lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1EVSic-000p6FC@finlandia.Infodrom.North.DE> Date: Fri Oct 28 12:57:23 2005 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 878-1] New netpbm-free packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 878-1 security@...ian.org http://www.debian.org/security/ Martin Schulze October 28th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : netpbm-free Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2005-2978 A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file. The old stable distribution (woody) it not vulnerable to this problem. For the stable distribution (sarge) this problem has been fixed in version 10.0-8sarge1. For the unstable distribution (sid) this problem has been fixed in version 10.0-10. We recommend that you upgrade your netpbm-free packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.dsc Size/MD5 checksum: 749 826066a252124fc16f23cd484665a46f http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.diff.gz Size/MD5 checksum: 44864 f797c3b500fc5255c3624973bce9b1c1 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d Alpha architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_alpha.deb Size/MD5 checksum: 82612 e3808e3b400840d9a9cb6397f85bfe8e http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_alpha.deb Size/MD5 checksum: 145896 57d3e7b0d77e72c94812affa8f55d5fe http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_alpha.deb Size/MD5 checksum: 91526 a14de5dcfb2aa0698b25be38a656f036 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_alpha.deb Size/MD5 checksum: 146312 cd518afd280793edf6de1642fe0bf131 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_alpha.deb Size/MD5 checksum: 1594754 8358e104e61d84614726d16db7d7dd44 AMD64 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_amd64.deb Size/MD5 checksum: 68698 3f7cea0750ef84bc28b71e549d2a236b http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_amd64.deb Size/MD5 checksum: 117940 e555e5219445a1513e08b9dd74f33be8 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_amd64.deb Size/MD5 checksum: 77070 4072597c94858e3dc55d402a6a892e2b http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_amd64.deb Size/MD5 checksum: 118338 c9ed97f95be1f82f15ab7ea55f660c7d http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_amd64.deb Size/MD5 checksum: 1277348 76f9a183926dc8147c8a3e534b13cff5 ARM architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_arm.deb Size/MD5 checksum: 61762 f09e9f6e310df8460df5c24956410557 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_arm.deb Size/MD5 checksum: 114576 988371fd7acc8124d58220c0e41f715c http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_arm.deb Size/MD5 checksum: 68828 f0ccd0d9dbc5167ca98bafdae9d0e281 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_arm.deb Size/MD5 checksum: 115000 9afda9b7e72927c8777b12d89e9cd5e2 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_arm.deb Size/MD5 checksum: 1226590 6deb64cdaf7dca0b6806051cc2413d85 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_i386.deb Size/MD5 checksum: 64900 e67ed2af944bf6bf1f47c6273882e1e4 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_i386.deb Size/MD5 checksum: 110486 3e8778e39067e37f596aff3825ce4f20 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_i386.deb Size/MD5 checksum: 71980 e4317b8c78c8ecf616aa4a88663efff7 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_i386.deb Size/MD5 checksum: 110670 7554a1753416b9f8181bf1e901db1d37 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_i386.deb Size/MD5 checksum: 1199370 89b92c6db1e1c83ba67b0526af83202c Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_ia64.deb Size/MD5 checksum: 96404 0dd071bd6d8e23fd0410bc019e4af21c http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_ia64.deb Size/MD5 checksum: 154604 139421c3ff9e1d0452acd95527881c80 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_ia64.deb Size/MD5 checksum: 107152 e6c29a86515968c3e25dd5dac02cdcbe http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_ia64.deb Size/MD5 checksum: 154944 d86ac4d3a299478611987df9b3f5c3f5 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_ia64.deb Size/MD5 checksum: 1816258 88b2d95305265f79a79ae6fcc83d2e2f HP Precision architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_hppa.deb Size/MD5 checksum: 77906 64dc5c615e2e08eea14e63ed0d2c7d64 