[Technik] [SECURITY] [DSA 1385-1] New xfs packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Sat Oct 20 14:10:10 CEST 2007
Am Mittwoch, den 10.10.2007, 23:02 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1385-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> October 9th, 2007 http://www.debian.org/security/faq
> Package : xfs
> Vulnerability : several
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2007-4568
xfs auf h01, h02, h03 und h04 aktualisiert. h51 (afaik im Aufbau) und
h90 (Testhive für etch Update) folgen, sobald ich den aktuellen Status
mir rausgesucht habe um dort mit Updates nicht zu stören.
> For the oldstable distribution (sarge) this problem has been fixed in
> version 4.3.0.dfsg.1-14sarge5 of xfree86. Packages for m68k are not
> yet available. They will be provided later.
changelog:
xfree86 (4.3.0.dfsg.1-14sarge5) oldstable-security; urgency=high
* Security upload, fixes several vulnerabilities
+ CVE-2007-4568: integer overflow in the computation of the size of a
dynamic buffer can lead to a heap overflow in the build_range()
function. Also, an arbitrary number of bytes on the heap can be swapped
by the swap_char2b() function.
+ CVE-2007-3103: race condition in xfs init script
-- root <root at nee> Fri, 5 Oct 2007 22:07:54 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20071020/9f737bd5/attachment.pgp
More information about the Technik
mailing list