Debian: DSA-1832-1: New camlimages packages fix arbitrary code execution

Date 13 Jul 2009
Category Debian Linux Distribution - Security Advisories
111
Posted By LinuxSecurity Advisories
Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1832-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                          Thijs Kinkhorst
July 13, 2009                         https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : camlimages
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2009-2295
Debian Bug     : 535909

Tielei Wang discovered that CamlImages, an open source image processing
library, suffers from several integer overflows which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution.

For the old stable distribution (etch), this problem has been fixed in
version 2.20-8+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 2.2.0-4+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.1-2.

We recommend that you upgrade your camlimages package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
    Size/MD5 checksum:     8737 1616ade3176c67bc862f7672d4c056dd
  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.dsc
    Size/MD5 checksum:     1196 0407fcb4b885258c0b81e979e03df7c4
  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
    Size/MD5 checksum:   599282 578f54fe1370704e0bc80dfdf8a20049

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_alpha.deb
    Size/MD5 checksum:   973198 2d06cc1c9c73ec3a5078df33dde45279
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_alpha.deb
    Size/MD5 checksum:    28966 acc9643b4efed997dcc1f8c1315b3936

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_amd64.deb
    Size/MD5 checksum:    27906 f2fc6d36ca1b496ff82cbe55c975d96d
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb
    Size/MD5 checksum:   870676 b114baff0ce4169f42847cad2f7f87e1

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_arm.deb
    Size/MD5 checksum:    25642 a123f0ffd1dcca413f2eca85d047a81c
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb
    Size/MD5 checksum:   885436 99897af751a474b339b8ba01cd10c0b8

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_hppa.deb
    Size/MD5 checksum:   482368 635d36e2aec2e709b5b79e8074ab4a24
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_hppa.deb
    Size/MD5 checksum:    29834 b99951421ced2015ed118b4ca60cdde8

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb
    Size/MD5 checksum:    24224 480002667928107c5a379008abcb6710
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
    Size/MD5 checksum:   772576 483bf540a811aa854565ec26f0812de0

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_ia64.deb
    Size/MD5 checksum:  1100896 2a5f01d40983c0dbb473f0efbc814b5f
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_ia64.deb
    Size/MD5 checksum:    36206 8bbbfd674e78d5cbfde79761aa935e34

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mips.deb
    Size/MD5 checksum:   467010 de4da1b7baf6df72e8d2efaaa3f92341
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mips.deb
    Size/MD5 checksum:    25614 6504eb3683990a8d733025d05c590534

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mipsel.deb
    Size/MD5 checksum:   427210 a51713da2bc7d1670dc00b99863ca0f2
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    25566 eeb7c800c5cafff30eb2419a2b6c841c

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_powerpc.deb
    Size/MD5 checksum:   963708 2cdc2329f6102615fded0b247e8f854b
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    32812 924085f56d6b5e3585fa4017f377b416

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_sparc.deb
    Size/MD5 checksum:    24596 cee3b23510a181598d7a8fa96b1c0d5b
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_sparc.deb
    Size/MD5 checksum:   934718 ebc2899241e369cfbfecce8ce87646c7

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz
    Size/MD5 checksum:     9707 3c88dc5e8528e685876485d310edf1c4
  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc
    Size/MD5 checksum:     1993 06d190174afce7dbe2d337bf3577c0a8
  https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
    Size/MD5 checksum:   601364 577c511958087e582e893a4f174fa31c

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_alpha.deb
    Size/MD5 checksum:    32208 42eb3769e659ddbfdffd9b960412d603
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_alpha.deb
    Size/MD5 checksum:   543084 4c1659b52e35ee819bbca24f917824cd

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_amd64.deb
    Size/MD5 checksum:    31364 6d98eeb479c628858e0bc991637022e5
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_amd64.deb
    Size/MD5 checksum:   978144 c1977ebd20027e74de2f6f297da05e0d

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_arm.deb
    Size/MD5 checksum:    28838 4ceaec79b0cdde93f51e5b49bf61fa05
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_arm.deb
    Size/MD5 checksum:   559286 2801a414b3c5e9002dd40f406dcc4b37

armel architecture (ARM EABI)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_armel.deb
    Size/MD5 checksum:    29658 594886fe8311b54fccb61eaee44a3c02
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_armel.deb
    Size/MD5 checksum:   571664 45911009fdefb1ea30130bd33d31c35a

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_hppa.deb
    Size/MD5 checksum:   588132 a95c95d82148d7b8b91c836a68ac7385
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_hppa.deb
    Size/MD5 checksum:    32858 1dee58411cfe4a51329df8592dd52a53

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
    Size/MD5 checksum:    27722 dbda0c3362977d516c9b9799a052f330
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
    Size/MD5 checksum:   953866 eebdf69c111869e266fe0d273ffc2f21

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_ia64.deb
    Size/MD5 checksum:   545784 c15dfebf6974c23db3058cccb3d74a97
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_ia64.deb
    Size/MD5 checksum:    39612 126b5b4e7eb783fb3323ff30d38a9468

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mips.deb
    Size/MD5 checksum:   569842 5255f663cb728e93f56bfafc3b5953aa
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mips.deb
    Size/MD5 checksum:    28610 f2b8a4aa2d67d0e59679534b5cbcb93d

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mipsel.deb
    Size/MD5 checksum:   515800 5aba5d1ce2e2ae5d927f111f89eed5c6
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mipsel.deb
    Size/MD5 checksum:    28368 9ec52520ff65438150dfafb89ed3fc0a

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_powerpc.deb
    Size/MD5 checksum:   987998 c9a1362f01e353424e0c028c25dc4d69
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_powerpc.deb
    Size/MD5 checksum:    38676 8317d63a699feeb5bfa7f829f28409b8

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_sparc.deb
    Size/MD5 checksum:   957764 5602e2c367324be5ca5137b8c23cb0ad
  https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_sparc.deb
    Size/MD5 checksum:    27712 c2c4c2397004024c440721709a45d4cb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and https://packages.debian.org/