Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution

from [Martin Schulze] Network Security [Permanent Link]
Subject: [SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution
Date: Fri, 24 Dec 2004 17:40:42 +0100 (CET) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 618-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 24th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imlib
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CAN-2004-1025 CAN-2004-1026
BugTraq ID     : 11830
Debian Bug     : 284925

Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib, an imaging library for X and X11.
An attacker could create a carefully crafted image file in such a way
that it could cause an application linked with imlib to execute
arbitrary code when the file was opened by a victim.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2004-1025

    Multiple heap-based buffer overflows.

CAN-2004-1026

    Multiple integer overflows.

For the stable distribution (woody) these problems have been fixed in
version 1.9.14-2woody2.

For the unstable distribution (sid) these problems have been fixed in
version 1.9.14-17.1.

We recommend that you upgrade your imlib packages immediately.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.dsc
      Size/MD5 checksum:      805 6b89c44e7635494ab6309f31e8977a71
    
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.diff.gz
      Size/MD5 checksum:   273298 66b9b193f65f0f552a3c7475504b4aa3
    
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
      Size/MD5 checksum:   748591 1fa54011e4e1db532d7eadae3ced6a8c

  Architecture independent components:

    
http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2woody2_all.deb
      Size/MD5 checksum:   114710 04c82fdad40b4c81ca6145015d1ca9e7

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_alpha.deb
      Size/MD5 checksum:   119716 e6b3de272b4ccded198ca1c7a8cbe9c7
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_alpha.deb
      Size/MD5 checksum:    97146 afa40cb2097baab7293694292a163373
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_alpha.deb
      Size/MD5 checksum:   117364 43f345f06377fefe9a5976a3d571876c
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_alpha.deb
      Size/MD5 checksum:   262202 2baf347e73e7833f340b72d250709b2f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_alpha.deb
      Size/MD5 checksum:    97202 af8d9bcb83596b124cc7148b4b42a612

  ARM architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_arm.deb
      Size/MD5 checksum:    94088 97cab67730bda9ca0a83ff1e8fd646c7
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_arm.deb
      Size/MD5 checksum:    75402 db81fe94e6b35c3baa2505f533f6aa01
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_arm.deb
      Size/MD5 checksum:    94136 d6d974eb4fb709141cd8482b45756a74
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_arm.deb
      Size/MD5 checksum:   258262 da89d3962a56d4d37bcb4084e5ae4176
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_arm.deb
      Size/MD5 checksum:    76330 b1f75f5cc08f4175b72ba932c7b34210

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_i386.deb
      Size/MD5 checksum:    77884 c24a0ebb06c178eb4d473c20433b7389
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_i386.deb
      Size/MD5 checksum:    69338 b284172f465ac35e7fdf44bea07504e8
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_i386.deb
      Size/MD5 checksum:    76452 acaaca70c492ee827d678743dd990d61
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_i386.deb
      Size/MD5 checksum:   258354 790ada2bfc6205c0cd43459ae95fb127
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_i386.deb
      Size/MD5 checksum:    69730 05f8b9bbab5f9008599f2fa37caaed2c

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_ia64.deb
      Size/MD5 checksum:   129024 a059b5c1e0411f389c2fd39e594f5b5a
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_ia64.deb
      Size/MD5 checksum:   116312 9eb937b6c56c0237487b2bf2e84eed4f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_ia64.deb
      Size/MD5 checksum:   129156 c726f93cf1456230e99ac2c03783080f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_ia64.deb
      Size/MD5 checksum:   266510 87aee70d85386bd2c29ee89b76360c75
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_ia64.deb
      Size/MD5 checksum:   119094 026ac0e934b06183ee32f46cb70dbe76

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_hppa.deb
      Size/MD5 checksum:   105152 1cdbb634730781005e656d4a6f45afe4
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_hppa.deb
      Size/MD5 checksum:    92194 902a728a355b9090c76083e49240111c
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_hppa.deb
      Size/MD5 checksum:   103532 e86528e832c62b21b90e4d1a15c5821f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_hppa.deb
      Size/MD5 checksum:   261002 f39d5a52457a8a348d7881a649450fe3
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_hppa.deb
      Size/MD5 checksum:    91622 efec147e4b6fb0bfb0d6510359dcd6a3

