Paketname
silc-toolkit
Datum
2009-09-15
Advisory ID
MDVSA-2009:234-1
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and
SILC Client before 1.1.8, allow remote attackers to execute arbitrary
code via format string specifiers in a nickname field, related to the
(1) silc_client_add_client, (2) silc_client_update_client, and (3)
silc_client_nickname_format functions (CVE-2009-3051).

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows
remote attackers to overwrite a stack location and possibly execute
arbitrary code via a crafted OID value, related to incorrect use of
a %lu format string (CVE-2008-7159).

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in
the internal HTTP server in silcd in Secure Internet Live Conferencing
(SILC) Toolkit before 1.1.9 allows remote attackers to overwrite
a stack location and possibly execute arbitrary code via a crafted
Content-Length header, related to incorrect use of a %lu format string
(CVE-2008-7160).

Multiple format string vulnerabilities in lib/silcclient/command.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10,
and SILC Client 1.1.8 and earlier, allow remote attackers to execute
arbitrary code via format string specifiers in a channel name, related
to (1) silc_client_command_topic, (2) silc_client_command_kick,
(3) silc_client_command_leave, and (4) silc_client_command_users
(CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Update:

Packages for MES5 was not provided previousely, this update addresses
this problem.

Aktualisierte Pakete

MES5 i586

 a800a8c69a356ca40c50b04d7322c9ee  mes5/i586/libsilc1.1_2-1.1.7-4.1mdvmes5.i586.rpm
 317fdb3af9d4d65540756f5737159e20  mes5/i586/libsilcclient1.1_2-1.1.7-4.1mdvmes5.i586.rpm
 1e4df0e247b1b607d1a6382e45ce8f4b  mes5/i586/silc-toolkit-1.1.7-4.1mdvmes5.i586.rpm
 a677c19630f8102c9ab33c0e59b97f89  mes5/i586/silc-toolkit-devel-1.1.7-4.1mdvmes5.i586.rpm 
 b7e35b6e6252ab194db2b8ff2a0d2f92  mes5/SRPMS/silc-toolkit-1.1.7-4.1mdvmes5.src.rpm

MES5 x86_64

 38705859cd40b455bf1d4e48e2cd5791  mes5/x86_64/lib64silc1.1_2-1.1.7-4.1mdvmes5.x86_64.rpm
 097e9e1258f2f350547aca8b20d1f442  mes5/x86_64/lib64silcclient1.1_2-1.1.7-4.1mdvmes5.x86_64.rpm
 b4fa6915dd6053d7883ca7052fc46bca  mes5/x86_64/silc-toolkit-1.1.7-4.1mdvmes5.x86_64.rpm
 b410774b1e725efaac52bad52136f134  mes5/x86_64/silc-toolkit-devel-1.1.7-4.1mdvmes5.x86_64.rpm 
 b7e35b6e6252ab194db2b8ff2a0d2f92  mes5/SRPMS/silc-toolkit-1.1.7-4.1mdvmes5.src.rpm

Referenzen