Jo, da die bestimmt jeder auf seinem Rechner hat, sollte man sich mal ans Updaten machen ;)
Hint: Security.Debian.org ist mom stark überlastet, es kann relativ lange dauern, hab fast 10 Mins für die paar MB gebraucht zum Connecten und Downloaden, das Update aber auf keinen Fall abbrechen ( apt-get update && apt-get upgrade )
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 282-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 9th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : glibc
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2003-0028
CERT advisory : VU#516825 CA-2003-10
eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function which is also present in GNU libc. This
function is part of the XDR (external data representation)
encoder/decoder derived from Sun's RPC implementation. Depending upon
the application, this vulnerability can cause buffer overflows and
could possibly be exploited to execute arbitray code.
For the stable distribution (woody) this problem has been
fixed in version 2.2.5-11.5.
For the old stable distribution (potato) this problem has been
fixed in version 2.1.3-25.
For the unstable distribution (sid) this problem has been
fixed in version 2.3.1-16.
We recommend that you upgrade your libc6 packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
[Edit CaptainCrunch : Ich hab die ganzen Quellen mal rausgenommen, da das zeugs ja durch apt-get update ohnehin unntöig ist]
glibc Security: Overflow
-
kase
- Posts: 1031
- Joined: 2002-10-14 22:56
Re: glibc Security: Overflow
>[Edit CaptainCrunch : Ich hab die ganzen Quellen mal rausgenommen,
>da das zeugs ja durch apt-get update ohnehin unntöig ist]
Nur wenn man den Security Server in den Sources von apt hat, ansonsten bräuchte man zumindest die i386 Deboan Woody Sources...
Aber derjenige kann ja dann notfalls auf Debian.de nachsehn.
>da das zeugs ja durch apt-get update ohnehin unntöig ist]
Nur wenn man den Security Server in den Sources von apt hat, ansonsten bräuchte man zumindest die i386 Deboan Woody Sources...
Aber derjenige kann ja dann notfalls auf Debian.de nachsehn.
-
jtb
- Posts: 599
- Joined: 2002-08-18 16:41
- Location: Darmstadt
Re: glibc Security: Overflow
scheinbar wirklich gut überlastet zu sein..Err http://security.debian.org stable/updates/main libc6-dev 2.2.5-11.5
Could not connect to security.debian.org:80 (194.109.137.218), connection timed out
-
arty
- Userprojekt
- Posts: 729
- Joined: 2002-06-12 10:11
Re: glibc Security: Overflow
Hiho,
inzwischen gehts recht fix:
bye
arty
inzwischen gehts recht fix:
Code: Select all
Get:1 http://security.debian.org stable/updates/main libc6-dev 2.2.5-11.5 [2391kB]
Get:2 http://security.debian.org stable/updates/main locales 2.2.5-11.5 [3392kB]
Get:3 http://security.debian.org stable/updates/main libc6 2.2.5-11.5 [3383kB]
Get:4 http://security.debian.org stable/updates/main glibc-doc 2.2.5-11.5 [2699kB]
Fetched 11.9MB in 12s (982kB/s)
arty