[Technik] [SECURITY] [DSA 1273-1] New nas packages fix
multiple remote vulnerabilities
Noèl Köthe
noel at debian.org
Fri Apr 6 12:50:48 CEST 2007
Am Dienstag, den 27.03.2007, 19:54 +0200 schrieb Noah Meyerhans:
> Debian Security Advisory DSA-1273-1 security at debian.org
> http://www.debian.org/security/ Noah Meyerhans
> March 27, 2007
>
> Package : nas
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547
> BugTraq ID : 23017
> Debian Bug : 416038
libaudio2 (eine Abhängigkeit von qt für Leute die sich wie ich wundern,
warum audio auf dem Server installiert ist) auf h01, h02, h03 und h04
aktualisiert.
> For the stable distribution (sarge), these problems have been fixed in
> version 1.7-2sarge1
changelog:
nas (1.7-2sarge1) stable-security; urgency=high
* High-urgency upload to fix multiple security holes (CVE-2007-1543,
CVE-2007-1544, CVE-2007-1545, CVE-2007-1546 and CVE-2007-1547):
+ accept_att_local buffer overflow through USL connection
+ server termination through unexistent ID in AddResource
+ bcopy crash caused by integer overflow in ProcAuWriteElement
+ invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ another invalid memory pointer caused by big num_actions in
ProcAuSetElements
+ invalid memory pointer in compileInputs
+ exploits bug 3 in read mode (requires something playing on
the server)
+ NULL pointer caused by too much connections
-- Steve McIntyre <93sam at debian.org> Mon, 26 Mar 2007 01:21:28 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070406/40a66564/attachment.pgp
More information about the Technik
mailing list