lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1CRXSs-000puzC__3518.049469176$1100021555$gmane$org@finlandia.Infodrom.North.DE> Date: Tue, 9 Nov 2004 15:59:22 +0100 (CET) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 589-1 security@...ian.org http://www.debian.org/security/ Martin Schulze November 9th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libgd Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0990 BugTraq ID : 11523 "infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine. For the stable distribution (woody) these problems have been fixed in version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of libgd2. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libgd1 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc Size/MD5 checksum: 707 475a021c51d4a13211a211c17b1551f6 http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz Size/MD5 checksum: 8695 d208e651d9d7eef22fcfd27455335c26 http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz Size/MD5 checksum: 559248 813625508e31f5c205904a305bdc8669 Alpha architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb Size/MD5 checksum: 134716 18f7bb31f9c2df1876fcd43ee07cb317 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb Size/MD5 checksum: 133308 800918d9a4c773155bdc1328f8e46119 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb Size/MD5 checksum: 111812 6ac46129674d4377a65140a26c320f3b http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb Size/MD5 checksum: 111188 53f277a1a0b1cd239a42e2f3e9558338 ARM architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb Size/MD5 checksum: 123676 b73ca28de04f8eff9f2f2dc6200ae089 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb Size/MD5 checksum: 123162 2616147546687bef695eaecbe87cd5da http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb Size/MD5 checksum: 104214 ad6dfb3a678252b8aea3f1e942ed9e18 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb Size/MD5 checksum: 103616 b5ed245e0b10ce9248c69a362c0023f4 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb Size/MD5 checksum: 121132 5531183a357e500c3ec58f094caf6c89 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb Size/MD5 checksum: 120650 73aa302b99d761988c6be28a0b6a866a http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb Size/MD5 checksum: 104058 f2f25e0c784aa732d5f3a6941faf8d5e http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb Size/MD5 checksum: 103526 b315185c17011b5b061b2f660962c04d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb Size/MD5 checksum: 145576 57beb3ee63cfc0b0f959d8fe28ee73d8 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb Size/MD5 checksum: 144628 c5f3fc093c8f8b8ee02cbc4a434e072a http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb Size/MD5 checksum: 125622 59b992afcbfd47d9cf36a27e9e505472 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb Size/MD5 checksum: 124316 c506be2df33949840ab704c988509975 HP Precision architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb Size/MD5 checksum: 132100 6058fb1f80653f72e0adbce6fcfcb453 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb Size/MD5 checksum: 131300 eb08f0d6d0624e61f73315a4bf577a72 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb Size/MD5 checksum: 111508 7a64ea78b91c49de452ae08ad13508d5 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb Size/MD5 checksum: 110998 36efa25648536b0fc132ef8979dced21 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb Size/MD5 checksum: 119284 c82fb2b6d484d42a97c9f0449492ae39 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb Size/MD5 checksum: 118738 5409641a546bcc32425186e2c08460d7 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb Size/MD5 checksum: 102364 8df32eaca36695c625a640aa24c13bce http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb Size/MD5 checksum: 101906 e031bade76cf4ec424ba1e43f435b3fe Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb Size/MD5 checksum: 128900 9aa4a7d18cf202a32be6769266eafb27 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb Size/MD5 checksum: 128158 25a50011dde812a6850fbccb75aff32e http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb Size/MD5 checksum: 106426 f4cf28af2cb5191c7d352ead07184fea http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb Size/MD5 checksum: 105842 2132ce70ebf0c291b0b407ff73cea032 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb Size/MD5 checksum: 129090 73d06a669f116d6a748578995daff5e1 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb Size/MD5 checksum: 128270 32154086e87ddd24867be3ba9b95ecc5 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb Size/MD5 checksum: 106432 ed6fdd0570066c23e49c5da15d358aa8 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb Size/MD5 checksum: 105872 ff5c9599e2bece96cd180b5a622f6bf7 PowerPC architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb Size/MD5 checksum: 126418 406865e1b60c2c1d608b11f713a60db5 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb Size/MD5 checksum: 125524 ab9460c78e7ae3ccfcddfbbd8c842cce http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb Size/MD5 checksum: 106928 185e67aa0ac4eda2b06c6033f4faf6b3 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb Size/MD5 checksum: 106400 b1520aac55563125eb3abad8866c28a4 IBM S/390 architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb Size/MD5 checksum: 122502 13b4f35fd483d9503cb31f00907e3e41 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb Size/MD5 checksum: 121956 b81e27b20483ed0a4da783867fbcf7b5 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb Size/MD5 checksum: 106278 e7ebafa88cb575404ee952ca8a515423 http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb Size/MD5 checksum: 105686 152394d7f0ff8c6d42f9eb0d80fe7c21 Sun Sparc architecture: http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb Size/MD5 checksum: 123342 ae43cdd72272edac59d42717c4892024 http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb Size/MD5 checksum: 122820 ac87eae8ec44e4efb5ed241dc74b2b76 http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb Size/MD5 checksum: 104754 3d712ec702de16480f53424644ec78cd http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb Size/MD5 checksum: 104506 34360c4b52b08560e17af05c557c2fbe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD4DBQFBkNtJW5ql+IAeqTIRAi4RAJ4r0eqT3Gb0KLzFkE3NRO/roUm0eQCYoUc6 Ib9X1wgBiEUorNnwfqjY5w== =tDDj -----END PGP SIGNATURE-----