User: Password:
|
|
Subscribe / Log in / New account

Debian alert DSA-591-1 (libgd2)

From:  joey@infodrom.org (Martin Schulze)
To:  debian-security-announce@lists.debian.org (Debian Security Announcements)
Subject:  [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution
Date:  Tue, 9 Nov 2004 17:55:57 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 591-1 security@debian.org http://www.debian.org/security/ Martin Schulze November 9th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libgd2 Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0990 BugTraq ID : 11523 "infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine. For the stable distribution (woody) these problems have been fixed in version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of libgd2. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libgd2 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 705 88c7efa97eeab7a6eadeb620bd09188e http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 8303 d7cba99b80f5d24d7925690d1cd64d3b http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 436945 43af994a97f3300a1165ca4888176ece Alpha architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 19426 6a129f7af61c4c89d9f8a479efb1aa80 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 133708 d6bef2d604d1399f76c86988a28b2c2f http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 161450 8c3a8019e562585656dbc4ab1e0f9ef1 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 133038 8ff0de6efe179744247ec3755a199068 ARM architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16494 b8761b5ef00d2e2fdc0a12bd5ba64935 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 122794 4133503e81fa4009e1112c3972d3345c http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 149662 0452e1f7012f5337a04ddb110ca9601d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 122106 21ebf1c6a9c99a654aeda3dc2de8ae61 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16360 ba3066520359c3291d225c3587467b47 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 122538 eef089742b45329d6eee1b4b8e3d32a3 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 144380 f04b92dfa62c680420c0bc2427e77d0d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 121988 8401ad37f2301fb537fb021f248007e3 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 19686 6c3c9b03041462cd524ac5a9f136615e http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 150808 515e12b09662de87d49b6f35acae1ebb http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 176490 99c2709b91b19847a5464a43da387f82 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 149940 2e4ddcf1e74e5a4d6290c05c1ab12c14 HP Precision architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 17560 c8007c9d34777006a64484d4c6e7a93f http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 133764 02776aee09b0c637d657f72ef25da6e3 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 158148 79cad220b411030e9ae73b6cc571b4d0 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 133214 db7f30c855c7c081086ef0ca087b167e Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16254 d68b2a04ef57a8d3d796ddf4a87cfacb http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 119546 6d2f5b67232dceb02e05e1c023b4c63f http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 141400 b2ed3350229ad3c3e3355dd96e68cc75 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 118992 b6bfe3a735b1d923d0bc57dde4b915c7 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16254 a50a60c6911d92ba9a0515e87aaaa325 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125870 189dd85190eb1f3b804762602793fa92 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 155372 1d343ea6008b1325abc5695f2c040280 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125226 ad9fc8b3e7d1991168ef898bbb3a2544 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16178 7291e8074a031d4245f321084d4277aa http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 126100 14c4f2f1d9d3fb1b555ec9b1f0745e5a http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 155530 3ffae465699cb6775927c05daef6785d http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125470 bd3d389629412e2e5860f4a0d5c4fc33 PowerPC architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16684 abae7aecfede1fba89c55541db9621f0 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 126232 5f4ac8d84d3e1957243ef904fd9460af http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 152194 2ff1c73c04e079cd3c048a3fe0c76b62 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125536 7d03001e0fbefdd8481e8aa8ebd8f1d5 IBM S/390 architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 17526 c6d969e33155948d6fe20b6faa467505 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125972 e792ef4f6ca004f73a4c5e239525c456 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 146656 50536238baf45e02b4d0efee67e23716 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 125356 4688d47c735283c8974c6306aac76cdc Sun Sparc architecture: http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 16622 dad3372d7766abd0bf6936364c867c33 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 124496 2736df53b6305853b8c3e81a31804375 http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 148200 e390b00feeee0a027c7f5828660fecdf http://security.debian.org/pool/updates/main/libg/libgd2/... Size/MD5 checksum: 123890 b7339c8e4a801dd2dbb81cae06b8e236 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBkPadW5ql+IAeqTIRAm0DAJ0Z8SHTJ+rF8QeMQEqj2R/+yHxlfACdFZuC dK20hqEdstOJR6odJrbFMP8= =4kbL -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds