Debian: DSA-1717-1: New devil packages fix buffer overflow

    Date05 Feb 2009
    CategoryDebian
    31
    Posted ByLinuxSecurity Advisories
    Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1717                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Steffen Joeris
    February 05, 2009                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : devil
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id         : CVE-2008-5262
    Debian Bugs    : 511844 512122
    
    Stefan Cornelius discovered a buffer overflow in devil, a cross-platform
    image loading and manipulation toolkit, which could be triggered via a
    crafted Radiance RGBE file. This could potentially lead to the execution
    of arbitrary code.
    
    For the stable distribution (etch), this problem has been fixed in
    version 1.6.7-5+etch1.
    
    For the testing distribution (lenny), this problem has been fixed in
    version 1.6.8-rc2-3+lenny1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.7.5-4.
    
    We recommend that you upgrade your devil package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.dsc
        Size/MD5 checksum:      784 00a9a200619160d990ed2a2deeb4238d
      http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.diff.gz
        Size/MD5 checksum:     8379 414a516d9fef38921dbd538d78adcac0
      http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7.orig.tar.gz
        Size/MD5 checksum:  3013312 0d0c3842196d85c4e24bedabcd84f626
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_alpha.deb
        Size/MD5 checksum:   372974 ee2e6a0b9c8df07f1824762d551e042a
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_alpha.deb
        Size/MD5 checksum:   477468 51486ac6ff1b4cd5e7240f310873a7b4
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_amd64.deb
        Size/MD5 checksum:   320946 7a851f7411b600951c6f933008b514c9
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_amd64.deb
        Size/MD5 checksum:   271718 0a202d4d921a1a00a82b3f6f9976e1b6
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_arm.deb
        Size/MD5 checksum:   297386 fb284b115a2d299e59facbfa903130aa
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_arm.deb
        Size/MD5 checksum:   264932 39a535af14195508964c9ca1775c3132
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_hppa.deb
        Size/MD5 checksum:   410562 e34d8590f7c2e05d6cf02a118c211655
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_hppa.deb
        Size/MD5 checksum:   347448 d21505b2fde524a40ee31f0efa12970a
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb
        Size/MD5 checksum:   252798 aca0fc8776489aba07f6a6a103fb52f9
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
        Size/MD5 checksum:   286098 1f1bfc9efdd189ea5b430a50ca281cca
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_ia64.deb
        Size/MD5 checksum:   481276 ad48301776addd355e4ffa46374c84d7
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_ia64.deb
        Size/MD5 checksum:   552778 bd8f6164f68262a7cce113ca541660ef
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mips.deb
        Size/MD5 checksum:   377338 0ce969cf88ed85d64c03211eb2268794
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mips.deb
        Size/MD5 checksum:   301428 8c80a1520fe67db9f79ebcb12570bebc
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mipsel.deb
        Size/MD5 checksum:   376332 4c9b8f756eabdd857d9a17d6a74f9b1c
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mipsel.deb
        Size/MD5 checksum:   302362 ae2dd9e16b1ef239ce1779e16bb89d3e
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_powerpc.deb
        Size/MD5 checksum:   368536 e3b1f038afadaffb44ac17a78cb57f15
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_powerpc.deb
        Size/MD5 checksum:   294498 129bc064f6920f5847a539b42e262e2f
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_s390.deb
        Size/MD5 checksum:   310166 a4e8bfb5603d45fe62e678ac8b2affb8
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_s390.deb
        Size/MD5 checksum:   290248 fc76306188733c38b307662e3105cc70
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_sparc.deb
        Size/MD5 checksum:   276480 1387371202c1c4d72288ba07db4dc20b
      http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_sparc.deb
        Size/MD5 checksum:   329950 50da6f88bfeec78c9a98173a5e254730
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.