Debian: DSA-1832-1: New camlimages packages fix arbitrary code execution
Debian: DSA-1832-1: New camlimages packages fix arbitrary code execution
Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1832-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Thijs Kinkhorst July 13, 2009 https://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : camlimages Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-2295 Debian Bug : 535909 Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. For the old stable distribution (etch), this problem has been fixed in version 2.20-8+etch1. For the stable distribution (lenny), this problem has been fixed in version 2.2.0-4+lenny1. For the unstable distribution (sid), this problem has been fixed in version 3.0.1-2. We recommend that you upgrade your camlimages package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz Size/MD5 checksum: 8737 1616ade3176c67bc862f7672d4c056dd https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.dsc Size/MD5 checksum: 1196 0407fcb4b885258c0b81e979e03df7c4 https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4 Architecture independent packages: https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb Size/MD5 checksum: 599282 578f54fe1370704e0bc80dfdf8a20049 alpha architecture (DEC Alpha) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_alpha.deb Size/MD5 checksum: 973198 2d06cc1c9c73ec3a5078df33dde45279 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_alpha.deb Size/MD5 checksum: 28966 acc9643b4efed997dcc1f8c1315b3936 amd64 architecture (AMD x86_64 (AMD64)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_amd64.deb Size/MD5 checksum: 27906 f2fc6d36ca1b496ff82cbe55c975d96d https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb Size/MD5 checksum: 870676 b114baff0ce4169f42847cad2f7f87e1 arm architecture (ARM) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_arm.deb Size/MD5 checksum: 25642 a123f0ffd1dcca413f2eca85d047a81c https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb Size/MD5 checksum: 885436 99897af751a474b339b8ba01cd10c0b8 hppa architecture (HP PA RISC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_hppa.deb Size/MD5 checksum: 482368 635d36e2aec2e709b5b79e8074ab4a24 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_hppa.deb Size/MD5 checksum: 29834 b99951421ced2015ed118b4ca60cdde8 i386 architecture (Intel ia32) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb Size/MD5 checksum: 24224 480002667928107c5a379008abcb6710 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb Size/MD5 checksum: 772576 483bf540a811aa854565ec26f0812de0 ia64 architecture (Intel ia64) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_ia64.deb Size/MD5 checksum: 1100896 2a5f01d40983c0dbb473f0efbc814b5f https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_ia64.deb Size/MD5 checksum: 36206 8bbbfd674e78d5cbfde79761aa935e34 mips architecture (MIPS (Big Endian)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mips.deb Size/MD5 checksum: 467010 de4da1b7baf6df72e8d2efaaa3f92341 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mips.deb Size/MD5 checksum: 25614 6504eb3683990a8d733025d05c590534 mipsel architecture (MIPS (Little Endian)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mipsel.deb Size/MD5 checksum: 427210 a51713da2bc7d1670dc00b99863ca0f2 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mipsel.deb Size/MD5 checksum: 25566 eeb7c800c5cafff30eb2419a2b6c841c powerpc architecture (PowerPC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_powerpc.deb Size/MD5 checksum: 963708 2cdc2329f6102615fded0b247e8f854b https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_powerpc.deb Size/MD5 checksum: 32812 924085f56d6b5e3585fa4017f377b416 sparc architecture (Sun SPARC/UltraSPARC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_sparc.deb Size/MD5 checksum: 24596 cee3b23510a181598d7a8fa96b1c0d5b https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_sparc.deb Size/MD5 checksum: 934718 ebc2899241e369cfbfecce8ce87646c7 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz Size/MD5 checksum: 9707 3c88dc5e8528e685876485d310edf1c4 https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc Size/MD5 checksum: 1993 06d190174afce7dbe2d337bf3577c0a8 https://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4 Architecture independent packages: https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb Size/MD5 checksum: 601364 577c511958087e582e893a4f174fa31c alpha architecture (DEC Alpha) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_alpha.deb Size/MD5 checksum: 32208 42eb3769e659ddbfdffd9b960412d603 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_alpha.deb Size/MD5 checksum: 543084 4c1659b52e35ee819bbca24f917824cd amd64 architecture (AMD x86_64 (AMD64)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_amd64.deb Size/MD5 checksum: 31364 6d98eeb479c628858e0bc991637022e5 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_amd64.deb Size/MD5 checksum: 978144 c1977ebd20027e74de2f6f297da05e0d arm architecture (ARM) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_arm.deb Size/MD5 checksum: 28838 4ceaec79b0cdde93f51e5b49bf61fa05 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_arm.deb Size/MD5 checksum: 559286 2801a414b3c5e9002dd40f406dcc4b37 armel architecture (ARM EABI) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_armel.deb Size/MD5 checksum: 29658 594886fe8311b54fccb61eaee44a3c02 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_armel.deb Size/MD5 checksum: 571664 45911009fdefb1ea30130bd33d31c35a hppa architecture (HP PA RISC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_hppa.deb Size/MD5 checksum: 588132 a95c95d82148d7b8b91c836a68ac7385 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_hppa.deb Size/MD5 checksum: 32858 1dee58411cfe4a51329df8592dd52a53 i386 architecture (Intel ia32) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb Size/MD5 checksum: 27722 dbda0c3362977d516c9b9799a052f330 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb Size/MD5 checksum: 953866 eebdf69c111869e266fe0d273ffc2f21 ia64 architecture (Intel ia64) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_ia64.deb Size/MD5 checksum: 545784 c15dfebf6974c23db3058cccb3d74a97 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_ia64.deb Size/MD5 checksum: 39612 126b5b4e7eb783fb3323ff30d38a9468 mips architecture (MIPS (Big Endian)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mips.deb Size/MD5 checksum: 569842 5255f663cb728e93f56bfafc3b5953aa https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mips.deb Size/MD5 checksum: 28610 f2b8a4aa2d67d0e59679534b5cbcb93d mipsel architecture (MIPS (Little Endian)) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mipsel.deb Size/MD5 checksum: 515800 5aba5d1ce2e2ae5d927f111f89eed5c6 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mipsel.deb Size/MD5 checksum: 28368 9ec52520ff65438150dfafb89ed3fc0a powerpc architecture (PowerPC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_powerpc.deb Size/MD5 checksum: 987998 c9a1362f01e353424e0c028c25dc4d69 https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_powerpc.deb Size/MD5 checksum: 38676 8317d63a699feeb5bfa7f829f28409b8 sparc architecture (Sun SPARC/UltraSPARC) https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_sparc.deb Size/MD5 checksum: 957764 5602e2c367324be5ca5137b8c23cb0ad https://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_sparc.deb Size/MD5 checksum: 27712 c2c4c2397004024c440721709a45d4cb These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show' and https://packages.debian.org/