[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20061130085520.86B4FFD9A@finlandia.home.infodrom.org>
Date: Thu, 30 Nov 2006 09:55:20 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1221-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
November 30th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libgsf
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
"infamous41md" discovered a heap buffer overflow vulnerability in
libgsf, a GNOME library for reading and writing structured file
formats, which could lead to the execution of arbitrary code.
For the stable distribution (sarge) this problem has been fixed in
version 1.11.1-1sarge1
For the unstable distribution (sid) this problem has been fixed in
version 1.14.2-1
We recommend that you upgrade your libgsf packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.dsc
Size/MD5 checksum: 837 bc96a9630b2605bdd8091a0f3f934f09
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.diff.gz
Size/MD5 checksum: 7678 23aa764ba57e0ec811916b78bf986917
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1.orig.tar.gz
Size/MD5 checksum: 572284 d3260e0411c3a972c4f5bf3f2d1fbdf3
Alpha architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 107854 37c60803868436da0effcaaac0eb3261
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 84542 869400c0b10cab3e7a1e353091c15138
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 211104 d80136fdc38edad9f97f2fc335a13c87
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 42524 3c201fc969af6fc144ddfa9d308ca7d9
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 10796 56f4a381eaadbc54ad5da1515fc02a28
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum: 50690 a134d813591188748c8237b76ca07eff
AMD64 architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 95598 741f5e3cf1276c57a862c6c32989bf45
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 72884 f1440dcac0f635ef12ecaf9321e19741
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 172702 751adb98ffb3ae93b849c56bdfda3e35
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 41496 5d8b547d18ec67bc74e577341e9127fe
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 10274 c974e8cf41208991a4994274aed34cf4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum: 47474 36ccd40752ff3e33d220494388e82ba3
ARM architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 92054 81c8e51b0f1a565c2c7975ca00c54aef
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 71122 4983eeffaa1ef96a18eabbb6eff072d6
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 171650 addecc2d0f2e2e9b9e0973af85e4d6d5
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 41006 7631c2c831ccb352ee3eaafa1ae08501
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 9650 0bef0c46800914370452657c52827a7b
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_arm.deb
Size/MD5 checksum: 47752 6446fcefbd64ec916cac67dd7629746d
HP Precision architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 109452 00cf9a2ea0ae3c7c77407ac31899f577
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 87188 90c3ca91f8fadd35a892f94b975b4303
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 184032 272c9099df0279b1da9eb533e64f4a8c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 42832 a4270866dd0ee896a1754ec02fdea6a2
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 11366 6af045e1bd59419b2abbd1a065e83263
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum: 48450 cfb513337e4b16dca1ae5b939739b02b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 94438 b70e154e2bc349b763da552b36563c41
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 71724 cc4fd9cd9e3150632fdb600f61926d16
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 165774 75f1cda5fe58d7fa1e32e059ff56aa5c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 41418 0462a3a69e5f6391f2d84609803af28c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 10002 2296a2ef95208dd25b1245e5596fad8a
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_i386.deb
Size/MD5 checksum: 47022 dad57213a389b1c396940c6420b2a6d3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 120382 00ae4c44067d719530f10345b907b39d
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 96808 219ae265d340982c4fcc625f0f4aac2e
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 207722 321d9e0e5f245a1460934be4c53b3485
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 44498 73ce9eb8ceb61f3eb5bdebc2f7fbd97a
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 13112 7114570dd9b7d2ccae2482e8a9749836
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum: 50314 0e341aa4f2d297c21b50c07ea5b022e5
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 93418 3241ab0596f2a1be8758b0df6f0b1b91
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 70380 76e2fbd85c632cc917dbdd4631eaeab1
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 159350 ad3e05a11cfc6950f5366e586af28c44
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 41064 ccc2b9e4e7cd38f48d633c509b8359ba
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 9520 13f4d5efeeb5033221455c053b52ef8e
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum: 46432 ba90a1e901880066827139232f828e41
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 95486 47af6ae61145d336e6d67cb66572fa2c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 71142 4d50bc59c572fb8de56626b17a96716c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 181358 4680c5668264c0660f5915f5490a9862
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 41328 e14b22945be8551fe477286239829702
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 9502 a65d4536f7d5a7e217930f665acd1ce4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mips.deb
Size/MD5 checksum: 48412 062423f994430f2f458f72ff1c11aa60
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 95064 12574be55cbd0f0d161d438eb3681132
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 71040 2ef8b71ca0069594121861ea8f1cb138
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 181248 5b1d0d0d255bd232630232b944c90de3
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 41342 61d8b2256e13a2f42101eaaac777f147
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 9534 090bc4a1110ad678cc31f878a7f625fe
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum: 48484 8e6b7e08584b30d39676e324e8d2f160
PowerPC architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 97424 a5fe077b6c128e6d3707f54f25446793
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 76080 80b8cfd0da0406e51e0650b31f6b855b
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 175872 c8608277b96bc3b9fe1c9acab58df7f5
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 42750 40d7d2fe820e4fe563ad45a52a993882
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 12502 f67804ec2e5e233f6eba20a306c87d0f
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum: 47456 67f2eab4c5e7626021e0203de6dd45b0
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 104934 b4f495487d1d69c57bae68b1710c3c34
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 82180 ce2e17b2cb7894fe75f70bf6c0e3e3c8
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 179024 a117c2b0ff8c3ba57c950872d1dcbe63
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 42410 1e4cd37bee40b3064120794ffa40ed61
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 10518 6bf95840b71480e8a040bf7795af7bae
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_s390.deb
Size/MD5 checksum: 47984 a8ffd9f03d9e884f1b919ef8e31a2ef0
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 95404 99a1f0843ed4865942a214b1f6cf5b2d
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 72240 af4c9ac2d4fb67f66f27cb7e2effd99f
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 168950 0848099749ef6395067268f3331b7da4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 41156 ade5d9a99a9140a319fd885cb48d8161
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 9438 04f6af54df0a761be766ccab9deba73c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum: 47262 97392dc7cab74baee5953c66d46fa894
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFbpx3W5ql+IAeqTIRAmdIAJ4swSvMHnGoYKup1+M3+slZIc6iUwCfWJOG
9DYwOfJuvD2MO0JWlSwAhnw=
=cZTc
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists