Debians sikkerhedsbulletin

DSA-1318-1 ekg -- flere sårbarheder

Rapporteret den:

22. jun 2007

Berørte pakker:

ekg

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-2370, CVE-2005-2448, CVE-2007-1663, CVE-2007-1664, CVE-2007-1665.

Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i ekg, Gadu Gadu-klient til konsollen. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

CVE-2005-2370
Man har opdaget at hukommelsesjusteringsfejl kunne gøre det muligt for fjernangribere at forårsage et lammelsesangreb (denial of service) på visse arkitekturer så som sparc. Dette påvirker kun Debian sarge.
CVE-2005-2448
Man har opdaget at flere fejl i forbindelse med endianess kunne gøre det muligt for fjernangribere at forårsage et lammelsesangreb. Dette påvirker kun Debian sarge.
CVE-2007-1663
Man har opdaget at en hukommelseslækage i hånderingen af billedbeskeder kunne føre til lammelsesangreb. Dette påvirker kun Debian etch.
CVE-2007-1664
Man har opdaget at en null pointer-deference i token-OCR-koden kunne føre til lammelsesangreb. Dette påvirker kun Debian etch.
CVE-2007-1665
Man har opdaget at en hukommelseslækage i token-OCR-koden kunne føre til lammelsesangreb. Dette påvirker kun Debian etch.

I den gamle stabile distribution (sarge) er disse problemer rettet i version 1.5+20050411-7. Denne opdatering mangler opdaterede pakker til arkitekturen m68k. De vil blive stillet til rådighed senere.

I den stabile distribution (etch) er disse problemer rettet i version 1:1.7~rc2-1etch1.

I den ustabile distribution (sid) er disse problemer rettet i version 1:1.7~rc2-2.

Vi anbefaler at du opgraderer dine ekg-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb

Debian GNU/Linux 4.0 (etch)

Kildekode:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz; http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb; http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.