Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution
From: debian-security-announce () lists debian org
Date: Tue, 9 Nov 2004 17:55:57 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 591-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
November 9th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libgd2
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0990
BugTraq ID     : 11523

"infamous41md" discovered several integer overflows in the PNG image
decoding routines of the GD graphics library.  This could lead to the
execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in
version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
libgd2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd2 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.dsc
      Size/MD5 checksum:      705 88c7efa97eeab7a6eadeb620bd09188e
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.diff.gz
      Size/MD5 checksum:     8303 d7cba99b80f5d24d7925690d1cd64d3b
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
      Size/MD5 checksum:   436945 43af994a97f3300a1165ca4888176ece

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_alpha.deb
      Size/MD5 checksum:    19426 6a129f7af61c4c89d9f8a479efb1aa80
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_alpha.deb
      Size/MD5 checksum:   133708 d6bef2d604d1399f76c86988a28b2c2f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_alpha.deb
      Size/MD5 checksum:   161450 8c3a8019e562585656dbc4ab1e0f9ef1
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_alpha.deb
      Size/MD5 checksum:   133038 8ff0de6efe179744247ec3755a199068

  ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_arm.deb
      Size/MD5 checksum:    16494 b8761b5ef00d2e2fdc0a12bd5ba64935
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_arm.deb
      Size/MD5 checksum:   122794 4133503e81fa4009e1112c3972d3345c
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_arm.deb
      Size/MD5 checksum:   149662 0452e1f7012f5337a04ddb110ca9601d
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_arm.deb
      Size/MD5 checksum:   122106 21ebf1c6a9c99a654aeda3dc2de8ae61

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_i386.deb
      Size/MD5 checksum:    16360 ba3066520359c3291d225c3587467b47
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_i386.deb
      Size/MD5 checksum:   122538 eef089742b45329d6eee1b4b8e3d32a3
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_i386.deb
      Size/MD5 checksum:   144380 f04b92dfa62c680420c0bc2427e77d0d
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_i386.deb
      Size/MD5 checksum:   121988 8401ad37f2301fb537fb021f248007e3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_ia64.deb
      Size/MD5 checksum:    19686 6c3c9b03041462cd524ac5a9f136615e
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_ia64.deb
      Size/MD5 checksum:   150808 515e12b09662de87d49b6f35acae1ebb
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_ia64.deb
      Size/MD5 checksum:   176490 99c2709b91b19847a5464a43da387f82
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_ia64.deb
      Size/MD5 checksum:   149940 2e4ddcf1e74e5a4d6290c05c1ab12c14

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_hppa.deb
      Size/MD5 checksum:    17560 c8007c9d34777006a64484d4c6e7a93f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_hppa.deb
      Size/MD5 checksum:   133764 02776aee09b0c637d657f72ef25da6e3
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_hppa.deb
      Size/MD5 checksum:   158148 79cad220b411030e9ae73b6cc571b4d0
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_hppa.deb
      Size/MD5 checksum:   133214 db7f30c855c7c081086ef0ca087b167e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_m68k.deb
      Size/MD5 checksum:    16254 d68b2a04ef57a8d3d796ddf4a87cfacb
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_m68k.deb
      Size/MD5 checksum:   119546 6d2f5b67232dceb02e05e1c023b4c63f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_m68k.deb
      Size/MD5 checksum:   141400 b2ed3350229ad3c3e3355dd96e68cc75
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_m68k.deb
      Size/MD5 checksum:   118992 b6bfe3a735b1d923d0bc57dde4b915c7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mips.deb
      Size/MD5 checksum:    16254 a50a60c6911d92ba9a0515e87aaaa325
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mips.deb
      Size/MD5 checksum:   125870 189dd85190eb1f3b804762602793fa92
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mips.deb
      Size/MD5 checksum:   155372 1d343ea6008b1325abc5695f2c040280
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mips.deb
      Size/MD5 checksum:   125226 ad9fc8b3e7d1991168ef898bbb3a2544

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mipsel.deb
      Size/MD5 checksum:    16178 7291e8074a031d4245f321084d4277aa
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mipsel.deb
      Size/MD5 checksum:   126100 14c4f2f1d9d3fb1b555ec9b1f0745e5a
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mipsel.deb
      Size/MD5 checksum:   155530 3ffae465699cb6775927c05daef6785d
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mipsel.deb
      Size/MD5 checksum:   125470 bd3d389629412e2e5860f4a0d5c4fc33

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_powerpc.deb
      Size/MD5 checksum:    16684 abae7aecfede1fba89c55541db9621f0
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_powerpc.deb
      Size/MD5 checksum:   126232 5f4ac8d84d3e1957243ef904fd9460af
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_powerpc.deb
      Size/MD5 checksum:   152194 2ff1c73c04e079cd3c048a3fe0c76b62
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_powerpc.deb
      Size/MD5 checksum:   125536 7d03001e0fbefdd8481e8aa8ebd8f1d5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_s390.deb
      Size/MD5 checksum:    17526 c6d969e33155948d6fe20b6faa467505
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_s390.deb
      Size/MD5 checksum:   125972 e792ef4f6ca004f73a4c5e239525c456
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_s390.deb
      Size/MD5 checksum:   146656 50536238baf45e02b4d0efee67e23716
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_s390.deb
      Size/MD5 checksum:   125356 4688d47c735283c8974c6306aac76cdc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_sparc.deb
      Size/MD5 checksum:    16622 dad3372d7766abd0bf6936364c867c33
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_sparc.deb
      Size/MD5 checksum:   124496 2736df53b6305853b8c3e81a31804375
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_sparc.deb
      Size/MD5 checksum:   148200 e390b00feeee0a027c7f5828660fecdf
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_sparc.deb
      Size/MD5 checksum:   123890 b7339c8e4a801dd2dbb81cae06b8e236


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBkPadW5ql+IAeqTIRAm0DAJ0Z8SHTJ+rF8QeMQEqj2R/+yHxlfACdFZuC
dK20hqEdstOJR6odJrbFMP8=
=4kbL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution debian-security-announce (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]