Re: [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution
So as if vacation messages were not enough, now we have nonsense replies?
Listmaster, please unsubscribe this user: rhett.jones@utbox.net
Rhett Jones escreveu:
> Ok no worries talk then
>
> -----Original Message-----
> From: Steffen Joeris [mailto:white@debian.org]
> Sent: Saturday, 21 March 2009 1:11 AM
> To: debian-security-announce@lists.debian.org
> Subject: [SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution
> Importance: High
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1747-1 security@debian.org
> http://www.debian.org/security/ Steffen Joeris
> March 20, 2009 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : glib2.0
> Vulnerability : integer overflow
> Problem type : local (remote)
> Debian-specific: no
> CVE Id : CVE-2008-4316
> Debian Bugs : 520046
>
>
> Diego Petten discovered that glib2.0, the GLib library of C routines,
> handles large strings insecurely via its Base64 encoding functions. This
> could possible lead to the execution of arbitrary code.
>
>
> For the stable distribution (lenny), this problem has been fixed in
> version 2.16.6-1+lenny1.
>
> For the oldstable distribution (etch), this problem has been fixed in
> version 2.12.4-2+etch1.
>
> For the testing distribution (squeeze), this problem will be fixed soon.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 2.20.0-1.
>
>
> We recommend that you upgrade your glib2.0 packages.
>
>
--
Eduardo M Kalinowski
eduardo@kalinowski.com.br
Reply to: