lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080210212749.GA5712@galadriel.inutil.org>
Date: Sun, 10 Feb 2008 22:27:49 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1493-1] New sdl-image1.2 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1493-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
February 10, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : sdl-image1.2
Vulnerability  : buffer overflows
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-6697 CVE-2008-0554

Several local/remote vulnerabilities have been discovered in the image
loading library for the Simple DirectMedia Layer 1.2. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-6697

    Gynvael Coldwind discovered a buffer overflow in GIF image parsing,
    which could result in denial of service and potentially the
    execution of arbitrary code.

CVE-2008-0544

    It was discovered that a buffer overflow in IFF ILBM image parsing
    could result in denial of service and potentially the execution of
    arbitrary code.

For the stable distribution (etch), these problems have been fixed in
version 1.2.5-2etch1.

For the old stable distribution (sarge), these problems have been fixed
in version 1.2.4-1etch1. Due to a copy & paste error etch1 was appended
to the version number instead of "sarge1". Since the update is otherwise
technically correct, the update was not rebuild to the buildd network.

We recommend that you upgrade your sdl-image1.2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.diff.gz
    Size/MD5 checksum:    27202 0b364f0ccd1b55de86b64beafbebff7f
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.dsc
    Size/MD5 checksum:      695 6dfd0ce5e3c53237b0b25e4dd269a11a
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4.orig.tar.gz
    Size/MD5 checksum:   841885 70bf617f99e51a2c94550fc79d542f0b

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_alpha.deb
    Size/MD5 checksum:    33742 ea1ed76178284a1c6db541c965da37e4
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_alpha.deb
    Size/MD5 checksum:    43496 f545cac9be83710d7a9fa10b9a6aa3e6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_amd64.deb
    Size/MD5 checksum:    28126 42037dac0e93f401ac8dbbd7eb28db3f
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_amd64.deb
    Size/MD5 checksum:    33870 742423cedbaf791e44b9038cf55fb12f

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_arm.deb
    Size/MD5 checksum:    26854 6329107849651e11c8d4e4f556083d87
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_arm.deb
    Size/MD5 checksum:    32982 e94d20a7159fb861d46ebf3b4eeb1a3e

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_hppa.deb
    Size/MD5 checksum:    32766 ea20750007fc127575c809c3c5120670
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_hppa.deb
    Size/MD5 checksum:    37850 28508c01a54dbcdfcbc5976fb39d4e4e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_i386.deb
    Size/MD5 checksum:    31678 e4f87b2d32187aea3e3106acffba5110
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_i386.deb
    Size/MD5 checksum:    27288 edea4b5cee15f1541affd374d5fdc304

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_ia64.deb
    Size/MD5 checksum:    39306 71a0facbdffabd3fc3a2020441cdc77b
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_ia64.deb
    Size/MD5 checksum:    46542 d577243130ea99eeddb4aeb426065414

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_m68k.deb
    Size/MD5 checksum:    29560 e0090e37b0260ac763bfef2c1759a76f
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_m68k.deb
    Size/MD5 checksum:    25882 4c322c227336ab964455c3b0d68a886f

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_mips.deb
    Size/MD5 checksum:    28876 b06528c4868efe3611a8b619ffd1241a
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_mips.deb
    Size/MD5 checksum:    36434 d3d65379318c3bbb2404b7309b20e22c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_mipsel.deb
    Size/MD5 checksum:    36582 cb7b4d04063110328b56276aca575552
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_mipsel.deb
    Size/MD5 checksum:    28340 92e97c6067c2e081ff7cd11ecc302f2a

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_powerpc.deb
    Size/MD5 checksum:    35462 b51680ea32ee9efe1eb67b26dd282c5b
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_powerpc.deb
    Size/MD5 checksum:    30356 e2780564742a68fd237c52d3ca591675

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_s390.deb
    Size/MD5 checksum:    29724 44f41692b88e54c89f001eb641da045b
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_s390.deb
    Size/MD5 checksum:    34572 80ff11c08dfb385afa654d59d220f9c0

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_sparc.deb
    Size/MD5 checksum:    27324 8d628ae4aadb9e8547550950c7724719
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_sparc.deb
    Size/MD5 checksum:    32698 276764545f2061bf0cc3c93581a31bd0

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2etch1.dsc
    Size/MD5 checksum:      697 3bc3d9f30b1b3b064a0758707c9f529a
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2etch1.diff.gz
    Size/MD5 checksum:    11839 4d047dc5bd473328744bf6b54690aac9
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5.orig.tar.gz
    Size/MD5 checksum:  1308637 cd006109a73bf7dcc93e1c3ed15ee782

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_alpha.deb
    Size/MD5 checksum:    46998 9c4b787c36564cdddcc98a678affeac8
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_alpha.deb
    Size/MD5 checksum:    35490 8e01f0e140d6d9c5167e722f90f63be6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_amd64.deb
    Size/MD5 checksum:    37058 5e25a70eb917a4407698fcf511a533c3
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_amd64.deb
    Size/MD5 checksum:    30700 f41a209291ae16cbc43272dffe1c7f4c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_arm.deb
    Size/MD5 checksum:    34268 75758a0175f10b7e10c6c9dc636cbe34
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_arm.deb
    Size/MD5 checksum:    29788 e5ce3de520cc14b709683dd434ecc67a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_hppa.deb
    Size/MD5 checksum:    42552 436d43bbe0d6ef328f65b643c31418ea
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_hppa.deb
    Size/MD5 checksum:    35890 699cb6f27daef93bc7301a05d81189e6

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_i386.deb
    Size/MD5 checksum:    29444 32e784dbd2cfbd0afc2476193d1131b3
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_i386.deb
    Size/MD5 checksum:    34728 da84f94ddcf7ec2ab47dbb06eb49684f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_ia64.deb
    Size/MD5 checksum:    52748 ee132dc5a0c11dadd4b0651439977fb0
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_ia64.deb
    Size/MD5 checksum:    44258 979362312bbd6c74b958e64c0260cb15

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_mips.deb
    Size/MD5 checksum:    39682 59c1a37db7f2b00d00c147bf192326fc
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_mips.deb
    Size/MD5 checksum:    30852 2e84396e959e30dcb351c1491c373b8d

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_mipsel.deb
    Size/MD5 checksum:    30296 aaf0652957b85a3fe1e36c20d4e579cf
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_mipsel.deb
    Size/MD5 checksum:    39964 230aeba2046edf75c2628185a571ab82

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_powerpc.deb
    Size/MD5 checksum:    32100 ff8e8ae7529e7db919725b88ddccd854
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_powerpc.deb
    Size/MD5 checksum:    38376 bb73b0a97c0c6ae4449ef7f89a64987f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_s390.deb
    Size/MD5 checksum:    37328 aa5039ee034162df78699f43b763909e
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_s390.deb
    Size/MD5 checksum:    32018 56a95b04e9ead90b0abefdb27f1dcfe2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2etch1_sparc.deb
    Size/MD5 checksum:    35768 213ffe657a2db24c06eb0507530b4ef5
  http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2etch1_sparc.deb
    Size/MD5 checksum:    29352 d96dc5186f0b1547a7092a2a0a107001


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHr2v5Xm3vHE4uyloRAg6VAKDa2j4FE/UGOP+f+5DnVV6n7purbACgzhc9
0oielhuikTnXGfZv0ZF75sw=
=onOH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