Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2012:087

Nom du paquet: nut
Date: 2012-06-05
Advisory ID: MDVSA-2012:087
Affected versions: MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been discovered and corrected in nut:

Buffer overflow in the addchar function in common/parseconf.c in upsd
in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to
execute arbitrary code or cause a denial of service (electric-power
outage) via a long string containing non-printable characters
(CVE-2012-2944).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 ef980671bc85dac89b46dad2a2e1b14a  mes5/i586/libupsclient1-2.2.2-5.1mdvmes5.2.i586.rpm
 d73eb5d8d367a8cec458ae8a1a61c96a  mes5/i586/nut-2.2.2-5.1mdvmes5.2.i586.rpm
 efa798b935af4bf96376e6106fb1f781  mes5/i586/nut-cgi-2.2.2-5.1mdvmes5.2.i586.rpm
 c25a2604afa95af813053a1815c5a646  mes5/i586/nut-devel-2.2.2-5.1mdvmes5.2.i586.rpm
 24863f77e389d32f840e6851eb36012a  mes5/i586/nut-drivers-hal-2.2.2-5.1mdvmes5.2.i586.rpm
 c1067cb506937f6dbecdb226fca2c81a  mes5/i586/nut-server-2.2.2-5.1mdvmes5.2.i586.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm

2010.1 i586

 8cbd141752ce14533a5bc1d15864c9c5  2010.1/i586/libupsclient1-2.4.3-3.1mdv2010.2.i586.rpm
 5f13bd68571684bb782452e4a94918f7  2010.1/i586/nut-2.4.3-3.1mdv2010.2.i586.rpm
 96929f5e6c561ec3c889bab305e0678e  2010.1/i586/nut-cgi-2.4.3-3.1mdv2010.2.i586.rpm
 da4abba96a5ea4b4acd1cff90d24a847  2010.1/i586/nut-devel-2.4.3-3.1mdv2010.2.i586.rpm
 f3f01ce23d67b4ad9c73be0f72d45843  2010.1/i586/nut-drivers-hal-2.4.3-3.1mdv2010.2.i586.rpm
 8844d3e280f4d63da440a574380f0c4c  2010.1/i586/nut-server-2.4.3-3.1mdv2010.2.i586.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

2011 x86_64

 ee6f90720c49111e6fa7a607b1145155  2011/x86_64/lib64upsclient1-2.6.1-1.1-mdv2011.0.x86_64.rpm
 f1857b0d0233eef29733fbc62774ecc5  2011/x86_64/nut-2.6.1-1.1-mdv2011.0.x86_64.rpm
 ebb6ae30d8143116b220e3feac15ef5f  2011/x86_64/nut-cgi-2.6.1-1.1-mdv2011.0.x86_64.rpm
 41ff265fd1e0c07eb99a0b26c2769054  2011/x86_64/nut-devel-2.6.1-1.1-mdv2011.0.x86_64.rpm
 571c5156b67adceae535366dbff546e3  2011/x86_64/nut-drivers-hal-2.6.1-1.1-mdv2011.0.x86_64.rpm
 a48526362c08d594c863fedaaeae7191  2011/x86_64/nut-server-2.6.1-1.1-mdv2011.0.x86_64.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

2011 i586

 762144bcc4db108ee2c876dfb3accebb  2011/i586/libupsclient1-2.6.1-1.1-mdv2011.0.i586.rpm
 b7859b2b9a9d5acd548abb212e5c2406  2011/i586/nut-2.6.1-1.1-mdv2011.0.i586.rpm
 51e2ec4f45b3510fee4834f83b3b77b0  2011/i586/nut-cgi-2.6.1-1.1-mdv2011.0.i586.rpm
 b840cf511a37b306c070f990fb213127  2011/i586/nut-devel-2.6.1-1.1-mdv2011.0.i586.rpm
 57f9d8d1de442865464ad2cd17fd0df9  2011/i586/nut-drivers-hal-2.6.1-1.1-mdv2011.0.i586.rpm
 503f841ba7e64f30bf6101bbb7419ea3  2011/i586/nut-server-2.6.1-1.1-mdv2011.0.i586.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

MES5 x86_64

 b4952c0ffba50afb28e4b435d9deb8aa  mes5/x86_64/lib64upsclient1-2.2.2-5.1mdvmes5.2.x86_64.rpm
 55949a3a2b812b12f4a98ed6dc790b5f  mes5/x86_64/nut-2.2.2-5.1mdvmes5.2.x86_64.rpm
 15f24161ebdc01d3c4b219d61cf6b1a7  mes5/x86_64/nut-cgi-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b28c19b992b16bb4c140e1ae1647822b  mes5/x86_64/nut-devel-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b06cf19cc277f57d40ac7140b8382017  mes5/x86_64/nut-drivers-hal-2.2.2-5.1mdvmes5.2.x86_64.rpm
 a3457f27ee58238a82dfce9881dd89bd  mes5/x86_64/nut-server-2.2.2-5.1mdvmes5.2.x86_64.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm

2010.1 x86_64

 1da8715f71ab61e4350ea6bc12b556ad  2010.1/x86_64/lib64upsclient1-2.4.3-3.1mdv2010.2.x86_64.rpm
 90a537da06e96771c41b29104fd18ba8  2010.1/x86_64/nut-2.4.3-3.1mdv2010.2.x86_64.rpm
 4f720efbaaccdf8fff50861bf4fb2f12  2010.1/x86_64/nut-cgi-2.4.3-3.1mdv2010.2.x86_64.rpm
 16e2dbedba405bc3d72348647c1593cd  2010.1/x86_64/nut-devel-2.4.3-3.1mdv2010.2.x86_64.rpm
 687c05b4549e0997525126021a35997c  2010.1/x86_64/nut-drivers-hal-2.4.3-3.1mdv2010.2.x86_64.rpm
 fbd32d6e4403bfc781b2efcfeb634038  2010.1/x86_64/nut-server-2.4.3-3.1mdv2010.2.x86_64.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2944