lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090507162133.GA8784@ngolde.de>
Date: Thu, 7 May 2009 18:21:33 +0200
From: Nico Golde <nion@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1796-1] New libwmf packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1796-1                    security@...ian.org
http://www.debian.org/security/                                 Nico Golde
April 7th, 2009                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libwmf
Vulnerability  : pointer use-after-free
Problem type   : local (remote)
Debian-specific: no
Debian bug     : 526434
CVE ID         : CVE-2009-1364


Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed.  An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.


For the oldstable distribution (etch), this problem has been fixed in
version 0.2.8.4-2+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 0.2.8.4-6+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.4-6.1.


We recommend that you upgrade your libwmf packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.diff.gz
    Size/MD5 checksum:     7644 2b4fed248a00761fd52d0121b1a85bc3
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.dsc
    Size/MD5 checksum:      777 3cee5266c519e54d0da6af8e7bfce4fb
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
    Size/MD5 checksum:  2169375 d1177739bf1ceb07f57421f0cee191e0

Architecture independent packages:

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-2+etch1_all.deb
    Size/MD5 checksum:   285000 dad2e5a29f12e8eb1044aa0e8711f9ca

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_alpha.deb
    Size/MD5 checksum:    20778 cb687c76275147f88647cc66432c7e19
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_alpha.deb
    Size/MD5 checksum:   266074 b339918318e45eb257f17a118189ce84
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_alpha.deb
    Size/MD5 checksum:   202096 d17c7648e7a36c487cc350a2337a9895

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_amd64.deb
    Size/MD5 checksum:    18236 c297e08f3ef5b051539e953e86c079ef
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_amd64.deb
    Size/MD5 checksum:   181534 84d6098d1c8664b140af1133a2131a21
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_amd64.deb
    Size/MD5 checksum:   207970 38bb87b9709162127b1781f1f94faabd

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_arm.deb
    Size/MD5 checksum:    17282 babef9667a9f4b08caefd35768a3a46d
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_arm.deb
    Size/MD5 checksum:   193728 e746d7645a15cd86949b100cdf45b40d
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_arm.deb
    Size/MD5 checksum:   171004 5a3619cbce2f2a5c372b95264b89deeb

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_hppa.deb
    Size/MD5 checksum:   233692 cd29f5b00baf76ff13024fbb86f6d9e3
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_hppa.deb
    Size/MD5 checksum:   199222 8065d7a00098dc8369db734a05b9c17f
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_hppa.deb
    Size/MD5 checksum:    20012 248ff058981781eb05dd840e267be350

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_i386.deb
    Size/MD5 checksum:    16972 6c9b82eb6ec8bae312e3b9560287f128
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_i386.deb
    Size/MD5 checksum:   173774 574bd6bfae2c31dd6b327adbc3f8198e
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_i386.deb
    Size/MD5 checksum:   196458 fd9303e305f980531f7189bde27cf9d2

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_ia64.deb
    Size/MD5 checksum:   302452 52a71013e006a01c8c9fa9812dcbbce8
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_ia64.deb
    Size/MD5 checksum:    26150 8d4c7ca669c634d5a4a0c038f603f8b8
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_ia64.deb
    Size/MD5 checksum:   264844 21f1ff094fd730d04e7e2b4377b874f6

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_mips.deb
    Size/MD5 checksum:   229336 d52a35cbfe9b5bc6791f43b894f6bda8
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_mips.deb
    Size/MD5 checksum:   176096 5dc5d4b8417ddcdca85ccac83c7072ef
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_mips.deb
    Size/MD5 checksum:    18994 80122014dde275e45efb64b4451603e8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_powerpc.deb
    Size/MD5 checksum:   186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_powerpc.deb
    Size/MD5 checksum:   207140 10bbafbc62f653e29b2f8c88bbdd9b02
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_powerpc.deb
    Size/MD5 checksum:    22900 543ae9e4df3d297121f899b634636713

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_s390.deb
    Size/MD5 checksum:    18116 1206f23d337f638a7bf405fae7f9a7a1
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_s390.deb
    Size/MD5 checksum:   203422 4d8465b694e76c2b5a58d3787b4914c6
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_s390.deb
    Size/MD5 checksum:   183234 639d7e103590d7688224d9f5502126b0

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_sparc.deb
    Size/MD5 checksum:   173576 4d7b14354b5c143ed4fa096bbcb1a752
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_sparc.deb
    Size/MD5 checksum:   203976 f319ee7010a0efd187db5023359a8beb
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_sparc.deb
    Size/MD5 checksum:    17268 bb5de5301730ce0cd417e6e945838512


