Debian: DSA-1806-1 Critical: Cscope Buffer Overflow Code Execution
debian
May 24, 2009
Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution...
Summary
Matt Murphy discovered that cscope, a source code browsing tool, does not
verify the length of file names sourced in include statements, which may
potentially lead to the execution of arbitrary code through specially
crafted source code files.
For the stable distribution (lenny), this problem has been fixed in
version 15.6-6+lenny1.
Due to a technical limitation in the Debian archive management scripts
the update for the old stable distribution (etch) cannot be released
synchronously. It will be fixed in version 15.6-2+etch1 soon.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your cscope package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may u...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: cscope
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!