Debian: imlib2 arbitrary code execution fix
Summary
--------------------------------------------------------------------------Debian Security Advisory DSA 628-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 6th, 2005 http://www.debian.org/security/faq --------------------------------------------------------------------------Package : imlib2 Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1026 Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib or imlib2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-1025 Multiple heap-based buffer overflows. No such code is present in imlib2. CAN-2004-1026 Multiple integer overflows in the imlib library. For the stable distribution (woody) these problems have been fixed in version 1.0.5-2woody2. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your imlib2 packages. Upgrade Instructions --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 733 6f6e8508b5b630a86f9efcfecde7def4 Size/MD5 checksum: 24428 a564f25fde0c5b0cabcc09d5b5159535 Size/MD5 checksum: 688261 3b1a80c95ff2a4cfb3bce49e27d94461 Alpha architecture: Size/MD5 checksum: 191216 5fb5991f4fb1239e5f1cd0c1a7d969bf Size/MD5 checksum: 483026 cdf1447ba093954a4d99bec1d04aecb9 ARM architecture: Size/MD5 checksum: 165194 2c7d609e7f2777a118be441b7379ec49 Size/MD5 checksum: 440948 601854f35385592e7c3daeda7c6e946b Intel IA-32 architecture: Size/MD5 checksum: 149446 51b598088378311845699e97e480f88d Size/MD5 checksum: 403528 ffbb69fee4cf35317c63813e86153173 Intel IA-64 architecture: Size/MD5 checksum: 246832 aefd120663f3d66136a295fb2834ebc4 Size/MD5 checksum: 508434 06f35a685680b023cd403c35b7ae423f HP Precision architecture: Size/MD5 checksum: 193598 f5d1aa5591f46bf7cc0a4991ebf17b57 Size/MD5 checksum: 467452 1692700274cf6db934c3e8eada86e0ca Motorola 680x0 architecture: Size/MD5 checksum: 149362 b7b490352539282cb496fe0033f1510c Size/MD5 checksum: 402692 2d2848f5df47b51e6731e63d2e3f4a61 Big endian MIPS architecture: Size/MD5 checksum: 158132 8fa35f404b87dc55a85b9f864c60dd3b Size/MD5 checksum: 447340 d7260c65edee790294ca5abe78ed8ea9 Little endian MIPS architecture: Size/MD5 checksum: 157308 ca665733cf4f1bba438d4e8c1dc2b2d3 Size/MD5 checksum: 439724 910d1d3f6d92c33229046a07780e52d1 PowerPC architecture: Size/MD5 checksum: 168694 cd8efd37e1b4c99790676b7859f7d655 Size/MD5 checksum: 443648 f0cd41775ea1e80875e4109662408e52 IBM S/390 architecture: Size/MD5 checksum: 169030 8200d4599577df133a9a944786e958e7 Size/MD5 checksum: 421472 f7fc3deb38b061fb5e6bd1f448dea617 Sun Sparc architecture: Size/MD5 checksum: 166290 96777c27912c44e1ca40089cca0a5453 Size/MD5 checksum: 434848 edc14a5c15cab67eaa1b7cf50ae28450 These files will probably be moved into the stable distribution on its next update. ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show' and http://packages.debian.org/