Debians sikkerhedsbulletin

DSA-628-1 imlib2 -- heltalsoverløb

Rapporteret den:
6. jan 2005
Berørte pakker:
imlib2
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2004-1026, CVE-2004-1025.
Yderligere oplysninger:

Pavel Kankovsky har opdaget at flere overløb der blev fundet i biblioteket libXpm også fandtas i imlib og imlib2, der er billedbehandlingsbiblioteker til X11. En angriber kunne med omhu fremstille en billedfil på en sådan måde, at den fik et program der var linket med imlib eller imlib2 til at udføre vilkårlig kode når filen blev åbnet af et offer. Projektet Common Vulnerabilities and Exposures har fundet frem til følende problemer:

  • CAN-2004-1025

    Flere heap-baserede bufferoverløb. Denne kode findes ikke i imlib2.

  • CAN-2004-1026

    Flere heltalsoverløb biblioteket imlib.

I den stabile distribution (woody) er disse problemer rettet i version 1.0.5-2woody2.

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

Vi anbefaler at du opgraderer dine imlib2-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.dsc
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.diff.gz
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_alpha.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_arm.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_i386.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_ia64.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_hppa.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_m68k.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mips.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mipsel.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_powerpc.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_s390.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_sparc.deb
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.