Debian: man-db denial of service vulnerability

    Date18 Aug 2003
    CategoryDebian
    2039
    Posted ByLinuxSecurity Advisories
    This update introduced an error in the routinethat resolves hardlinks: depending on the filenames of hardlinked manpages, that routine might itself overrun allocated memory, causing asegmentation fault.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 364-3                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    August 18th, 2003                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : man-db
    
    A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
    part of the "mandb" command that finds the canonical source file for
    each man page.  However, this update introduced an error in the routine
    that resolves hardlinks: depending on the filenames of hardlinked man
    pages, that routine might itself overrun allocated memory, causing a
    segmentation fault.
    
    For the current stable distribution (woody), this problem has been fixed
    in version 2.3.20-18.woody.4.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 2.4.1-13.
    
    We recommend that you update your man-db package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.dsc
          Size/MD5 checksum:      632 fd96d9c25398ac5e0cb6dbbd89f70f9a
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.diff.gz
          Size/MD5 checksum:   107325 d287b1744b738ad3f2bc6bd87623a18f
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20.orig.tar.gz
          Size/MD5 checksum:   516391 5021f8a23cba9b14df39aa06407baefb
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_alpha.deb
          Size/MD5 checksum:   543536 a280db35ac8b3a256e62b358a2510b09
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_arm.deb
          Size/MD5 checksum:   478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_i386.deb
          Size/MD5 checksum:   472876 c8c8400072025e08a95edb64ba386128
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_ia64.deb
          Size/MD5 checksum:   601840 39c8eb1e7d77709e7d65c66d03d2b499
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_hppa.deb
          Size/MD5 checksum:   521108 a322b8873e1c058ef8bebcf920379dcb
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_m68k.deb
          Size/MD5 checksum:   467758 74a07b9d7676c7df78dd3ae07c5d8480
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mips.deb
          Size/MD5 checksum:   516178 6864f6f061ba849bbc8889aae8ddfd49
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mipsel.deb
          Size/MD5 checksum:   517228 2f41b1d7f3a4e055a4464e90dc378ec6
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_powerpc.deb
          Size/MD5 checksum:   494144 b7cfa8a5ffea0fc18f9385919ea2953a
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_s390.deb
          Size/MD5 checksum:   479174 67d8220b09b7f911e27d3c0f8068d6fa
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_sparc.deb
          Size/MD5 checksum:   479226 22258abf6a45f8c2a23a73c17d6798bd
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.