lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20061130085520.86B4FFD9A@finlandia.home.infodrom.org>
Date: Thu, 30 Nov 2006 09:55:20 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1221-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
November 30th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libgsf
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no

"infamous41md" discovered a heap buffer overflow vulnerability in
libgsf, a GNOME library for reading and writing structured file
formats, which could lead to the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 1.11.1-1sarge1

For the unstable distribution (sid) this problem has been fixed in
version 1.14.2-1

We recommend that you upgrade your libgsf packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.dsc
      Size/MD5 checksum:      837 bc96a9630b2605bdd8091a0f3f934f09
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.diff.gz
      Size/MD5 checksum:     7678 23aa764ba57e0ec811916b78bf986917
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1.orig.tar.gz
      Size/MD5 checksum:   572284 d3260e0411c3a972c4f5bf3f2d1fbdf3

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:   107854 37c60803868436da0effcaaac0eb3261
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:    84542 869400c0b10cab3e7a1e353091c15138
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:   211104 d80136fdc38edad9f97f2fc335a13c87
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:    42524 3c201fc969af6fc144ddfa9d308ca7d9
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:    10796 56f4a381eaadbc54ad5da1515fc02a28
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_alpha.deb
      Size/MD5 checksum:    50690 a134d813591188748c8237b76ca07eff

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:    95598 741f5e3cf1276c57a862c6c32989bf45
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:    72884 f1440dcac0f635ef12ecaf9321e19741
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:   172702 751adb98ffb3ae93b849c56bdfda3e35
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:    41496 5d8b547d18ec67bc74e577341e9127fe
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:    10274 c974e8cf41208991a4994274aed34cf4
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_amd64.deb
      Size/MD5 checksum:    47474 36ccd40752ff3e33d220494388e82ba3

  ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:    92054 81c8e51b0f1a565c2c7975ca00c54aef
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:    71122 4983eeffaa1ef96a18eabbb6eff072d6
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:   171650 addecc2d0f2e2e9b9e0973af85e4d6d5
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:    41006 7631c2c831ccb352ee3eaafa1ae08501
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:     9650 0bef0c46800914370452657c52827a7b
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_arm.deb
      Size/MD5 checksum:    47752 6446fcefbd64ec916cac67dd7629746d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:   109452 00cf9a2ea0ae3c7c77407ac31899f577
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:    87188 90c3ca91f8fadd35a892f94b975b4303
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:   184032 272c9099df0279b1da9eb533e64f4a8c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:    42832 a4270866dd0ee896a1754ec02fdea6a2
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:    11366 6af045e1bd59419b2abbd1a065e83263
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_hppa.deb
      Size/MD5 checksum:    48450 cfb513337e4b16dca1ae5b939739b02b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:    94438 b70e154e2bc349b763da552b36563c41
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:    71724 cc4fd9cd9e3150632fdb600f61926d16
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:   165774 75f1cda5fe58d7fa1e32e059ff56aa5c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:    41418 0462a3a69e5f6391f2d84609803af28c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:    10002 2296a2ef95208dd25b1245e5596fad8a
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_i386.deb
      Size/MD5 checksum:    47022 dad57213a389b1c396940c6420b2a6d3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:   120382 00ae4c44067d719530f10345b907b39d
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:    96808 219ae265d340982c4fcc625f0f4aac2e
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:   207722 321d9e0e5f245a1460934be4c53b3485
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:    44498 73ce9eb8ceb61f3eb5bdebc2f7fbd97a
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:    13112 7114570dd9b7d2ccae2482e8a9749836
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_ia64.deb
      Size/MD5 checksum:    50314 0e341aa4f2d297c21b50c07ea5b022e5

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:    93418 3241ab0596f2a1be8758b0df6f0b1b91
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:    70380 76e2fbd85c632cc917dbdd4631eaeab1
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:   159350 ad3e05a11cfc6950f5366e586af28c44
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:    41064 ccc2b9e4e7cd38f48d633c509b8359ba
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:     9520 13f4d5efeeb5033221455c053b52ef8e
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_m68k.deb
      Size/MD5 checksum:    46432 ba90a1e901880066827139232f828e41

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:    95486 47af6ae61145d336e6d67cb66572fa2c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:    71142 4d50bc59c572fb8de56626b17a96716c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:   181358 4680c5668264c0660f5915f5490a9862
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:    41328 e14b22945be8551fe477286239829702
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:     9502 a65d4536f7d5a7e217930f665acd1ce4
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mips.deb
      Size/MD5 checksum:    48412 062423f994430f2f458f72ff1c11aa60

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:    95064 12574be55cbd0f0d161d438eb3681132
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:    71040 2ef8b71ca0069594121861ea8f1cb138
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:   181248 5b1d0d0d255bd232630232b944c90de3
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:    41342 61d8b2256e13a2f42101eaaac777f147
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:     9534 090bc4a1110ad678cc31f878a7f625fe
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mipsel.deb
      Size/MD5 checksum:    48484 8e6b7e08584b30d39676e324e8d2f160

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:    97424 a5fe077b6c128e6d3707f54f25446793
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:    76080 80b8cfd0da0406e51e0650b31f6b855b
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:   175872 c8608277b96bc3b9fe1c9acab58df7f5
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:    42750 40d7d2fe820e4fe563ad45a52a993882
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:    12502 f67804ec2e5e233f6eba20a306c87d0f
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_powerpc.deb
      Size/MD5 checksum:    47456 67f2eab4c5e7626021e0203de6dd45b0

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:   104934 b4f495487d1d69c57bae68b1710c3c34
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:    82180 ce2e17b2cb7894fe75f70bf6c0e3e3c8
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:   179024 a117c2b0ff8c3ba57c950872d1dcbe63
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:    42410 1e4cd37bee40b3064120794ffa40ed61
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:    10518 6bf95840b71480e8a040bf7795af7bae
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_s390.deb
      Size/MD5 checksum:    47984 a8ffd9f03d9e884f1b919ef8e31a2ef0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:    95404 99a1f0843ed4865942a214b1f6cf5b2d
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:    72240 af4c9ac2d4fb67f66f27cb7e2effd99f
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:   168950 0848099749ef6395067268f3331b7da4
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:    41156 ade5d9a99a9140a319fd885cb48d8161
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:     9438 04f6af54df0a761be766ccab9deba73c
    http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_sparc.deb
      Size/MD5 checksum:    47262 97392dc7cab74baee5953c66d46fa894


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFbpx3W5ql+IAeqTIRAmdIAJ4swSvMHnGoYKup1+M3+slZIc6iUwCfWJOG
9DYwOfJuvD2MO0JWlSwAhnw=
=cZTc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