Debian: DSA-1832-1: New camlimages packages fix arbitrary code execution

Date13 Jul 2009

Posted ByLinuxSecurity Advisories

Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.


- ------------------------------------------------------------------------
Debian Security Advisory DSA-1832-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.debian.org/security/                          Thijs Kinkhorst
July 13, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : camlimages
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2009-2295
Debian Bug     : 535909

Tielei Wang discovered that CamlImages, an open source image processing
library, suffers from several integer overflows which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution.

For the old stable distribution (etch), this problem has been fixed in
version 2.20-8+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 2.2.0-4+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.1-2.

We recommend that you upgrade your camlimages package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
    Size/MD5 checksum:     8737 1616ade3176c67bc862f7672d4c056dd
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.dsc
    Size/MD5 checksum:     1196 0407fcb4b885258c0b81e979e03df7c4
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
    Size/MD5 checksum:   599282 578f54fe1370704e0bc80dfdf8a20049

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_alpha.deb
    Size/MD5 checksum:   973198 2d06cc1c9c73ec3a5078df33dde45279
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_alpha.deb
    Size/MD5 checksum:    28966 acc9643b4efed997dcc1f8c1315b3936

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_amd64.deb
    Size/MD5 checksum:    27906 f2fc6d36ca1b496ff82cbe55c975d96d
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb
    Size/MD5 checksum:   870676 b114baff0ce4169f42847cad2f7f87e1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_arm.deb
    Size/MD5 checksum:    25642 a123f0ffd1dcca413f2eca85d047a81c
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb
    Size/MD5 checksum:   885436 99897af751a474b339b8ba01cd10c0b8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_hppa.deb
    Size/MD5 checksum:   482368 635d36e2aec2e709b5b79e8074ab4a24
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_hppa.deb
    Size/MD5 checksum:    29834 b99951421ced2015ed118b4ca60cdde8

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb
    Size/MD5 checksum:    24224 480002667928107c5a379008abcb6710
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
    Size/MD5 checksum:   772576 483bf540a811aa854565ec26f0812de0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_ia64.deb
    Size/MD5 checksum:  1100896 2a5f01d40983c0dbb473f0efbc814b5f
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_ia64.deb
    Size/MD5 checksum:    36206 8bbbfd674e78d5cbfde79761aa935e34

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mips.deb
    Size/MD5 checksum:   467010 de4da1b7baf6df72e8d2efaaa3f92341
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mips.deb
    Size/MD5 checksum:    25614 6504eb3683990a8d733025d05c590534

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mipsel.deb
    Size/MD5 checksum:   427210 a51713da2bc7d1670dc00b99863ca0f2
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    25566 eeb7c800c5cafff30eb2419a2b6c841c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_powerpc.deb
    Size/MD5 checksum:   963708 2cdc2329f6102615fded0b247e8f854b
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    32812 924085f56d6b5e3585fa4017f377b416

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_sparc.deb
    Size/MD5 checksum:    24596 cee3b23510a181598d7a8fa96b1c0d5b
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_sparc.deb
    Size/MD5 checksum:   934718 ebc2899241e369cfbfecce8ce87646c7

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz
    Size/MD5 checksum:     9707 3c88dc5e8528e685876485d310edf1c4
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc
    Size/MD5 checksum:     1993 06d190174afce7dbe2d337bf3577c0a8
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
    Size/MD5 checksum:   601364 577c511958087e582e893a4f174fa31c

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_alpha.deb
    Size/MD5 checksum:    32208 42eb3769e659ddbfdffd9b960412d603
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_alpha.deb
    Size/MD5 checksum:   543084 4c1659b52e35ee819bbca24f917824cd

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_amd64.deb
    Size/MD5 checksum:    31364 6d98eeb479c628858e0bc991637022e5
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_amd64.deb
    Size/MD5 checksum:   978144 c1977ebd20027e74de2f6f297da05e0d

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_arm.deb
    Size/MD5 checksum:    28838 4ceaec79b0cdde93f51e5b49bf61fa05
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_arm.deb
    Size/MD5 checksum:   559286 2801a414b3c5e9002dd40f406dcc4b37

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_armel.deb
    Size/MD5 checksum:    29658 594886fe8311b54fccb61eaee44a3c02
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_armel.deb
    Size/MD5 checksum:   571664 45911009fdefb1ea30130bd33d31c35a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_hppa.deb
    Size/MD5 checksum:   588132 a95c95d82148d7b8b91c836a68ac7385
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_hppa.deb
    Size/MD5 checksum:    32858 1dee58411cfe4a51329df8592dd52a53

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
    Size/MD5 checksum:    27722 dbda0c3362977d516c9b9799a052f330
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
    Size/MD5 checksum:   953866 eebdf69c111869e266fe0d273ffc2f21

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_ia64.deb
    Size/MD5 checksum:   545784 c15dfebf6974c23db3058cccb3d74a97
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_ia64.deb
    Size/MD5 checksum:    39612 126b5b4e7eb783fb3323ff30d38a9468

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mips.deb
    Size/MD5 checksum:   569842 5255f663cb728e93f56bfafc3b5953aa
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mips.deb
    Size/MD5 checksum:    28610 f2b8a4aa2d67d0e59679534b5cbcb93d

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mipsel.deb
    Size/MD5 checksum:   515800 5aba5d1ce2e2ae5d927f111f89eed5c6
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mipsel.deb
    Size/MD5 checksum:    28368 9ec52520ff65438150dfafb89ed3fc0a

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_powerpc.deb
    Size/MD5 checksum:   987998 c9a1362f01e353424e0c028c25dc4d69
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_powerpc.deb
    Size/MD5 checksum:    38676 8317d63a699feeb5bfa7f829f28409b8

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_sparc.deb
    Size/MD5 checksum:   957764 5602e2c367324be5ca5137b8c23cb0ad
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_sparc.deb
    Size/MD5 checksum:    27712 c2c4c2397004024c440721709a45d4cb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and http://packages.debian.org/