[Technik] [SECURITY] [DSA 1278-1] New man-db packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Sun Apr 8 15:25:57 CEST 2007
Am Freitag, den 06.04.2007, 18:31 +0200 schrieb Noah Meyerhans:
> Debian Security Advisory DSA-1278-1 security at debian.org
> http://www.debian.org/security/ Noah Meyerhans
> April 06, 2007
>
> Package : man-db
> Vulnerability : buffer overflow
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2006-4250
man-db auf kiowa, h01, karuk, h02, kansa, h03, cusa, h04, acoma, cupa,
wasco, pima und pomo aktualisiert.
> For the stable distribution (sarge), this problem has been fixed in
> version 2.4.2-21sarge1
changelog:
man-db (2.4.2-21sarge1) stable-security; urgency=low
* CVE-2006-4250: Fix a buffer overrun if using -H and the designated web
browser (argument to -H or $BROWSER) contains multiple %s expansions.
Thanks to Jochen Vo<C3><9F> for the report.
-- Colin Watson <cjwatson at debian.org> Wed, 8 Nov 2006 23:00:04 -0800
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070408/e82d8923/attachment.pgp
More information about the Technik
mailing list