Bulletin d'alerte Debian

DSA-149-1 glibc -- Dépassement d'entier

Date du rapport:

13 août 2002

Paquets concernés:

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans la base de données de suivi des bogues (chez SecurityFocus) : Identificateur BugTraq 5356.
Dans le dictionnaire CVE du Mitre : CVE-2002-0391.
Les annonces de vulnérabilité et les bulletins d'alerte du CERT : VU#192995.

Pour plus d'information:

Un dépassement d'entier est présent dans la bibliothèque RPC utilisée par la GNU libc, qui est dérivée de la bibliothèque SunRPC. Ce bogue peut être exploité pour avoir un accès root à tout logiciel lié à ce code. Les paquets ci-dessous règle aussi des dépassements d'entier contenus dans le code de malloc. Ils contiennent aussi une modification de Andreas Schwab pour réduire linebuflen en parallèle pour éviter au pointeur du tampon d'aller dans le code de NSS DNS.

Ce problème est réglé dans la version 2.1.3-23 pour l'ancienne distribution stable (potato), dans celle 2.2.5-11.1 pour l'actuelle distribution stable (woody) et celle 2.2.5-13 pour la distribution instable (sid).

Nous vous recommandons de mettre à jour vos paquets libc6 immédiatement.

Corrigé dans:

Debian GNU/Linux 2.2 (potato)

Source :: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.1.3-24_all.deb; http://security.debian.org/pool/updates/main/g/glibc/i18ndata_2.1.3-24_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_sparc.deb

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.2_all.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.