Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
DSA 589-1: New libgd1 packages fix arbitrary code execution
Posted by Philipp Esselbach on: 11/09/2004 05:47 PM [ Print | 0 comment(s) ]
A libgd1 update has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 589-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 9th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libgd
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0990
BugTraq ID : 11523
"infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine.
For the stable distribution (woody) these problems have been fixed in version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of libgd2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your libgd1 packages.
---------------------------------------------------------------------------
Debian Security Advisory DSA 589-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 9th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : libgd
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0990
BugTraq ID : 11523
"infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine.
For the stable distribution (woody) these problems have been fixed in version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of libgd2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your libgd1 packages.
Upgrade Instructions
---------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc
Size/MD5 checksum: 707 475a021c51d4a13211a211c17b1551f6
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz
Size/MD5 checksum: 8695 d208e651d9d7eef22fcfd27455335c26
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
Size/MD5 checksum: 559248 813625508e31f5c205904a305bdc8669
Alpha architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 134716 18f7bb31f9c2df1876fcd43ee07cb317
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 133308 800918d9a4c773155bdc1328f8e46119
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 111812 6ac46129674d4377a65140a26c320f3b
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 111188 53f277a1a0b1cd239a42e2f3e9558338
ARM architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 123676 b73ca28de04f8eff9f2f2dc6200ae089
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 123162 2616147546687bef695eaecbe87cd5da
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 104214 ad6dfb3a678252b8aea3f1e942ed9e18
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 103616 b5ed245e0b10ce9248c69a362c0023f4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 121132 5531183a357e500c3ec58f094caf6c89
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 120650 73aa302b99d761988c6be28a0b6a866a
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 104058 f2f25e0c784aa732d5f3a6941faf8d5e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 103526 b315185c17011b5b061b2f660962c04d
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 145576 57beb3ee63cfc0b0f959d8fe28ee73d8
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 144628 c5f3fc093c8f8b8ee02cbc4a434e072a
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 125622 59b992afcbfd47d9cf36a27e9e505472
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 124316 c506be2df33949840ab704c988509975
HP Precision architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 132100 6058fb1f80653f72e0adbce6fcfcb453
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 131300 eb08f0d6d0624e61f73315a4bf577a72
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 111508 7a64ea78b91c49de452ae08ad13508d5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 110998 36efa25648536b0fc132ef8979dced21
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 119284 c82fb2b6d484d42a97c9f0449492ae39
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 118738 5409641a546bcc32425186e2c08460d7
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 102364 8df32eaca36695c625a640aa24c13bce
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 101906 e031bade76cf4ec424ba1e43f435b3fe
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 128900 9aa4a7d18cf202a32be6769266eafb27
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 128158 25a50011dde812a6850fbccb75aff32e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 106426 f4cf28af2cb5191c7d352ead07184fea
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 105842 2132ce70ebf0c291b0b407ff73cea032
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 129090 73d06a669f116d6a748578995daff5e1
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 128270 32154086e87ddd24867be3ba9b95ecc5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 106432 ed6fdd0570066c23e49c5da15d358aa8
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 105872 ff5c9599e2bece96cd180b5a622f6bf7
PowerPC architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 126418 406865e1b60c2c1d608b11f713a60db5
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 125524 ab9460c78e7ae3ccfcddfbbd8c842cce
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 106928 185e67aa0ac4eda2b06c6033f4faf6b3
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 106400 b1520aac55563125eb3abad8866c28a4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 122502 13b4f35fd483d9503cb31f00907e3e41
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 121956 b81e27b20483ed0a4da783867fbcf7b5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 106278 e7ebafa88cb575404ee952ca8a515423
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 105686 152394d7f0ff8c6d42f9eb0d80fe7c21
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 123342 ae43cdd72272edac59d42717c4892024
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 122820 ac87eae8ec44e4efb5ed241dc74b2b76
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 104754 3d712ec702de16480f53424644ec78cd
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 104506 34360c4b52b08560e17af05c557c2fbe
These files will probably be moved into the stable distribution on its next update.
