Debians sikkerhedsbulletin

DSA-2026-1 netpbm-free -- stakbaseret bufferoverløb

Rapporteret den:
2. apr 2010
Berørte pakker:
netpbm-free
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Debians fejlsporingssystem: Fejl 569060.
I Mitres CVE-ordbog: CVE-2009-4274.
Yderligere oplysninger:

Marc Schoenefeld opdagede et stakbaseret bufferoverløb i implementeringen af XPM-indlæsningen i netpbm-free, en samling af billedmanipuleringsværktøjer. En angriber kunne forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis udføre vilkårlig kode via en XPM-billedfil indeholdende et fabrikeret headerfelt med en stor farveindeksværdi.

I den stabile distribution (lenny), er dette problem rettet i version 2:10.0-12+lenny1.

I distribution testing (squeeze), er dette problem rettet i version 2:10.0-12.1+squeeze1.

I den ustabile distribution (sid), vil dette problem snart blive rettet.

På grund af et problem med arkiveringssystemet, var det ikke muligt at udgive til alle arkitekturer. Overførsel til de manglende arkitekturer til arkivet, vil finde sted så snart opdateringerne er tilgængelige.

Vi anbefaler at du opgraderer din netpbm-free-pakke.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_i386.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_ia64.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.