Debian: man-db denial of service vulnerability
Summary
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.
For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.
We recommend that you update your man-db package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 632 fd96d9c25398ac5e0cb6dbbd89f70f9a
Size/MD5 checksum: 107325 d287b1744b738ad3f2bc6bd87623a18f
Size/MD5 checksum: 516391 5021f8a23cba9b14df39aa06407baefb
Alpha architecture:
Size/MD5 checksum: 543536 a280db35ac8b3a256e62b358a2510b09
ARM architecture:
Size/MD5 checksum: 478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b
Intel IA-32 architecture:
Size/MD5 checksum: 472876 c8c8400072025e08a95edb64ba386128
Intel IA-64 architecture:
Size/MD5 checksum: 601840 39c8eb1e7d77709e7d65c66d03d2b499
HP Precision architecture:
Size/MD5 checksum: 521108 a322b8873e1c058ef8bebcf920379dcb
Motorola 680x0 architecture:
Size/MD5 checksum: 467758 74a07b9d7676c7df78dd3ae07c5d8480
Big endian MIPS architecture:
Size/MD5 checksum: 516178 6864f6f061ba849bbc8889aae8ddfd49
Little endian MIPS architecture:
Size/MD5 checksum: 517228 2f41b1d7f3a4e055a4464e90dc378ec6
PowerPC architecture:
Size/MD5 checksum: 494144 b7cfa8a5ffea0fc18f9385919ea2953a
IBM S/390 architecture:
Size/MD5 checksum: 479174 67d8220b09b7f911e27d3c0f8068d6fa
Sun Sparc architecture:
Size/MD5 checksum: 479226 22258abf6a45f8c2a23a73c17d6798bd
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show