linux, säkerhet

7320537 2001-10-18 16:16 +0200  /54 rader/ Martin Schulze <joey@finlandia.infodrom.north.de>
Sänt av: joel@lysator.liu.se
Importerad: 2001-10-19  00:22  av Brevbäraren
Extern mottagare: Debian Security Announcements <debian-security-announce@lists.debian.org>
Externa svar till: security@debian.org
Mottagare: Bugtraq (import) <19491>
Ärende: [SECURITY] [DSA 081-2] No w3m packages for powerpc available
------------------------------------------------------------
From: Martin Schulze <joey@finlandia.infodrom.north.de>
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Message-ID: <20011018161652.E1863@finlandia.infodrom.north.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 081-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 18th, 2001
- --------------------------------------------------------------------------

Packages       : w3m, w3m-ssl
Vulnerability  : Buffer Overflow
Problem-Type   : remote code execution
Debian-specific: no

In SNS Advisory No. 32 a buffer overflow vulnerability has been
reported in the routine which parses MIME headers that are returned
from web servers.  A malicious web server administrator could exploit
this and let the client web browser execute arbitrary code.

We are awfully sorry, but the powerpc version in our announcement DSA
081-1 was built on the wrong distribution (unstable instead of
stable), and thus depended on a wrong version of the glibc.  We had to
remove that file and cannot provide a fixed version.

For the powerpc architecture there is only a very old version of w3m
available.  We recommend that you don't use w3m on the powerpc
distribution.  If you require a text browser please check out links
and lynx which are both good and stable.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7zuQoW5ql+IAeqTIRAsfAAJ4jHmz6YfaIYk5xF7NisUGRzMZAPwCfaOLr
D+NaZwivx+ZyBg4LBlhUm74=
=bWU9
-----END PGP SIGNATURE-----


--  To UNSUBSCRIBE, email to
debian-security-announce-request@lists.debian.org with a subject of
"unsubscribe". Trouble? Contact listmaster@lists.debian.org
(7320537) /Martin Schulze <joey@finlandia.infodrom.north.de>/(Ombruten)