"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1857-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
August 10, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : camlimages
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-2660
Debian Bug : 540146
Tielei Wang discovered that CamlImages, an open source image processing
library, suffers from several integer overflows which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution. This advisory addresses issues with the reading of JPEG and
GIF Images, while DSA 1832-1 addressed the issue with PNG images.
For the oldstable distribution (etch), this problem has been fixed in
version 2.20-8+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 1:2.2.0-4+lenny2.
For the unstable distribution (sid), this problem has been fixed in
version 1:3.0.1-3.
We recommend that you upgrade your camlimages package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.diff.gz
Size/MD5 checksum: 9346 cf4767d4ac5521e64b409605f3803506
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.dsc
Size/MD5 checksum: 904 9dc39921e9569777eeb24c38b0ba0fae
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch2_all.deb
Size/MD5 checksum: 600500 16d54539aab49f9f6c7cc5a8fe7bbf92
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_alpha.deb
Size/MD5 checksum: 1024080 5bb5670e039095dd74fc09831faacb25
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_alpha.deb
Size/MD5 checksum: 29454 c48de53b96d1358e56a1b9f1b0795527
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_amd64.deb
Size/MD5 checksum: 820030 668fab0f7d5416229ec40bcbb508db82
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_amd64.deb
Size/MD5 checksum: 27888 d54c0e9a04629c4226b61a9b49f538e3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_arm.deb
Size/MD5 checksum: 879818 60f8dc22fb087ee654ff9375ac38359f
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_arm.deb
Size/MD5 checksum: 26028 3b3bf2cdf56485a29b871274519b6bc6
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_hppa.deb
Size/MD5 checksum: 482842 d5573f24528c510df3144e0096e1a7f1
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_hppa.deb
Size/MD5 checksum: 30270 530aca3cc44c9b4d1afedc89dbb19722
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_i386.deb
Size/MD5 checksum: 24594 2a25218e9ad03594f8c22f884e850cff
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_i386.deb
Size/MD5 checksum: 845868 a4abd61aa97cfb9996e0641c9ed9f378
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_ia64.deb
Size/MD5 checksum: 1101544 a4c3c311105476617a51f6067d91f015
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_ia64.deb
Size/MD5 checksum: 36510 368745aec6d1ea85becb03c0b8028fed
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mips.deb
Size/MD5 checksum: 467426 40b73c7cb6ebb04a02a29663828652d1
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mips.deb
Size/MD5 checksum: 25758 e882e1deca67f0c8860a645a14460967
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mipsel.deb
Size/MD5 checksum: 25730 0e46cf01caa08a6ab71f71a28e2cd8a1
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mipsel.deb
Size/MD5 checksum: 427706 1b8a689d484552d08f564548f4d3abf9
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_powerpc.deb
Size/MD5 checksum: 33080 0f1a2238accd05c53d919b7d3856cca9
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_powerpc.deb
Size/MD5 checksum: 963968 1b0e5da88c0cdf5679d08699a8403173
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_sparc.deb
Size/MD5 checksum: 915706 1c5379e299fea7eb8bceaaa2d01b86af
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_sparc.deb
Size/MD5 checksum: 24820 84a97496ae1366cf589e725ce2d2add9
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.dsc
Size/MD5 checksum: 1704 e31602e616bfb495c440e6ff2d4a8cc4
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.diff.gz
Size/MD5 checksum: 10276 9951858aae15e9eaeeeb8bda63ee49a2
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny2_all.deb
Size/MD5 checksum: 601216 8c425e344795481cb0c7080b7a9bcf27
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_alpha.deb
Size/MD5 checksum: 543736 b6e09d20f6e1a8164bbbae7d22b62e31
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_alpha.deb
Size/MD5 checksum: 32438 ea87852f43bb8c43ae5a339606f7ee1e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_amd64.deb
Size/MD5 checksum: 978978 9f9a77d4efc81fda2cf930dd5fa7a4d2
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_amd64.deb
