Bulletin d'alerte Debian

DSA-190-1 wmaker -- Dépassement de tampon

Date du rapport:

7 novembre 2002

Paquets concernés:

wmaker

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le dictionnaire CVE du Mitre : CVE-2002-1277.

Pour plus d'information:

Al Viro a trouvé un problème dans le code de gestion d'image utilisé dans Window Maker, un gestionnaire de fenêtres populaire à la NEXTSTEP. Quand il crée une image, il devrait allouer un tampon en multipliant la longueur par la hauteur de l'image mais il ne vérifie pas si cela déborde en mémoire, ce qui rend le tampon débordable. Il peut être exploité en utilisant une image conçue à dessein (comme lors de la prévisualisation des thèmes).

Ce problème est corrigé dans la version 0.80.0-4.1 pour l'actuelle distribution stable (Woody). Les paquets pour l'architecture mipsel ne sont pas encore disponibles.

Corrigé dans:

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
alpha (DEC Alpha):: http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
arm (ARM):: http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
hppa (HP PA RISC):: http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
i386 (Intel ia32):: http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
ia64 (Intel ia64):: http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
m68k (Motorola Mc680x0):: http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
mips (MIPS (Big Endian)):: http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
powerpc (PowerPC):: http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
s390 (IBM S/390):: http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb
sparc (Sun SPARC/UltraSPARC):: http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb; http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb; http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.