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_m68k.deb
      Size/MD5 checksum:    72004 3cb969b4018031188492c6bc448705dc
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_m68k.deb
      Size/MD5 checksum:    64146 8bbbf2e8b4f7c31aa4e302dffe35ad71
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_m68k.deb
      Size/MD5 checksum:    69820 8d7d31a6c3a44f7a3dcb5c0e17fc7bca
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_m68k.deb
      Size/MD5 checksum:   257372 52888389b545dc1e3cce3b899a65a2d4
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_m68k.deb
      Size/MD5 checksum:    64660 86ed5f17d0a2ab99c8775619b451cb17

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mips.deb
      Size/MD5 checksum:    95756 615f2919772c3278475db2a123e10365
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mips.deb
      Size/MD5 checksum:    75404 04fc84337f3cc79da350e63e54c0bd39
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mips.deb
      Size/MD5 checksum:    92638 fc95257f5614e0ca9000083d0863e23e
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mips.deb
      Size/MD5 checksum:   257934 43d3ab6970888d80aca888a90fc3b9dc
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mips.deb
      Size/MD5 checksum:    75948 45b966a81a0bc4fdad17776491eebfbb

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mipsel.deb
      Size/MD5 checksum:    95806 5d8184b2fa877b5140df8cd4f05bc629
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mipsel.deb
      Size/MD5 checksum:    75478 54248fbb3244f95da8bd1a5e0dcc64c2
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mipsel.deb
      Size/MD5 checksum:    92688 ba0e8f951706a1642ab2994a11113a0c
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mipsel.deb
      Size/MD5 checksum:   257834 99d601494d76618f8974b05ba3f21401
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mipsel.deb
      Size/MD5 checksum:    75884 856fed2b0af1665d36a7ac76dc4516a4

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_powerpc.deb
      Size/MD5 checksum:    94166 ce1b5d6adc54b226054a2fbd83b2a86d
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_powerpc.deb
      Size/MD5 checksum:    76854 ba841bf89a7af734b741a33a591cab8f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_powerpc.deb
      Size/MD5 checksum:    90276 23d95df53d747a550721960c673e8d9f
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_powerpc.deb
      Size/MD5 checksum:   258522 4619a569bcb42a6ff4e691a9a73b4298
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_powerpc.deb
      Size/MD5 checksum:    75432 1f72571029157018583561cd829f47b1

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_s390.deb
      Size/MD5 checksum:    83314 ba3c9382fe7b468b74e36f8cd4eece90
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_s390.deb
      Size/MD5 checksum:    78052 2eb2a4951c05bedbe5e131b8f6ecc3eb
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_s390.deb
      Size/MD5 checksum:    84168 9de33add121dc1d258389522c0456544
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_s390.deb
      Size/MD5 checksum:   258680 909968f199ff27b6f6a51712043925d9
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_s390.deb
      Size/MD5 checksum:    78622 9eb679c1377078e6065f8f0183388a70

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_sparc.deb
      Size/MD5 checksum:    88778 d37e329386b3b5c9514fb9619175e75f
    
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_sparc.deb
      Size/MD5 checksum:    76534 23476af1594709264a14e72a301bd747
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_sparc.deb
      Size/MD5 checksum:    85812 74c633ae47eab66ee3402b9b3f8329b5
    
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_sparc.deb
      Size/MD5 checksum:   258760 87f9a03a2528ff6dce1008ad9a7e1392
    
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_sparc.deb
      Size/MD5 checksum:    76790 db539c8ee1aff2573c2e54bb525468fc


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBzEaKW5ql+IAeqTIRAidEAJ99TQ0ZL4LDjoxN68SgmWtM/fk6GwCfWAFY
IijnrLMbfiZQE0nXN+TdRjM=
=0Z8H
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution, Martin Schulze <=
Previous by Date:  [Full-Disclosure] [ADVISORY] Scripting Vulnerabilities in Indian Email Providers Put Millions At Risk, S G Masood
Next by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan
Previous by Thread:  [Full-Disclosure] [ADVISORY] Scripting Vulnerabilities in Indian Email Providers Put Millions At Risk, S G Masood
Next by Thread:  STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard, advisory
Indexes:  [Date] [Thread] [Top] [All Lists]