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.diff.gz
    Size/MD5 checksum:     7894 4f82263c3909e9b63e0cbc7ed10e997d
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
    Size/MD5 checksum:  2169375 d1177739bf1ceb07f57421f0cee191e0
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.dsc
    Size/MD5 checksum:     1195 ca8aa8b0ca3a03408032af1ff3882569

Architecture independent packages:

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-6+lenny1_all.deb
    Size/MD5 checksum:   285920 c5388d928771785efcbf9cecb6c589a1

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_alpha.deb
    Size/MD5 checksum:    20598 d06f257a8d9ac39374bd69327bb44856
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_alpha.deb
    Size/MD5 checksum:   263434 8daea32a448767b08e888f051dcc95f7
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_alpha.deb
    Size/MD5 checksum:   203738 e9ac47fa10381c5510c5ace60b920c1a

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_amd64.deb
    Size/MD5 checksum:    18992 49529a2273c18658ed927016b33e0ff5
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_amd64.deb
    Size/MD5 checksum:   186908 79c5cf0608709bb8a8e52547a050e94c
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_amd64.deb
    Size/MD5 checksum:   210036 b933a8713fee44409613401692602bc9

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_arm.deb
    Size/MD5 checksum:    16936 de40799cfcd047a65470c67d90c99996
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_arm.deb
    Size/MD5 checksum:   173436 7ac2f9516551b7e87c58e9b3c90c4aae
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_arm.deb
    Size/MD5 checksum:   193904 70ff03d5f3353a7921b9e64a7d575865

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_armel.deb
    Size/MD5 checksum:   181438 af85015b825f8ff0afe5013b9198f612
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_armel.deb
    Size/MD5 checksum:    18334 5b6ebb4cf15385f5ee4cb5994ceca5e0
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_armel.deb
    Size/MD5 checksum:   199168 ac0f164a3f1cb5773351026db81c3b4a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_hppa.deb
    Size/MD5 checksum:    19770 3bef399e7872f710e425bd4f9e4327a6
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_hppa.deb
    Size/MD5 checksum:   201662 faf3930f62f1e8040b98df980e011b57
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_hppa.deb
    Size/MD5 checksum:   236120 f92e57dfc0f888949f2d54f6ee9687a1

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_i386.deb
    Size/MD5 checksum:   176452 a70ddf1417312c0acad56e05403b8875
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_i386.deb
    Size/MD5 checksum:   194024 f3d7fb16b81a8df01eccb01dfce91cc4
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_i386.deb
    Size/MD5 checksum:    16928 572efd6f96ec0aad181fea0ba46e96f2

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_ia64.deb
    Size/MD5 checksum:    25766 6dc665e9ced6a39c279eb93abcf1469f
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_ia64.deb
    Size/MD5 checksum:   304474 60d47ed04099d9128c255097536b59fd
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_ia64.deb
    Size/MD5 checksum:   270232 6e92952dc90896353b46392f2a5d0edb

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mips.deb
    Size/MD5 checksum:    18192 c962575a11e80c524148034e335c02b3
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mips.deb
    Size/MD5 checksum:   229846 23e8811e367af817997a8dc2c87f45c7
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mips.deb
    Size/MD5 checksum:   179160 907f41074981099e5b970ba373770483

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mipsel.deb
    Size/MD5 checksum:   223738 d719ba660f5a356e982fd173f51bcf73
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mipsel.deb
    Size/MD5 checksum:    17854 8f1b053ebe04427d7ecdbad974865302
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mipsel.deb
    Size/MD5 checksum:   180004 4effa6b4a227d70e574106d88150660d

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_powerpc.deb
    Size/MD5 checksum:   214354 e7433c7790e0b0456c415d84c9dd7cd2
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_powerpc.deb
    Size/MD5 checksum:    27392 7282af7c836ee8c2339e48f04885e955
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_powerpc.deb
    Size/MD5 checksum:   196128 61d4022bd0ac9028e6fac9b8521a3fd3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_s390.deb
    Size/MD5 checksum:   203604 6195247347970250b62101f6b798409b
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_s390.deb
    Size/MD5 checksum:    18624 3c2be19a55bb550e1a6383b93f0eda9e
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_s390.deb
    Size/MD5 checksum:   186986 17b24ed61aea2f6153f700378d512e02

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_sparc.deb
    Size/MD5 checksum:   177318 02b2b31bb88340a03e58ad679370e3aa
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_sparc.deb
    Size/MD5 checksum:   200278 9e0041b2d3b87acfbcf9fd1790677859
  http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_sparc.deb
    Size/MD5 checksum:    17748 5f0f3860c1af2bba8e6a77cb9ed67cca


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoDCo0ACgkQHYflSXNkfP8TYgCfT4n7imxW2vBRC1vCFgz/AB3+
lv8AoKrcIB/i5m/JAsssjkDLkr1GH8v8
=om0D
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