[SECURITY] [DSA 2576-1] trousers security update

2012-11-2306:27:58

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.151 Low

EPSS

Percentile

95.8%

JSON

Debian Security Advisory DSA-2576-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
November 23, 2012 http://www.debian.org/security/faq

Package : trousers
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE ID : CVE-2012-0698
Debian Bug : 692649

Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a
of input validation. Using carefully crafted input, it can lead to a denial of
service by making the daemon crash with a segmentation fault.

For the stable distribution (squeeze), this problem has been fixed in
version 0.3.5-2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 0.3.9-1.

For the unstable distribution (sid), this problem has been fixed in
version 0.3.9-1.

We recommend that you upgrade your trousers packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6s390libtspi-dev< 0.3.5-2+squeeze1libtspi-dev_0.3.5-2+squeeze1_s390.deb
Debian6i386libtspi-dev< 0.3.5-2+squeeze1libtspi-dev_0.3.5-2+squeeze1_i386.deb
Debian6mipsellibtspi1< 0.3.5-2+squeeze1libtspi1_0.3.5-2+squeeze1_mipsel.deb
Debian6i386trousers< 0.3.5-2+squeeze1trousers_0.3.5-2+squeeze1_i386.deb
Debian6kfreebsd-amd64libtspi1< 0.3.5-2+squeeze1libtspi1_0.3.5-2+squeeze1_kfreebsd-amd64.deb
Debian6mipstrousers< 0.3.5-2+squeeze1trousers_0.3.5-2+squeeze1_mips.deb
Debian6amd64trousers< 0.3.5-2+squeeze1trousers_0.3.5-2+squeeze1_amd64.deb
Debian6mipslibtspi1< 0.3.5-2+squeeze1libtspi1_0.3.5-2+squeeze1_mips.deb
Debian6sparctrousers-dbg< 0.3.5-2+squeeze1trousers-dbg_0.3.5-2+squeeze1_sparc.deb
Debian6powerpclibtspi-dev< 0.3.5-2+squeeze1libtspi-dev_0.3.5-2+squeeze1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	s390	libtspi-dev	< 0.3.5-2+squeeze1	libtspi-dev_0.3.5-2+squeeze1_s390.deb
Debian	6	i386	libtspi-dev	< 0.3.5-2+squeeze1	libtspi-dev_0.3.5-2+squeeze1_i386.deb
Debian	6	mipsel	libtspi1	< 0.3.5-2+squeeze1	libtspi1_0.3.5-2+squeeze1_mipsel.deb
Debian	6	i386	trousers	< 0.3.5-2+squeeze1	trousers_0.3.5-2+squeeze1_i386.deb
Debian	6	kfreebsd-amd64	libtspi1	< 0.3.5-2+squeeze1	libtspi1_0.3.5-2+squeeze1_kfreebsd-amd64.deb
Debian	6	mips	trousers	< 0.3.5-2+squeeze1	trousers_0.3.5-2+squeeze1_mips.deb
Debian	6	amd64	trousers	< 0.3.5-2+squeeze1	trousers_0.3.5-2+squeeze1_amd64.deb
Debian	6	mips	libtspi1	< 0.3.5-2+squeeze1	libtspi1_0.3.5-2+squeeze1_mips.deb
Debian	6	sparc	trousers-dbg	< 0.3.5-2+squeeze1	trousers-dbg_0.3.5-2+squeeze1_sparc.deb
Debian	6	powerpc	libtspi-dev	< 0.3.5-2+squeeze1	libtspi-dev_0.3.5-2+squeeze1_powerpc.deb