Debians sikkerhedsbulletin

DSA-601-1 libgd -- heltalsoverløb

Rapporteret den:
29. nov 2004
Berørte pakker:
libgd1
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2004-0941, CVE-2004-0990.
Yderligere oplysninger:

Flere potentielle heltalsoverløbs er opdaget i grafikbiblioteket GD, disse overløb var ikke dækket af vores sikkerhedsbulletin DSA 589. Sårbarhederne kunne udnyttes ved hjælp af en særligt fremstillet grafikfil og kunne gøre det muligt at udføre vilkårlig kode på offerets maskine.

I den stabile distribution (woody) er disse problemer rettet i version 1.8.4-17.woody4.

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

Vi anbefaler at du opgraderer dine libgd1-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.dsc
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_alpha.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_alpha.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_arm.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_arm.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_i386.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_i386.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_ia64.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_ia64.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_hppa.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_hppa.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_m68k.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_m68k.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mips.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mips.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mipsel.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mipsel.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_powerpc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_powerpc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_s390.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_s390.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_sparc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_sparc.deb
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.