Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution
From: debian-security-announce () lists debian org
Date: Tue, 9 Nov 2004 15:59:22 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 589-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
November 9th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libgd
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0990
BugTraq ID     : 11523

"infamous41md" discovered several integer overflows in the PNG image
decoding routines of the GD graphics library.  This could lead to the
execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in
version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
libgd2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd1 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc
      Size/MD5 checksum:      707 475a021c51d4a13211a211c17b1551f6
    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz
      Size/MD5 checksum:     8695 d208e651d9d7eef22fcfd27455335c26
    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
      Size/MD5 checksum:   559248 813625508e31f5c205904a305bdc8669

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb
      Size/MD5 checksum:   134716 18f7bb31f9c2df1876fcd43ee07cb317
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb
      Size/MD5 checksum:   133308 800918d9a4c773155bdc1328f8e46119
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb
      Size/MD5 checksum:   111812 6ac46129674d4377a65140a26c320f3b
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb
      Size/MD5 checksum:   111188 53f277a1a0b1cd239a42e2f3e9558338

  ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb
      Size/MD5 checksum:   123676 b73ca28de04f8eff9f2f2dc6200ae089
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb
      Size/MD5 checksum:   123162 2616147546687bef695eaecbe87cd5da
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb
      Size/MD5 checksum:   104214 ad6dfb3a678252b8aea3f1e942ed9e18
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb
      Size/MD5 checksum:   103616 b5ed245e0b10ce9248c69a362c0023f4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb
      Size/MD5 checksum:   121132 5531183a357e500c3ec58f094caf6c89
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb
      Size/MD5 checksum:   120650 73aa302b99d761988c6be28a0b6a866a
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb
      Size/MD5 checksum:   104058 f2f25e0c784aa732d5f3a6941faf8d5e
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb
      Size/MD5 checksum:   103526 b315185c17011b5b061b2f660962c04d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb
      Size/MD5 checksum:   145576 57beb3ee63cfc0b0f959d8fe28ee73d8
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb
      Size/MD5 checksum:   144628 c5f3fc093c8f8b8ee02cbc4a434e072a
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb
      Size/MD5 checksum:   125622 59b992afcbfd47d9cf36a27e9e505472
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb
      Size/MD5 checksum:   124316 c506be2df33949840ab704c988509975

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb
      Size/MD5 checksum:   132100 6058fb1f80653f72e0adbce6fcfcb453
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb
      Size/MD5 checksum:   131300 eb08f0d6d0624e61f73315a4bf577a72
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb
      Size/MD5 checksum:   111508 7a64ea78b91c49de452ae08ad13508d5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb
      Size/MD5 checksum:   110998 36efa25648536b0fc132ef8979dced21

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb
      Size/MD5 checksum:   119284 c82fb2b6d484d42a97c9f0449492ae39
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb
      Size/MD5 checksum:   118738 5409641a546bcc32425186e2c08460d7
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb
      Size/MD5 checksum:   102364 8df32eaca36695c625a640aa24c13bce
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb
      Size/MD5 checksum:   101906 e031bade76cf4ec424ba1e43f435b3fe

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb
      Size/MD5 checksum:   128900 9aa4a7d18cf202a32be6769266eafb27
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb
      Size/MD5 checksum:   128158 25a50011dde812a6850fbccb75aff32e
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb
      Size/MD5 checksum:   106426 f4cf28af2cb5191c7d352ead07184fea
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb
      Size/MD5 checksum:   105842 2132ce70ebf0c291b0b407ff73cea032

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb
      Size/MD5 checksum:   129090 73d06a669f116d6a748578995daff5e1
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb
      Size/MD5 checksum:   128270 32154086e87ddd24867be3ba9b95ecc5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb
      Size/MD5 checksum:   106432 ed6fdd0570066c23e49c5da15d358aa8
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb
      Size/MD5 checksum:   105872 ff5c9599e2bece96cd180b5a622f6bf7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb
      Size/MD5 checksum:   126418 406865e1b60c2c1d608b11f713a60db5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb
      Size/MD5 checksum:   125524 ab9460c78e7ae3ccfcddfbbd8c842cce
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb
      Size/MD5 checksum:   106928 185e67aa0ac4eda2b06c6033f4faf6b3
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb
      Size/MD5 checksum:   106400 b1520aac55563125eb3abad8866c28a4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb
      Size/MD5 checksum:   122502 13b4f35fd483d9503cb31f00907e3e41
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb
      Size/MD5 checksum:   121956 b81e27b20483ed0a4da783867fbcf7b5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb
      Size/MD5 checksum:   106278 e7ebafa88cb575404ee952ca8a515423
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb
      Size/MD5 checksum:   105686 152394d7f0ff8c6d42f9eb0d80fe7c21

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb
      Size/MD5 checksum:   123342 ae43cdd72272edac59d42717c4892024
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb
      Size/MD5 checksum:   122820 ac87eae8ec44e4efb5ed241dc74b2b76
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb
      Size/MD5 checksum:   104754 3d712ec702de16480f53424644ec78cd
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb
      Size/MD5 checksum:   104506 34360c4b52b08560e17af05c557c2fbe


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD4DBQFBkNtJW5ql+IAeqTIRAi4RAJ4r0eqT3Gb0KLzFkE3NRO/roUm0eQCYoUc6
Ib9X1wgBiEUorNnwfqjY5w==
=tDDj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution debian-security-announce (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault