A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.
For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.
We recommend that you update your man-db package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 364-3 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
August 18th, 2003 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
--
Package : man-db
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.
For the current stable distribution (woody), this problem has been fixed
in version 2.3.20-18.woody.4.
For the unstable distribution (sid), this problem has been fixed in
version 2.4.1-13.
We recommend that you update your man-db package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4.dsc
Size/MD5 checksum: 632 fd96d9c25398ac5e0cb6dbbd89f70f9a
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4.diff.gz
Size/MD5 checksum: 107325 d287b1744b738ad3f2bc6bd87623a18f
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20.orig
.tar.gz
Size/MD5 checksum: 516391 5021f8a23cba9b14df39aa06407baefb
Alpha architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_alpha.deb
Size/MD5 checksum: 543536 a280db35ac8b3a256e62b358a2510b09
ARM architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_arm.deb
Size/MD5 checksum: 478518 e9094fb1bd1fb6bdcdc6e3e6fb2ace4b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_i386.deb
Size/MD5 checksum: 472876 c8c8400072025e08a95edb64ba386128
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_ia64.deb
Size/MD5 checksum: 601840 39c8eb1e7d77709e7d65c66d03d2b499
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_hppa.deb
Size/MD5 checksum: 521108 a322b8873e1c058ef8bebcf920379dcb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_m68k.deb
Size/MD5 checksum: 467758 74a07b9d7676c7df78dd3ae07c5d8480
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_mips.deb
Size/MD5 checksum: 516178 6864f6f061ba849bbc8889aae8ddfd49
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_mipsel.deb
Size/MD5 checksum: 517228 2f41b1d7f3a4e055a4464e90dc378ec6
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_powerpc.deb
Size/MD5 checksum: 494144 b7cfa8a5ffea0fc18f9385919ea2953a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_s390.deb
Size/MD5 checksum: 479174 67d8220b09b7f911e27d3c0f8068d6fa
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.w
oody.4_sparc.deb
Size/MD5 checksum: 479226 22258abf6a45f8c2a23a73c17d6798bd
These files will probably be moved into the stable distribution on
its next revision.
- ------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/QNBqArxCt0PiXR4RAphjAJwIWY/QIwFKQxQAdat28d4brhFK6ACeMNre
u2ni+cRjHaHDUXFGVRY6x0Q=
=LiYy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[ reply ]