[SECURITY] [DSA-364-3] New man-db packages fix segmentation fault

• Previous message: Peter Busser: "Re: Buffer overflow prevention"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 18 Aug 2003 09:11:37 -0400
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 364-3 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
August 18th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : man-db

A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.

For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.

We recommend that you update your man-db package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.dsc
      Size/MD5 checksum: 632 fd96d9c25398ac5e0cb6dbbd89f70f9a
    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.diff.gz
      Size/MD5 checksum: 107325 d287b1744b738ad3f2bc6bd87623a18f
    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20.orig.tar.gz
      Size/MD5 checksum: 516391 5021f8a23cba9b14df39aa06407baefb

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_alpha.deb
      Size/MD5 checksum: 543536 a280db35ac8b3a256e62b358a2510b09

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_arm.deb
      Size/MD5 checksum: 478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_i386.deb
      Size/MD5 checksum: 472876 c8c8400072025e08a95edb64ba386128

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_ia64.deb
      Size/MD5 checksum: 601840 39c8eb1e7d77709e7d65c66d03d2b499

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_hppa.deb
      Size/MD5 checksum: 521108 a322b8873e1c058ef8bebcf920379dcb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_m68k.deb
      Size/MD5 checksum: 467758 74a07b9d7676c7df78dd3ae07c5d8480

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mips.deb
      Size/MD5 checksum: 516178 6864f6f061ba849bbc8889aae8ddfd49

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mipsel.deb
      Size/MD5 checksum: 517228 2f41b1d7f3a4e055a4464e90dc378ec6

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_powerpc.deb
      Size/MD5 checksum: 494144 b7cfa8a5ffea0fc18f9385919ea2953a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_s390.deb
      Size/MD5 checksum: 479174 67d8220b09b7f911e27d3c0f8068d6fa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_sparc.deb
      Size/MD5 checksum: 479226 22258abf6a45f8c2a23a73c17d6798bd

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/QNBqArxCt0PiXR4RAphjAJwIWY/QIwFKQxQAdat28d4brhFK6ACeMNre
u2ni+cRjHaHDUXFGVRY6x0Q=
=LiYy
-----END PGP SIGNATURE-----

• Previous message: Peter Busser: "Re: Buffer overflow prevention"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]