-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1796-1                    security@debian.org
http://www.debian.org/security/                                 Nico Golde
April 7th, 2009                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libwmf
Vulnerability  : pointer use-after-free
Problem type   : local (remote)
Debian-specific: no
Debian bug     : 526434
CVE ID         : CVE-2009-1364


Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed.  An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.


For the oldstable distribution (etch), this problem has been fixed in
version 0.2.8.4-2+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 0.2.8.4-6+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.4-6.1.


We recommend that you upgrade your libwmf packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     7644 2b4fed248a00761fd52d0121b1a85bc3
      Size/MD5 checksum:      777 3cee5266c519e54d0da6af8e7bfce4fb
      Size/MD5 checksum:  2169375 d1177739bf1ceb07f57421f0cee191e0

Architecture independent packages:

      Size/MD5 checksum:   285000 dad2e5a29f12e8eb1044aa0e8711f9ca

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    20778 cb687c76275147f88647cc66432c7e19
      Size/MD5 checksum:   266074 b339918318e45eb257f17a118189ce84
      Size/MD5 checksum:   202096 d17c7648e7a36c487cc350a2337a9895

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:    18236 c297e08f3ef5b051539e953e86c079ef
      Size/MD5 checksum:   181534 84d6098d1c8664b140af1133a2131a21
      Size/MD5 checksum:   207970 38bb87b9709162127b1781f1f94faabd

arm architecture (ARM)

      Size/MD5 checksum:    17282 babef9667a9f4b08caefd35768a3a46d
      Size/MD5 checksum:   193728 e746d7645a15cd86949b100cdf45b40d
      Size/MD5 checksum:   171004 5a3619cbce2f2a5c372b95264b89deeb

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   233692 cd29f5b00baf76ff13024fbb86f6d9e3
      Size/MD5 checksum:   199222 8065d7a00098dc8369db734a05b9c17f
      Size/MD5 checksum:    20012 248ff058981781eb05dd840e267be350

i386 architecture (Intel ia32)

      Size/MD5 checksum:    16972 6c9b82eb6ec8bae312e3b9560287f128
      Size/MD5 checksum:   173774 574bd6bfae2c31dd6b327adbc3f8198e
      Size/MD5 checksum:   196458 fd9303e305f980531f7189bde27cf9d2

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   302452 52a71013e006a01c8c9fa9812dcbbce8
      Size/MD5 checksum:    26150 8d4c7ca669c634d5a4a0c038f603f8b8
      Size/MD5 checksum:   264844 21f1ff094fd730d04e7e2b4377b874f6

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   229336 d52a35cbfe9b5bc6791f43b894f6bda8
      Size/MD5 checksum:   176096 5dc5d4b8417ddcdca85ccac83c7072ef
      Size/MD5 checksum:    18994 80122014dde275e45efb64b4451603e8

powerpc architecture (PowerPC)

      Size/MD5 checksum:   186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b
      Size/MD5 checksum:   207140 10bbafbc62f653e29b2f8c88bbdd9b02
      Size/MD5 checksum:    22900 543ae9e4df3d297121f899b634636713

s390 architecture (IBM S/390)

      Size/MD5 checksum:    18116 1206f23d337f638a7bf405fae7f9a7a1
      Size/MD5 checksum:   203422 4d8465b694e76c2b5a58d3787b4914c6
      Size/MD5 checksum:   183234 639d7e103590d7688224d9f5502126b0

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   173576 4d7b14354b5c143ed4fa096bbcb1a752
      Size/MD5 checksum:   203976 f319ee7010a0efd187db5023359a8beb
      Size/MD5 checksum:    17268 bb5de5301730ce0cd417e6e945838512


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     7894 4f82263c3909e9b63e0cbc7ed10e997d
      Size/MD5 checksum:  2169375 d1177739bf1ceb07f57421f0cee191e0
      Size/MD5 checksum:     1195 ca8aa8b0ca3a03408032af1ff3882569

Architecture independent packages:

      Size/MD5 checksum:   285920 c5388d928771785efcbf9cecb6c589a1

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    20598 d06f257a8d9ac39374bd69327bb44856
      Size/MD5 checksum:   263434 8daea32a448767b08e888f051dcc95f7
      Size/MD5 checksum:   203738 e9ac47fa10381c5510c5ace60b920c1a

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:    18992 49529a2273c18658ed927016b33e0ff5
      Size/MD5 checksum:   186908 79c5cf0608709bb8a8e52547a050e94c
      Size/MD5 checksum:   210036 b933a8713fee44409613401692602bc9

arm architecture (ARM)

      Size/MD5 checksum:    16936 de40799cfcd047a65470c67d90c99996
      Size/MD5 checksum:   173436 7ac2f9516551b7e87c58e9b3c90c4aae
      Size/MD5 checksum:   193904 70ff03d5f3353a7921b9e64a7d575865

armel architecture (ARM EABI)

