Salut, est-ce que tu peux voire, et fixer ca au plus tot? Des que j'ai ta reponse, je peux UL dans la SID avec urgency=high...
Thomas ----- Original message ----- > Subject: minissdpd: multiple flaws > Package: minissdpd > Version: 1.0-2 > Justification: root security hole > Severity: critical > Tags: upstream security > > As originally reported at https://bugs.launchpad.net/bugs/813313 and > http://www.openwall.com/lists/oss-security/2011/07/28/12 > > In Ubuntu, we lowered miniupnpc and libnatpmp's recommends on > minissdpd to suggests. > ===== > Denial of Service: > - off-by-one in packet parsing can trigger crashes on unluckily alignment > minissdpd.c line ~290 > - walk off end of memory without length check in "cache-control" packet > minissdpd.c line ~314 > - some unchecked malloc uses could lead to crash > - does not clean up /var/run files on crash > > > Corruption, possible manipulation of responses: > - linefeed injection in service requests > - unchecked write lengths (could get interrupted, lead to corruption) > > Memory corruption, with execution control likely: > - multiple buffer overflows in processRequest > - unchecked decoded lengths > - unchecked buffer creation length > - integer overflows in decoded lengths > - write null byte arbitrarily in heap > - could read stack memory out on requests (including canary if OS > used stack protector canary that wasn't null-started). e.g.: > - add bogus service with giant coded-length "location" entry > - read back with type==1 and matching "st" > > > General Safety: > - does not drop privileges > > > -- System Information: > Debian Release: wheezy/sid > APT prefers oneiric > APT policy: (500, 'oneiric') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.0.0-7-generic (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages minissdpd depends on: > ii libc6 2.13-9ubuntu3 Embedded > GNU C Library: > Shared lib > > minissdpd recommends no packages. > > minissdpd suggests no packages. > > -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
