Paketname
silc-toolkit
Datum
2009-09-15
Advisory ID
MDVSA-2009:234
Betroffene Versionen
2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and
SILC Client before 1.1.8, allow remote attackers to execute arbitrary
code via format string specifiers in a nickname field, related to the
(1) silc_client_add_client, (2) silc_client_update_client, and (3)
silc_client_nickname_format functions (CVE-2009-3051).

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows
remote attackers to overwrite a stack location and possibly execute
arbitrary code via a crafted OID value, related to incorrect use of
a %lu format string (CVE-2008-7159).

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in
the internal HTTP server in silcd in Secure Internet Live Conferencing
(SILC) Toolkit before 1.1.9 allows remote attackers to overwrite
a stack location and possibly execute arbitrary code via a crafted
Content-Length header, related to incorrect use of a %lu format string
(CVE-2008-7160).

Multiple format string vulnerabilities in lib/silcclient/command.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10,
and SILC Client 1.1.8 and earlier, allow remote attackers to execute
arbitrary code via format string specifiers in a channel name, related
to (1) silc_client_command_topic, (2) silc_client_command_kick,
(3) silc_client_command_leave, and (4) silc_client_command_users
(CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Aktualisierte Pakete

2009.0 x86_64

 73263068f0eb8d4037034567db5ff43d  2009.0/x86_64/lib64silc1.1_2-1.1.7-4.1mdv2009.0.x86_64.rpm
 7ce3e4a79ea9faec5ec86e89ec5f4f15  2009.0/x86_64/lib64silcclient1.1_2-1.1.7-4.1mdv2009.0.x86_64.rpm
 4add52e5db6d96857c30e1fd63ce762e  2009.0/x86_64/silc-toolkit-1.1.7-4.1mdv2009.0.x86_64.rpm
 0f2ca05679394a15a60446ffb8940e96  2009.0/x86_64/silc-toolkit-devel-1.1.7-4.1mdv2009.0.x86_64.rpm 
 240bb82b87ea0a1f0006d9e3c4cae160  2009.0/SRPMS/silc-toolkit-1.1.7-4.1mdv2009.0.src.rpm

2009.0 i586

 064f9c8a43887f645a57402a66fe6b35  2009.0/i586/libsilc1.1_2-1.1.7-4.1mdv2009.0.i586.rpm
 ff861bb97055cccbf102925c1b06fb45  2009.0/i586/libsilcclient1.1_2-1.1.7-4.1mdv2009.0.i586.rpm
 f4220d91c0ab2579e2cd0c80691a9cec  2009.0/i586/silc-toolkit-1.1.7-4.1mdv2009.0.i586.rpm
 6442114abe267e2704ff5392c019ddb4  2009.0/i586/silc-toolkit-devel-1.1.7-4.1mdv2009.0.i586.rpm 
 240bb82b87ea0a1f0006d9e3c4cae160  2009.0/SRPMS/silc-toolkit-1.1.7-4.1mdv2009.0.src.rpm

2008.1 x86_64

 fd0ea04815c2f90f50fa61ad56a38602  2008.1/x86_64/lib64silc1.1_2-1.1.7-2.2mdv2008.1.x86_64.rpm
 44c2c3af3eb96b76828f48af6efde8f8  2008.1/x86_64/lib64silcclient1.1_2-1.1.7-2.2mdv2008.1.x86_64.rpm
 3934e4b2b0cd45957c3fb40000ee7c70  2008.1/x86_64/silc-toolkit-1.1.7-2.2mdv2008.1.x86_64.rpm
 d95db7e0ac6ff5e48b5861e0c29ab486  2008.1/x86_64/silc-toolkit-devel-1.1.7-2.2mdv2008.1.x86_64.rpm 
 4b63bf7ecedbf2741f562200c3a0721b  2008.1/SRPMS/silc-toolkit-1.1.7-2.2mdv2008.1.src.rpm

2008.1 i586

 3b8a40541dbec2f0740103179d14b7de  2008.1/i586/libsilc1.1_2-1.1.7-2.2mdv2008.1.i586.rpm
 6f43e4ebe0d928e48212378211a30b9b  2008.1/i586/libsilcclient1.1_2-1.1.7-2.2mdv2008.1.i586.rpm
 7213023ef107419e014d316680595268  2008.1/i586/silc-toolkit-1.1.7-2.2mdv2008.1.i586.rpm
 552759cd69938394b85bd8860f19d26b  2008.1/i586/silc-toolkit-devel-1.1.7-2.2mdv2008.1.i586.rpm 
 4b63bf7ecedbf2741f562200c3a0721b  2008.1/SRPMS/silc-toolkit-1.1.7-2.2mdv2008.1.src.rpm

Referenzen