Debian Linux Information for VU#192995
Integer overflow in xdr_array() function when deserializing the XDR stream
- Vendor Information Help Date Notified: 29 Jul 2002
- Statement Date:
- Date Updated: 06 Aug 2002
The Debian GNU/Linux distribution was vulnerable with regard to the the XDR problem as stated above with the following vulnerability matrix:
OpenAFS Kerberos5 GNU lib
Debian 2.2 (potato) not included not included vulnerable
Debian 3.0 (woody) vulnerable (DSA 142-1) vulnerable (DSA 143-1) vulnerable
Debian unstable (sid) vulnerable (DSA 142-1) vulnerable (DSA 143-1) vulnerable
DSA 142-1 OpenAFS (safe version are: 1.2.3final2-6 (woody) and 1.2.6-1 (sid))
DSA 143-1 Kerberos5 (safe version are: 1.2.4-5woody1 (woody) and 1.2.5-2 (sid))
The advisory for the GNU libc is pending, it is currently being recompiled. The fixed versions will probably be:
- Debian 2.2 (potato) glibc 2.1.3-23 or later
Debian 3.0 (woody) glibc 2.2.5-11.1 or later
Debian unstable (sid) glibc 2.2.5-12 or later
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.