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_hppa.deb Size/MD5 checksum: 128022 631e0454bc5b6af236ea5e5367a517a8 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_hppa.deb Size/MD5 checksum: 88550 d8f28ec0ead7cff9a102b4a33f4ddceb http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_hppa.deb Size/MD5 checksum: 128476 d692c9ae37b89cba726d562da1fc67fe http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_hppa.deb Size/MD5 checksum: 1410098 20a2a03d36bdda73a41046f381024997 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_m68k.deb Size/MD5 checksum: 62220 5a6bdfef95705506b487e0bd714461a7 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_m68k.deb Size/MD5 checksum: 105320 ef901e9253a91724f49bbd89dca76858 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_m68k.deb Size/MD5 checksum: 69546 edbeff4a313dbada606d02b689ce7340 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_m68k.deb Size/MD5 checksum: 105552 2239fe471e08a1723b2dbc8a880598f3 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_m68k.deb Size/MD5 checksum: 1118998 22ca4cce7c7cea705a13469aa8741d93 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mips.deb Size/MD5 checksum: 68632 fa668ac909987ae3a67962c71d7e89fc http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mips.deb Size/MD5 checksum: 119972 4fdf6339e9a93dc3774c0f24d2cc20df http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mips.deb Size/MD5 checksum: 75434 688b39e02e20b00e69a9d4a5ddb522d5 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mips.deb Size/MD5 checksum: 120324 9988fa00dce2d70433a79455e410753b http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mips.deb Size/MD5 checksum: 1671124 f43bfd87357a69ce2a895c419b5add32 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mipsel.deb Size/MD5 checksum: 68336 3557cfcf06a048a93ce5908110c03bf5 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mipsel.deb Size/MD5 checksum: 120066 b7aebf7f19258394dd033d3d3a355ab7 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mipsel.deb Size/MD5 checksum: 75096 2c9fde50576a752ade83a481febd97d4 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mipsel.deb Size/MD5 checksum: 120386 ea894ecc6f93e16ad3e1fc4eb3f4f08e http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mipsel.deb Size/MD5 checksum: 1677952 4a1cc9f74dc560332ce416344cc19154 PowerPC architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_powerpc.deb Size/MD5 checksum: 71068 00d0741c15434913e71d01e51e2e0c6d http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_powerpc.deb Size/MD5 checksum: 123548 f38add811d922e9dbfe76eab00926bb5 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_powerpc.deb Size/MD5 checksum: 83270 963f88dcb0f361088546b88b83500dec http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_powerpc.deb Size/MD5 checksum: 123850 6cfab6f90e89eda61e4c2bbf2043e74b http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_powerpc.deb Size/MD5 checksum: 1521270 1f73b1be18a046983600647ff5b18510 IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_s390.deb Size/MD5 checksum: 70380 958181f098270add6a248c92e928bcdd http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_s390.deb Size/MD5 checksum: 115142 f4917540d6d715bc7f529ebd43a4670b http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_s390.deb Size/MD5 checksum: 77554 8a5317a38dbf79861398e3397b22f980 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_s390.deb Size/MD5 checksum: 115594 3cfc3d5c01ff2d31f24cbb3ae9d0fe6d http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_s390.deb Size/MD5 checksum: 1256716 e7aa9837a78d34e795047737e3a2485b Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_sparc.deb Size/MD5 checksum: 67686 5be787ff8cc66de7eaa152485696661c http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_sparc.deb Size/MD5 checksum: 117226 4944608ebfae97bac7f6ef35f2931faa http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_sparc.deb Size/MD5 checksum: 74430 6db0f77ce24aa7df0c4d5cf3306fd837 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_sparc.deb Size/MD5 checksum: 117610 7a4293464c5613cb4ec32c720c2c7295 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_sparc.deb Size/MD5 checksum: 1279266 69bde0791094cfc352d5b5dc8d3680c6 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDYhAFW5ql+IAeqTIRAlEbAKCCG7JwEVQkBNdPSa4McyFS81OZsgCeMWTl wq+GPf10qiBirvw50xjU3sM= =qrEK -----END PGP SIGNATURE-----