Size/MD5 checksum: 31546 56c8c4e3e7cfce3a1f7ee50fd2b42697
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_arm.deb
Size/MD5 checksum: 571634 b67876154217a5a0c66c896bec6ef46d
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_arm.deb
Size/MD5 checksum: 29200 4f0a1b4fa67cf8b3dbc6f640768a8a3b
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_armel.deb
Size/MD5 checksum: 572294 919fa4aac6b6c3c44e8dbda6dc8aba3a
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_armel.deb
Size/MD5 checksum: 30012 b3fda0b39e0fe5a94f608b2664076b0e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_hppa.deb
Size/MD5 checksum: 588858 f80e9e8768c7782f14ec9a695b3f0dee
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_hppa.deb
Size/MD5 checksum: 33210 83d6ac320847d66c843d82450fe147ad
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_i386.deb
Size/MD5 checksum: 953792 e9b7136b5706fce67e6ff199b6b85148
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_i386.deb
Size/MD5 checksum: 27806 c70d399a74066ded2a200bce05f857ee
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_ia64.deb
Size/MD5 checksum: 546404 d3c66dbcd96b2c979561ce88130fe4d5
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_ia64.deb
Size/MD5 checksum: 39908 836473e40186da716daa1706b0847b8b
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mips.deb
Size/MD5 checksum: 28564 5d9082f4da49378377cd6f474c5cd2de
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mips.deb
Size/MD5 checksum: 517662 9214d6a0e3c2ea0bb2168407d807231b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mipsel.deb
Size/MD5 checksum: 516288 9a1097c612de8ccc91334e9739d992bc
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mipsel.deb
Size/MD5 checksum: 28586 9bab86b4ac11757c66bfda987415a577
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_powerpc.deb
Size/MD5 checksum: 39032 ac500e3472c118015b8b22716b16663e
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_powerpc.deb
Size/MD5 checksum: 988710 63c40e8f37fd9724ced5c09ec0cebae3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_s390.deb
Size/MD5 checksum: 542084 79beed9662ba01af642d472f4918d720
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_s390.deb
Size/MD5 checksum: 30950 7b4400fe856c9d197da23128e1983b66
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_sparc.deb
Size/MD5 checksum: 28182 0b8f98591ab9dc3650b0951510a80336
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_sparc.deb
Size/MD5 checksum: 1040682 517ca3b7c2ebc8c090e91521b22cd20b
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp/b5UACgkQ62zWxYk/rQeGgACgsOS9mIn5ElhLXjXhpanTM3xX
C1kAoJHPbaMLsDe/P9Haus9eyu+tiBNk
=dXvE
-----END PGP SIGNATURE-----
"
DSA 1836-1: New fckeditor packages fix arbitrary code executionRobbie distracted by Jay Kay
This entry was posted
on 9:32 AM
.
Archives
-
▼
2009
(488)
-
▼
August
(32)
- DSA 1875-1: New ikiwiki packages fix information d...
- USN-822-1: KDE-Libs vulnerabilities
- RHSA-2009:1236-01 Critical: java-1.5.0-ibm securit...
- RHSA-2009:1233-01 Important: kernel security update
- USN-825-1: libvorbis vulnerability
- DSA 1874-1: New nss packages fix several vulnerabi...
- DSA 1873-1: New xulrunner packages fix spoofing vu...
- DSA 1871-2: New wordpress packages fix regression
- DSA 1833-2: New dhcp3 packages fix arbitrary code ...
- DSA 1872-1: New Linux 2.6.18 packages fix several ...
- USN-823-1: KDE-Graphics vulnerabilities
- RHSA-2009:1223-02 Important: kernel security update
- RHSA-2009:1222-02 Important: kernel security and b...
- DSA 1871-1: New wordpress packages fix several vul...
- DSA 1867-1: New kdelibs packages fix several vulne...
- GLSA 200908-09 DokuWiki: Local file inclusion
- USN-817-1: Thunderbird vulnerabilities
- USN-809-1: GnuTLS vulnerabilities
- GLSA 200908-08 ISC DHCP: dhcpd Denial of Service
- USN-818-1: curl vulnerability
- GLSA 200908-10 Dillo: User-assisted execution of ...
- RHSA-2009:1218-01 Critical: pidgin security update
- DSA 1865-1: New Linux 2.6.18 packages fix several ...
- DSA 1863-1: New zope2.10/zope2.9 packages fix arbi...
- RHSA-2009:1207-01 Critical: nspr and nss security ...
- USN-815-1: libxml2 vulnerabilities
- DSA 1862-1: New Linux 2.6.26 packages fix privileg...
- RHSA-2009:1209-01 Moderate: curl security update
- USN-816-1: fetchmail vulnerability
- DSA 1857-1: New camlimages packages fix arbitrary ...
- DSA 1856-1: New mantis packages fix information leak
- DSA 1854-1: New APR packages fix arbitrary code ex...
-
▼
August
(32)