lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1CYnuH-000ohlC__7601.65043543584$1101778034$gmane$org@finlandia.Infodrom.North.DE> Date: Mon, 29 Nov 2004 16:57:41 +0100 (CET) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 602-1 security@...ian.org http://www.debian.org/security/ Martin Schulze November 29th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libgd2 Vulnerability : integer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0941 CAN-2004-0990 More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 591. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine. For the stable distribution (woody) these problems have been fixed in version 2.0.1-10woody2. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libgd2 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.dsc Size/MD5 checksum: 705 1d2cc9219ddb2b7aa2966529cf3bc9a7 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.diff.gz Size/MD5 checksum: 9617 1086d76096e77001fbba0f2a1c6059a8 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz Size/MD5 checksum: 436945 43af994a97f3300a1165ca4888176ece Alpha architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_alpha.deb Size/MD5 checksum: 19612 d8e0f6c33ded095632f70bceff42c902 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_alpha.deb Size/MD5 checksum: 134116 337b21a9138da8f5b9ba1b4ccf4760d0 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_alpha.deb Size/MD5 checksum: 161990 e48689243cb8cf857aff43f54766b83f http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_alpha.deb Size/MD5 checksum: 133478 7635ffe6ed708c1d12ff0aec06cbf1f8 ARM architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_arm.deb Size/MD5 checksum: 16678 9d87fe62796182b01405f09ef4031811 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_arm.deb Size/MD5 checksum: 123176 b2684677aa60a8def6a771a3602d3c12 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_arm.deb Size/MD5 checksum: 150024 a046e85434b31854f1f5c997e9c3ea27 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_arm.deb Size/MD5 checksum: 122514 033146ae522a41a8efdca70f7dc3ecfb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_i386.deb Size/MD5 checksum: 16556 c0c113933c4bb677f4763689942bde11 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_i386.deb Size/MD5 checksum: 122904 ea468d664be2a7672f4c5856ef953f56 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_i386.deb Size/MD5 checksum: 144664 74eebdfad50dec6c551ca6409646b8e0 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_i386.deb Size/MD5 checksum: 122354 b1e823ea997b3665e28dcd5df5d565f0 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_ia64.deb Size/MD5 checksum: 19884 1a2a378fa128e54aab768e40c4e8cc17 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_ia64.deb Size/MD5 checksum: 151472 6b8055f52467d9c43e38f444dd731c89 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_ia64.deb Size/MD5 checksum: 177078 27c0631cef98d8602dfed8b772c2450a http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_ia64.deb Size/MD5 checksum: 150532 fb9c8afc9b895967ba3cae6ff2b74452 HP Precision architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_hppa.deb Size/MD5 checksum: 17726 beb91da619465a73ab4fc90935f86108 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_hppa.deb Size/MD5 checksum: 134078 e99fe164ac8cc74d6c4c9c0d1ecc541a http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_hppa.deb Size/MD5 checksum: 158574 2f0566bb2871a391495e42627d7e705a http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_hppa.deb Size/MD5 checksum: 133518 2e55dadfe4ea416b0ec74c20680a06eb Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_m68k.deb Size/MD5 checksum: 16438 a863dc05c5565f5359881fcc49040aeb http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_m68k.deb Size/MD5 checksum: 119870 fe27169e9dc7b3e9413e1f4ebdf9b02b http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_m68k.deb Size/MD5 checksum: 141724 70e95f0f20d21c495bdfc8d4dced972d http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_m68k.deb Size/MD5 checksum: 119350 152b2d46cf82c97d75bc9ccf51e6ecc6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mips.deb Size/MD5 checksum: 16444 a152fba2273b6b54ae18448ae67392c2 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mips.deb Size/MD5 checksum: 126318 bb4e835619a3443300586605f16fe4af http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mips.deb Size/MD5 checksum: 155760 002ce559170228161da9caffaf776741 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mips.deb Size/MD5 checksum: 125662 88899f0ae15e1ea2a11fcde9dcab0f4f Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mipsel.deb Size/MD5 checksum: 16368 e344c32a505c139e9789adabddb1c986 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mipsel.deb Size/MD5 checksum: 126540 6f260950974335ad39c57c4350e50b61 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mipsel.deb Size/MD5 checksum: 155890 c8c4dc6d12355235c14e6ede8011e259 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mipsel.deb Size/MD5 checksum: 125878 016b32057da5be715b5ebf7c5b5357a4 PowerPC architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_powerpc.deb Size/MD5 checksum: 16890 308133d8ad1da9f48ec94a3f08e70e8f http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_powerpc.deb Size/MD5 checksum: 126636 d7690253a70b57bdc0169209b4fd7561 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_powerpc.deb Size/MD5 checksum: 152556 65d26bd5c7ef02258bb2b06a28328699 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_powerpc.deb Size/MD5 checksum: 125914 55f702e8918e631c1dfb72f1932624f4 IBM S/390 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_s390.deb Size/MD5 checksum: 17718 e38089edf1722e2cda69ace4423f1fce http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_s390.deb Size/MD5 checksum: 126340 bbd375aeda1a9a0caca229c152efcd8e http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_s390.deb Size/MD5 checksum: 147102 42d0dc54e0b4b75734b81d5f7c608fc6 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_s390.deb Size/MD5 checksum: 125702 8e131f35632284e63eb28ed880a63920 Sun Sparc architecture: http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_sparc.deb Size/MD5 checksum: 16810 63fd97e9700109cfe69266d49bb47472 http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_sparc.deb Size/MD5 checksum: 125274 d3055730f788964a930308d6be184b4d http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_sparc.deb Size/MD5 checksum: 148672 16373aa1fe4f1afcf4e4244910b3bb4f http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_sparc.deb Size/MD5 checksum: 124302 ee59db0d17b4222018c166805d02d2b8 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBq0b1W5ql+IAeqTIRAhlJAJ9otS96on/CoR8GqTbhcaiWE32YewCfWK+F XP5DUA10O4828fwRWuRiF34= =YsrM -----END PGP SIGNATURE-----