Debians sikkerhedsbulletin
DSA-601-1 libgd -- heltalsoverløb
- Rapporteret den:
- 29. nov 2004
- Berørte pakker:
- libgd1
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2004-0941, CVE-2004-0990.
- Yderligere oplysninger:
-
Flere potentielle heltalsoverløbs er opdaget i grafikbiblioteket GD, disse overløb var ikke dækket af vores sikkerhedsbulletin DSA 589. Sårbarhederne kunne udnyttes ved hjælp af en særligt fremstillet grafikfil og kunne gøre det muligt at udføre vilkårlig kode på offerets maskine.
I den stabile distribution (woody) er disse problemer rettet i version 1.8.4-17.woody4.
I den ustabile distribution (sid) vil disse problemer snart blive rettet.
Vi anbefaler at du opgraderer dine libgd1-pakker.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.dsc
- http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
- http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_alpha.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_alpha.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_alpha.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_arm.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_arm.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_arm.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_i386.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_i386.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_i386.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_ia64.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_ia64.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_ia64.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_hppa.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_hppa.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_hppa.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_m68k.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_m68k.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_m68k.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mips.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mips.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mips.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mipsel.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mipsel.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mipsel.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_powerpc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_powerpc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_powerpc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_s390.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_s390.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_s390.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_sparc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_sparc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_sparc.deb
- http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.