| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030818131137.GE1361__49740.4374451891$1061241843@alcor.net>
Date: Mon, 18 Aug 2003 09:11:37 -0400
From: debian-security-announce@...ts.debian.org
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] [SECURITY] [DSA-364-3] New man-db packages fix segmentation fault
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 364-3 security@...ian.org
http://www.debian.org/security/ Matt Zimmerman
August 18th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : man-db
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.
For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.
We recommend that you update your man-db package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.dsc
Size/MD5 checksum: 632 fd96d9c25398ac5e0cb6dbbd89f70f9a
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.diff.gz
Size/MD5 checksum: 107325 d287b1744b738ad3f2bc6bd87623a18f
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20.orig.tar.gz
Size/MD5 checksum: 516391 5021f8a23cba9b14df39aa06407baefb
Alpha architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_alpha.deb
Size/MD5 checksum: 543536 a280db35ac8b3a256e62b358a2510b09
ARM architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_arm.deb
Size/MD5 checksum: 478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_i386.deb
Size/MD5 checksum: 472876 c8c8400072025e08a95edb64ba386128
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_ia64.deb
Size/MD5 checksum: 601840 39c8eb1e7d77709e7d65c66d03d2b499
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_hppa.deb
Size/MD5 checksum: 521108 a322b8873e1c058ef8bebcf920379dcb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_m68k.deb
Size/MD5 checksum: 467758 74a07b9d7676c7df78dd3ae07c5d8480
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mips.deb
Size/MD5 checksum: 516178 6864f6f061ba849bbc8889aae8ddfd49
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mipsel.deb
Size/MD5 checksum: 517228 2f41b1d7f3a4e055a4464e90dc378ec6
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_powerpc.deb
Size/MD5 checksum: 494144 b7cfa8a5ffea0fc18f9385919ea2953a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_s390.deb
Size/MD5 checksum: 479174 67d8220b09b7f911e27d3c0f8068d6fa
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_sparc.deb
Size/MD5 checksum: 479226 22258abf6a45f8c2a23a73c17d6798bd
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/QNBqArxCt0PiXR4RAphjAJwIWY/QIwFKQxQAdat28d4brhFK6ACeMNre
u2ni+cRjHaHDUXFGVRY6x0Q=
=LiYy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists