Debians sikkerhedsbulletin
DSA-618-1 imlib -- bufferoverløb, heltalsoverløb
- Rapporteret den:
- 24. dec 2004
- Berørte pakker:
- imlib
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 284925.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 11830.
I Mitres CVE-ordbog: CVE-2004-1025, CVE-2004-1026. - Yderligere oplysninger:
-
Pavel Kankovsky har opdaget at flere overløb som blev fundet i biblioteket libXpm også findes i imlib, en billedbehandlingsbibliotek til X og X11. En angriber kunne omhyggeligt oprette en billedfil på en måde, så den fik et program der var linket med imlib til at udføre vilkårlig kode når filen blev åbnet af et offer. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:
- CAN-2004-1025
Flere heap-baserede bufferoverløb.
- CAN-2004-1026
Flere heltalsoverløb.
I den stabile distribution (woody) er disse problemer rettet i version 1.9.14-2woody2.
I den ustabile distribution (sid) er disse problemer rettet i version 1.9.14-17.1 af imlib og i version 1.9.14-16.1 af imlib+png2, der fremstiller imlib1-pakken.
Vi anbefaler at du omgående opgraderer dine imlib-pakker.
- CAN-2004-1025
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.dsc
- http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.diff.gz
- http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
- http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2woody2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.