Debian: imlib arbitrary code execution fix
Summary
--------------------------------------------------------------------------Debian Security Advisory DSA 618-1 security@debian.org http://www.debian.org/security/ Martin Schulze December 24th, 2004 http://www.debian.org/security/faq --------------------------------------------------------------------------Package : imlib Vulnerability : buffer overflows, integer overflows Problem-Type : local/remote Debian-specific: no CVE ID : CAN-2004-1025 CAN-2004-1026 BugTraq ID : 11830 Debian Bug : 284925 Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-1025 Multiple heap-based buffer overflows. CAN-2004-1026 Multiple integer overflows. For the stable distribution (woody) these problems have been fixed in version 1.9.14-2woody2. For the unstable distribution (sid) these problems have been fixed in version 1.9.14-17.1. We recommend that you upgrade your imlib packages immediately. Upgrade Instructions --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 805 6b89c44e7635494ab6309f31e8977a71 Size/MD5 checksum: 273298 66b9b193f65f0f552a3c7475504b4aa3 Size/MD5 checksum: 748591 1fa54011e4e1db532d7eadae3ced6a8c Architecture independent components: Size/MD5 checksum: 114710 04c82fdad40b4c81ca6145015d1ca9e7 Alpha architecture: Size/MD5 checksum: 119716 e6b3de272b4ccded198ca1c7a8cbe9c7 Size/MD5 checksum: 97146 afa40cb2097baab7293694292a163373 Size/MD5 checksum: 117364 43f345f06377fefe9a5976a3d571876c Size/MD5 checksum: 262202 2baf347e73e7833f340b72d250709b2f Size/MD5 checksum: 97202 af8d9bcb83596b124cc7148b4b42a612 ARM architecture: Size/MD5 checksum: 94088 97cab67730bda9ca0a83ff1e8fd646c7 Size/MD5 checksum: 75402 db81fe94e6b35c3baa2505f533f6aa01 Size/MD5 checksum: 94136 d6d974eb4fb709141cd8482b45756a74 Size/MD5 checksum: 258262 da89d3962a56d4d37bcb4084e5ae4176 Size/MD5 checksum: 76330 b1f75f5cc08f4175b72ba932c7b34210 Intel IA-32 architecture: Size/MD5 checksum: 77884 c24a0ebb06c178eb4d473c20433b7389 Size/MD5 checksum: 69338 b284172f465ac35e7fdf44bea07504e8 Size/MD5 checksum: 76452 acaaca70c492ee827d678743dd990d61 Size/MD5 checksum: 258354 790ada2bfc6205c0cd43459ae95fb127 Size/MD5 checksum: 69730 05f8b9bbab5f9008599f2fa37caaed2c Intel IA-64 architecture: Size/MD5 checksum: 129024 a059b5c1e0411f389c2fd39e594f5b5a Size/MD5 checksum: 116312 9eb937b6c56c0237487b2bf2e84eed4f Size/MD5 checksum: 129156 c726f93cf1456230e99ac2c03783080f Size/MD5 checksum: 266510 87aee70d85386bd2c29ee89b76360c75 Size/MD5 checksum: 119094 026ac0e934b06183ee32f46cb70dbe76 HP Precision architecture: Size/MD5 checksum: 105152 1cdbb634730781005e656d4a6f45afe4 Size/MD5 checksum: 92194 902a728a355b9090c76083e49240111c Size/MD5 checksum: 103532 e86528e832c62b21b90e4d1a15c5821f Size/MD5 checksum: 261002 f39d5a52457a8a348d7881a649450fe3 Size/MD5 checksum: 91622 efec147e4b6fb0bfb0d6510359dcd6a3 Motorola 680x0 architecture: Size/MD5 checksum: 72004 3cb969b4018031188492c6bc448705dc Size/MD5 checksum: 64146 8bbbf2e8b4f7c31aa4e302dffe35ad71 Size/MD5 checksum: 69820 8d7d31a6c3a44f7a3dcb5c0e17fc7bca Size/MD5 checksum: 257372 52888389b545dc1e3cce3b899a65a2d4 Size/MD5 checksum: 64660 86ed5f17d0a2ab99c8775619b451cb17 Big endian MIPS architecture: Size/MD5 checksum: 95756 615f2919772c3278475db2a123e10365 Size/MD5 checksum: 75404 04fc84337f3cc79da350e63e54c0bd39 Size/MD5 checksum: 92638 fc95257f5614e0ca9000083d0863e23e Size/MD5 checksum: 257934 43d3ab6970888d80aca888a90fc3b9dc Size/MD5 checksum: 75948 45b966a81a0bc4fdad17776491eebfbb Little endian MIPS architecture: Size/MD5 checksum: 95806 5d8184b2fa877b5140df8cd4f05bc629 Size/MD5 checksum: 75478 54248fbb3244f95da8bd1a5e0dcc64c2 Size/MD5 checksum: 92688 ba0e8f951706a1642ab2994a11113a0c Size/MD5 checksum: 257834 99d601494d76618f8974b05ba3f21401 Size/MD5 checksum: 75884 856fed2b0af1665d36a7ac76dc4516a4 PowerPC architecture: Size/MD5 checksum: 94166 ce1b5d6adc54b226054a2fbd83b2a86d Size/MD5 checksum: 76854 ba841bf89a7af734b741a33a591cab8f Size/MD5 checksum: 90276 23d95df53d747a550721960c673e8d9f Size/MD5 checksum: 258522 4619a569bcb42a6ff4e691a9a73b4298 Size/MD5 checksum: 75432 1f72571029157018583561cd829f47b1 IBM S/390 architecture: Size/MD5 checksum: 83314 ba3c9382fe7b468b74e36f8cd4eece90 Size/MD5 checksum: 78052 2eb2a4951c05bedbe5e131b8f6ecc3eb Size/MD5 checksum: 84168 9de33add121dc1d258389522c0456544 Size/MD5 checksum: 258680 909968f199ff27b6f6a51712043925d9 Size/MD5 checksum: 78622 9eb679c1377078e6065f8f0183388a70 Sun Sparc architecture: Size/MD5 checksum: 88778 d37e329386b3b5c9514fb9619175e75f Size/MD5 checksum: 76534 23476af1594709264a14e72a301bd747 Size/MD5 checksum: 85812 74c633ae47eab66ee3402b9b3f8329b5 Size/MD5 checksum: 258760 87f9a03a2528ff6dce1008ad9a7e1392 Size/MD5 checksum: 76790 db539c8ee1aff2573c2e54bb525468fc These files will probably be moved into the stable distribution on its next update. ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show' and http://packages.debian.org/
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.