Package: kmd
Version: 0.9.19-1
Severity: grave
Tags: security
Justification: user security hole
kmd uses binutils-dev's BFD library for ELF header parsing and is therefore
vulnerable to it's integer overflow in ELF segment handling. kmd needs to be
recompiled against binutils-dev 2.15-6 once this has entered the archive.
I've verified a that a complete rebuild with binutils-dev from incoming.d.o
correctly refuses the invalid ELF header of the crafted test binary.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages kmd depends on:
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libglib1.2 1.2.10-10 The GLib library of C routines
ii libgtk1.2 1.2.10-17 The GIMP Toolkit set of widgets fo
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii libxi6 4.3.0.dfsg.1-12.0.1 X Window System Input extension li
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
