die mit diesen Code verlinkt ist. Die unten angeführten Pakete beheben ebenfalls Integer-Überläufe im malloc Code. Sie enthalten ebenso eine Behebung von Andreas Schwab, die linebuflen reduzieren während gleichzeitig der Pufferzähler im NSS DNS Code erhöht wird.

Dieses Problem wurde in Version 2.1.3-23 für die alte stable Distribution (Potato), in Version 2.2.5-11.1 für die aktuelle stable Distribution (Woody) und in Version 2.2.5-13 für die unstable Distribution (Sid) behoben.

Wir empfehlen Ihnen, Ihre libc6-Pakete unverzüglich zu aktualisieren.

Behoben in:

Debian GNU/Linux 2.2 (potato)

Quellcode:: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.1.3-24_all.deb; http://security.debian.org/pool/updates/main/g/glibc/i18ndata_2.1.3-24_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_sparc.deb

Debian GNU/Linux 3.0 (woody)

Quellcode:: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.2_all.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.