- --------------------------------------------------------------------------
Debian Security Advisory DSA 364-3                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
August 18th, 2003                        Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : man-db

A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page.  However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.

For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.

We recommend that you update your man-db package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      632 fd96d9c25398ac5e0cb6dbbd89f70f9a
      
      Size/MD5 checksum:   107325 d287b1744b738ad3f2bc6bd87623a18f
      
      Size/MD5 checksum:   516391 5021f8a23cba9b14df39aa06407baefb

  Alpha architecture:

      
      Size/MD5 checksum:   543536 a280db35ac8b3a256e62b358a2510b09

  ARM architecture:

      
      Size/MD5 checksum:   478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   472876 c8c8400072025e08a95edb64ba386128

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   601840 39c8eb1e7d77709e7d65c66d03d2b499

  HP Precision architecture:

      
      Size/MD5 checksum:   521108 a322b8873e1c058ef8bebcf920379dcb

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   467758 74a07b9d7676c7df78dd3ae07c5d8480

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   516178 6864f6f061ba849bbc8889aae8ddfd49

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   517228 2f41b1d7f3a4e055a4464e90dc378ec6

  PowerPC architecture:

      
      Size/MD5 checksum:   494144 b7cfa8a5ffea0fc18f9385919ea2953a

  IBM S/390 architecture:

      
      Size/MD5 checksum:   479174 67d8220b09b7f911e27d3c0f8068d6fa

  Sun Sparc architecture:

      
      Size/MD5 checksum:   479226 22258abf6a45f8c2a23a73c17d6798bd

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: man-db denial of service vulnerability

August 18, 2003
This update introduced an error in the routinethat resolves hardlinks: depending on the filenames of hardlinked manpages, that routine might itself overrun allocated memory, causin...

Summary

A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.

For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.

We recommend that you update your man-db package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 632 fd96d9c25398ac5e0cb6dbbd89f70f9a

Size/MD5 checksum: 107325 d287b1744b738ad3f2bc6bd87623a18f

Size/MD5 checksum: 516391 5021f8a23cba9b14df39aa06407baefb

Alpha architecture:


Size/MD5 checksum: 543536 a280db35ac8b3a256e62b358a2510b09

ARM architecture:


Size/MD5 checksum: 478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b

Intel IA-32 architecture:


Size/MD5 checksum: 472876 c8c8400072025e08a95edb64ba386128

Intel IA-64 architecture:


Size/MD5 checksum: 601840 39c8eb1e7d77709e7d65c66d03d2b499

HP Precision architecture:


Size/MD5 checksum: 521108 a322b8873e1c058ef8bebcf920379dcb

Motorola 680x0 architecture:


Size/MD5 checksum: 467758 74a07b9d7676c7df78dd3ae07c5d8480

Big endian MIPS architecture:


Size/MD5 checksum: 516178 6864f6f061ba849bbc8889aae8ddfd49

Little endian MIPS architecture:


Size/MD5 checksum: 517228 2f41b1d7f3a4e055a4464e90dc378ec6

PowerPC architecture:


Size/MD5 checksum: 494144 b7cfa8a5ffea0fc18f9385919ea2953a

IBM S/390 architecture:


Size/MD5 checksum: 479174 67d8220b09b7f911e27d3c0f8068d6fa

Sun Sparc architecture:


Size/MD5 checksum: 479226 22258abf6a45f8c2a23a73c17d6798bd

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : man-db

Related News