Debians sikkerhedsbulletin

DSA-1626-1 httrack -- bufferoverløb

Rapporteret den:

1. aug 2008

Berørte pakker:

httrack

Sårbar:

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 30425.
I Mitres CVE-ordbog: CVE-2008-3429.

Yderligere oplysninger:

Joan Calvet opdagede at httrack, et værktøj til oprettelse af lokale kopier af websteder, var sårbart over for et bufferoverløb, der potentielt gjorde det muligt at udføre vilkårlig kode når det modtog ekstremt lange URL'er.

I den stabile distribution (etch), er dette problem rettet i version 3.40.4-3.1+etch1.

I distributionen testing (lenny) og i den ustabile distribution (sid), er dette problem rettet i version 3.42.3-1.

Vi anbefaler at du opgraderer din httrack-pakke.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:: http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.dsc; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4.orig.tar.gz; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.diff.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/h/httrack/httrack-doc_3.40.4-3.1+etch1_all.deb
AMD64:: http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_amd64.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_amd64.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_amd64.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_amd64.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_arm.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_arm.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_arm.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_arm.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_hppa.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_hppa.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_hppa.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_hppa.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_i386.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_i386.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_i386.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_i386.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_ia64.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_ia64.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_ia64.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_ia64.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mips.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mips.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mips.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mips.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mipsel.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mipsel.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mipsel.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mipsel.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_powerpc.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_powerpc.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_powerpc.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_powerpc.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_s390.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_s390.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_s390.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_s390.deb; http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_sparc.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_sparc.deb; http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_sparc.deb; http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_sparc.deb; http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.