DSA-035-1 man2html -- remote denial of service

Debian Security Advisory

DSA-035-1 man2html -- remote denial of service

Date Reported:

07 Mar 2001

Affected Packages:

man2html

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 28024, Bug 78195.
In Mitre's CVE dictionary: CVE-2001-0457.

More information:

It has been reported that one can tweak man2html remotely into consuming all available memory. This has been fixed by Nicolás Lichtmaier with help of Stephan Kulow.

We recommend you upgrade your man2html package immediately.

Fixed in:

Debian 2.2 (potato)

Source:

http://security.debian.org/dists/stable/updates/main/source/man2html_1.5.orig.tar.gz

http://security.debian.org/dists/stable/updates/main/source/man2html_1.5-23.dsc

http://security.debian.org/dists/stable/updates/main/source/man2html_1.5-23.diff.gz

alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/man2html_1.5-23_alpha.deb

arm:

http://security.debian.org/dists/stable/updates/main/binary-arm/man2html_1.5-23_arm.deb

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/man2html_1.5-23_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/man2html_1.5-23_m68k.deb

powerpc:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/man2html_1.5-23_powerpc.deb

sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/man2html_1.5-23_sparc.deb