Debian: New man-db packages fix arbitrary code execution
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1278-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans April 06, 2007 - ------------------------------------------------------------------------Package : man-db Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2006-4250 A buffer overflow has been dicovered in the man command that could allow an attacker to execute code as the man user by providing specially crafted arguments to the -H flag. This is likely to be an issue only on machines with the man and mandb programs installed setuid. For the stable distribution (sarge), this problem has been fixed in version 2.4.2-21sarge1 For the upcoming stable distribution (etch) and the unstable distribution (sid), this problem has been fixed in version 2.4.3-5. We recommend that you upgrade your man-db package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 730134 15855f899a76aa302c83ffec81526ab4 Size/MD5 checksum: 673 add0d09882262adb0cbbde6845af0fbb Size/MD5 checksum: 104832 c5befcaee1865b8582d7bbe8ac21f537 alpha architecture (DEC Alpha) Size/MD5 checksum: 641194 92131ea27cf1f17fcdaaea36accfa930 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 607660 464ca88aca62d8cd8ee84072993ce0f7 arm architecture (ARM) Size/MD5 checksum: 559372 1d5563046ce831b2b7088caa044694de hppa architecture (HP PA RISC) Size/MD5 checksum: 609530 efa1144900b1ee014dd93eb5fb1bf223 i386 architecture (Intel ia32) Size/MD5 checksum: 579774 feb44785cde0c8f64cd22f35aa674ab8 ia64 architecture (Intel ia64) Size/MD5 checksum: 687208 1400e1e708ec327de4517557de51eca3 m68k architecture (Motorola Mc680x0) Size/MD5 checksum: 544688 d9bd8753aeaf7ceaa7ff29903085ca33 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 609644 b8cc5d9b03e70a2bf671983a31d858ba mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 611036 6e3cf522a309f851111ce579d1985c83 powerpc architecture (PowerPC) Size/MD5 checksum: 602320 05dac7703f16fde62ecf61f07e8ecf97 s390 architecture (IBM S/390) Size/MD5 checksum: 600014 a9d162c3c25869260895ada582042e95 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 574580 ee5ab4089c0ff87d3f976f82b4e01c27 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.