---------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
---------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc
Size/MD5 checksum: 707 475a021c51d4a13211a211c17b1551f6
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz
Size/MD5 checksum: 8695 d208e651d9d7eef22fcfd27455335c26
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
Size/MD5 checksum: 559248 813625508e31f5c205904a305bdc8669
Alpha architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 134716 18f7bb31f9c2df1876fcd43ee07cb317
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 133308 800918d9a4c773155bdc1328f8e46119
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 111812 6ac46129674d4377a65140a26c320f3b
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb
Size/MD5 checksum: 111188 53f277a1a0b1cd239a42e2f3e9558338
ARM architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 123676 b73ca28de04f8eff9f2f2dc6200ae089
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 123162 2616147546687bef695eaecbe87cd5da
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 104214 ad6dfb3a678252b8aea3f1e942ed9e18
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb
Size/MD5 checksum: 103616 b5ed245e0b10ce9248c69a362c0023f4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 121132 5531183a357e500c3ec58f094caf6c89
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 120650 73aa302b99d761988c6be28a0b6a866a
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 104058 f2f25e0c784aa732d5f3a6941faf8d5e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb
Size/MD5 checksum: 103526 b315185c17011b5b061b2f660962c04d
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 145576 57beb3ee63cfc0b0f959d8fe28ee73d8
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 144628 c5f3fc093c8f8b8ee02cbc4a434e072a
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 125622 59b992afcbfd47d9cf36a27e9e505472
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb
Size/MD5 checksum: 124316 c506be2df33949840ab704c988509975
HP Precision architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 132100 6058fb1f80653f72e0adbce6fcfcb453
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 131300 eb08f0d6d0624e61f73315a4bf577a72
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 111508 7a64ea78b91c49de452ae08ad13508d5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb
Size/MD5 checksum: 110998 36efa25648536b0fc132ef8979dced21
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 119284 c82fb2b6d484d42a97c9f0449492ae39
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 118738 5409641a546bcc32425186e2c08460d7
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 102364 8df32eaca36695c625a640aa24c13bce
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb
Size/MD5 checksum: 101906 e031bade76cf4ec424ba1e43f435b3fe
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 128900 9aa4a7d18cf202a32be6769266eafb27
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 128158 25a50011dde812a6850fbccb75aff32e
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 106426 f4cf28af2cb5191c7d352ead07184fea
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb
Size/MD5 checksum: 105842 2132ce70ebf0c291b0b407ff73cea032
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 129090 73d06a669f116d6a748578995daff5e1
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 128270 32154086e87ddd24867be3ba9b95ecc5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 106432 ed6fdd0570066c23e49c5da15d358aa8
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb
Size/MD5 checksum: 105872 ff5c9599e2bece96cd180b5a622f6bf7
PowerPC architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 126418 406865e1b60c2c1d608b11f713a60db5
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 125524 ab9460c78e7ae3ccfcddfbbd8c842cce
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 106928 185e67aa0ac4eda2b06c6033f4faf6b3
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb
Size/MD5 checksum: 106400 b1520aac55563125eb3abad8866c28a4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 122502 13b4f35fd483d9503cb31f00907e3e41
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 121956 b81e27b20483ed0a4da783867fbcf7b5
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 106278 e7ebafa88cb575404ee952ca8a515423
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb
Size/MD5 checksum: 105686 152394d7f0ff8c6d42f9eb0d80fe7c21
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 123342 ae43cdd72272edac59d42717c4892024
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 122820 ac87eae8ec44e4efb5ed241dc74b2b76
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 104754 3d712ec702de16480f53424644ec78cd
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb
Size/MD5 checksum: 104506 34360c4b52b08560e17af05c557c2fbe
These files will probably be moved into the stable distribution on its next update.
