Säkerhetsbulletin från Debian
DSA-2026-1 netpbm-free -- stackbaserat buffertspill
- Rapporterat den:
- 2010-04-02
- Berörda paket:
- netpbm-free
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 569060.
I Mitres CVE-förteckning: CVE-2009-4274. - Ytterligare information:
-
Marc Schoenefeld upptäckte ett stackbaserat buffertspill i XPM-läsarimplementationen i netpbm-free, en uppsättning bildbehandlingsverktyg. En angripare kunde orsaka en överbelastning (applikationskrasch) eller möjligen exekvera godtycklig kod med hjälp av en XPM-bildfil som innehåller ett specialskrivet huvudfält associerat med ett stort färgindexvärde.
För den stabila utgåvan (Lenny) har detta problem rättats i version 2:10.0-12+lenny1.
För uttestningsutgåvan (Squeeze) har detta problem rättats i version 2:10.0-12.1+squeeze1.
För den instabila utgåvan (Sid) kommer detta problem att rättas inom kort.
På grund av ett problem med arkivsystemet är det inte möjligt att släppa alla arkitekturer. De saknade arkitekturerna kommer läggas in i arkivet så snart de finns tillgängliga.
Vi rekommenderar att ni uppgraderar ert netpbm-free-paket.
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.