      Size/MD5 checksum:   181438 af85015b825f8ff0afe5013b9198f612
      Size/MD5 checksum:    18334 5b6ebb4cf15385f5ee4cb5994ceca5e0
      Size/MD5 checksum:   199168 ac0f164a3f1cb5773351026db81c3b4a

hppa architecture (HP PA RISC)

      Size/MD5 checksum:    19770 3bef399e7872f710e425bd4f9e4327a6
      Size/MD5 checksum:   201662 faf3930f62f1e8040b98df980e011b57
      Size/MD5 checksum:   236120 f92e57dfc0f888949f2d54f6ee9687a1

i386 architecture (Intel ia32)

      Size/MD5 checksum:   176452 a70ddf1417312c0acad56e05403b8875
      Size/MD5 checksum:   194024 f3d7fb16b81a8df01eccb01dfce91cc4
      Size/MD5 checksum:    16928 572efd6f96ec0aad181fea0ba46e96f2

ia64 architecture (Intel ia64)

      Size/MD5 checksum:    25766 6dc665e9ced6a39c279eb93abcf1469f
      Size/MD5 checksum:   304474 60d47ed04099d9128c255097536b59fd
      Size/MD5 checksum:   270232 6e92952dc90896353b46392f2a5d0edb

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:    18192 c962575a11e80c524148034e335c02b3
      Size/MD5 checksum:   229846 23e8811e367af817997a8dc2c87f45c7
      Size/MD5 checksum:   179160 907f41074981099e5b970ba373770483

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   223738 d719ba660f5a356e982fd173f51bcf73
      Size/MD5 checksum:    17854 8f1b053ebe04427d7ecdbad974865302
      Size/MD5 checksum:   180004 4effa6b4a227d70e574106d88150660d

powerpc architecture (PowerPC)

      Size/MD5 checksum:   214354 e7433c7790e0b0456c415d84c9dd7cd2
      Size/MD5 checksum:    27392 7282af7c836ee8c2339e48f04885e955
      Size/MD5 checksum:   196128 61d4022bd0ac9028e6fac9b8521a3fd3

s390 architecture (IBM S/390)

      Size/MD5 checksum:   203604 6195247347970250b62101f6b798409b
      Size/MD5 checksum:    18624 3c2be19a55bb550e1a6383b93f0eda9e
      Size/MD5 checksum:   186986 17b24ed61aea2f6153f700378d512e02

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   177318 02b2b31bb88340a03e58ad679370e3aa
      Size/MD5 checksum:   200278 9e0041b2d3b87acfbcf9fd1790677859
      Size/MD5 checksum:    17748 5f0f3860c1af2bba8e6a77cb9ed67cca


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1796-1: New libwmf packages fix denial of service

May 7, 2009

Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed

Summary

Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed. An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.

For the oldstable distribution (etch), this problem has been fixed in
version 0.2.8.4-2+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 0.2.8.4-6+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.4-6.1.

We recommend that you upgrade your libwmf packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 7644 2b4fed248a00761fd52d0121b1a85bc3
Size/MD5 checksum: 777 3cee5266c519e54d0da6af8e7bfce4fb
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0

Architecture independent packages:

Size/MD5 checksum: 285000 dad2e5a29f12e8eb1044aa0e8711f9ca

alpha architecture (DEC Alpha)

Size/MD5 checksum: 20778 cb687c76275147f88647cc66432c7e19
Size/MD5 checksum: 266074 b339918318e45eb257f17a118189ce84
Size/MD5 checksum: 202096 d17c7648e7a36c487cc350a2337a9895

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 18236 c297e08f3ef5b051539e953e86c079ef
Size/MD5 checksum: 181534 84d6098d1c8664b140af1133a2131a21
Size/MD5 checksum: 207970 38bb87b9709162127b1781f1f94faabd

arm architecture (ARM)

Size/MD5 checksum: 17282 babef9667a9f4b08caefd35768a3a46d
Size/MD5 checksum: 193728 e746d7645a15cd86949b100cdf45b40d
Size/MD5 checksum: 171004 5a3619cbce2f2a5c372b95264b89deeb

hppa architecture (HP PA RISC)

Size/MD5 checksum: 233692 cd29f5b00baf76ff13024fbb86f6d9e3
Size/MD5 checksum: 199222 8065d7a00098dc8369db734a05b9c17f
Size/MD5 checksum: 20012 248ff058981781eb05dd840e267be350

i386 architecture (Intel ia32)

Size/MD5 checksum: 16972 6c9b82eb6ec8bae312e3b9560287f128
Size/MD5 checksum: 173774 574bd6bfae2c31dd6b327adbc3f8198e
Size/MD5 checksum: 196458 fd9303e305f980531f7189bde27cf9d2

ia64 architecture (Intel ia64)

Size/MD5 checksum: 302452 52a71013e006a01c8c9fa9812dcbbce8
Size/MD5 checksum: 26150 8d4c7ca669c634d5a4a0c038f603f8b8
Size/MD5 checksum: 264844 21f1ff094fd730d04e7e2b4377b874f6

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 229336 d52a35cbfe9b5bc6791f43b894f6bda8
Size/MD5 checksum: 176096 5dc5d4b8417ddcdca85ccac83c7072ef
Size/MD5 checksum: 18994 80122014dde275e45efb64b4451603e8

powerpc architecture (PowerPC)

Size/MD5 checksum: 186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b
Size/MD5 checksum: 207140 10bbafbc62f653e29b2f8c88bbdd9b02
Size/MD5 checksum: 22900 543ae9e4df3d297121f899b634636713

s390 architecture (IBM S/390)

Size/MD5 checksum: 18116 1206f23d337f638a7bf405fae7f9a7a1
Size/MD5 checksum: 203422 4d8465b694e76c2b5a58d3787b4914c6
Size/MD5 checksum: 183234 639d7e103590d7688224d9f5502126b0

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 173576 4d7b14354b5c143ed4fa096bbcb1a752
Size/MD5 checksum: 203976 f319ee7010a0efd187db5023359a8beb
Size/MD5 checksum: 17268 bb5de5301730ce0cd417e6e945838512

Debian GNU/Linux 5.0 alias lenny

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 7894 4f82263c3909e9b63e0cbc7ed10e997d
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0
Size/MD5 checksum: 1195 ca8aa8b0ca3a03408032af1ff3882569

Architecture independent packages:

Size/MD5 checksum: 285920 c5388d928771785efcbf9cecb6c589a1

alpha architecture (DEC Alpha)

Size/MD5 checksum: 20598 d06f257a8d9ac39374bd69327bb44856
Size/MD5 checksum: 263434 8daea32a448767b08e888f051dcc95f7
Size/MD5 checksum: 203738 e9ac47fa10381c5510c5ace60b920c1a

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 18992 49529a2273c18658ed927016b33e0ff5
Size/MD5 checksum: 186908 79c5cf0608709bb8a8e52547a050e94c
Size/MD5 checksum: 210036 b933a8713fee44409613401692602bc9

arm architecture (ARM)

Size/MD5 checksum: 16936 de40799cfcd047a65470c67d90c99996
Size/MD5 checksum: 173436 7ac2f9516551b7e87c58e9b3c90c4aae
Size/MD5 checksum: 193904 70ff03d5f3353a7921b9e64a7d575865

armel architecture (ARM EABI)

Size/MD5 checksum: 181438 af85015b825f8ff0afe5013b9198f612
Size/MD5 checksum: 18334 5b6ebb4cf15385f5ee4cb5994ceca5e0
Size/MD5 checksum: 199168 ac0f164a3f1cb5773351026db81c3b4a

hppa architecture (HP PA RISC)

Size/MD5 checksum: 19770 3bef399e7872f710e425bd4f9e4327a6
Size/MD5 checksum: 201662 faf3930f62f1e8040b98df980e011b57
Size/MD5 checksum: 236120 f92e57dfc0f888949f2d54f6ee9687a1

i386 architecture (Intel ia32)

Size/MD5 checksum: 176452 a70ddf1417312c0acad56e05403b8875
Size/MD5 checksum: 194024 f3d7fb16b81a8df01eccb01dfce91cc4
Size/MD5 checksum: 16928 572efd6f96ec0aad181fea0ba46e96f2

ia64 architecture (Intel ia64)

Size/MD5 checksum: 25766 6dc665e9ced6a39c279eb93abcf1469f
Size/MD5 checksum: 304474 60d47ed04099d9128c255097536b59fd
Size/MD5 checksum: 270232 6e92952dc90896353b46392f2a5d0edb

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 18192 c962575a11e80c524148034e335c02b3
Size/MD5 checksum: 229846 23e8811e367af817997a8dc2c87f45c7
Size/MD5 checksum: 179160 907f41074981099e5b970ba373770483

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 223738 d719ba660f5a356e982fd173f51bcf73
Size/MD5 checksum: 17854 8f1b053ebe04427d7ecdbad974865302
Size/MD5 checksum: 180004 4effa6b4a227d70e574106d88150660d

powerpc architecture (PowerPC)

Size/MD5 checksum: 214354 e7433c7790e0b0456c415d84c9dd7cd2
Size/MD5 checksum: 27392 7282af7c836ee8c2339e48f04885e955
Size/MD5 checksum: 196128 61d4022bd0ac9028e6fac9b8521a3fd3

s390 architecture (IBM S/390)

Size/MD5 checksum: 203604 6195247347970250b62101f6b798409b
Size/MD5 checksum: 18624 3c2be19a55bb550e1a6383b93f0eda9e
Size/MD5 checksum: 186986 17b24ed61aea2f6153f700378d512e02

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 177318 02b2b31bb88340a03e58ad679370e3aa
Size/MD5 checksum: 200278 9e0041b2d3b87acfbcf9fd1790677859
Size/MD5 checksum: 17748 5f0f3860c1af2bba8e6a77cb9ed67cca

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/