Debian: DSA-2026-1: New netpbm-free packages fix denial of service

    Date02 Apr 2010
    CategoryDebian
    24
    Posted ByLinuxSecurity Advisories
    Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2026-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                        Giuseppe Iuculano
    April 02, 2010                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : netpbm-free
    Vulnerability  : stack-based buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id         : CVE-2009-4274
    Debian Bug     : 569060
    
    
    Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader
    implementation in netpbm-free, a suite of image manipulation utilities.
    An attacker could cause a denial of service (application crash) or possibly
    execute arbitrary code via an XPM image file that contains a crafted header
    field associated with a large color index value.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2:10.0-12+lenny1.
    
    For the testing distribution (squeeze), this problem has been fixed in
    version 2:10.0-12.1+squeeze1.
    
    For the unstable distribution (sid), this problem will be fixed soon.
    
    
    Due to a problem with the archive system it is not possible to release
    all architectures. The missing architectures will be installed into the
    archive once they become available.
    
    We recommend that you upgrade your netpbm-free package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc
        Size/MD5 checksum:     1170 fa9aeb6e0fea3225fd5052b0ec0367a1
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
        Size/MD5 checksum:  1926538 985e9f6d531ac0b2004f5cbebdeea87d
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz
        Size/MD5 checksum:    50581 1c11ea48609ce48dd8033e076d5600a4
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb
        Size/MD5 checksum:    85754 ee6a4c6985623b01251b2eea34f3b0ed
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
        Size/MD5 checksum:    77066 3f446c0ba741db2fa3bcfd23d364dd49
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb
        Size/MD5 checksum:  1418402 ae06867d12399db5347715dc4ec2a7a9
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb
        Size/MD5 checksum:   138666 7a9f884eb231e458af1ecf0f3eccfa95
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb
        Size/MD5 checksum:   139220 815b677ff56f0ca1d565f9d0ae0fd783
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb
        Size/MD5 checksum:  1316736 fcc0ee53a1e98cdd555bf64082dff7de
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
        Size/MD5 checksum:   121202 7b8458cfacab39974af0455f6cd1d740
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb
        Size/MD5 checksum:    79746 56f418df417d027e2424d57ac6196718
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb
        Size/MD5 checksum:    71600 0f9251a5ac278afd7c9ac0def7f542aa
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb
        Size/MD5 checksum:   121328 efaf769ff3769c8253af36a20facd612
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb
        Size/MD5 checksum:   110038 de55f1c7285508902453d36280a3473a
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
        Size/MD5 checksum:    70448 9258f240185bff2f2aeb6e2acf7abe07
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb
        Size/MD5 checksum:  1289442 e2155667bdef26b4a56082d1954aede2
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb
        Size/MD5 checksum:    62610 88cb6d123e7585524c455f84cf7eee06
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb
        Size/MD5 checksum:   109408 cb72adb5662a710cb95884cb7c7c3486
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb
        Size/MD5 checksum:  1346838 74780ea09c6a52978e099966c7b082c8
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
        Size/MD5 checksum:    73150 69b0a60700bcfcf7dd2f4ff0fd9d3639
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb
        Size/MD5 checksum:   111376 7a1c83e484415ed1612f7dbda0759a4b
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb
        Size/MD5 checksum:   111524 26ce44e801847b99eb7ff4182a2ac513
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb
        Size/MD5 checksum:    65690 424c79bb258ae1060dc3c162a6a224ff
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb
        Size/MD5 checksum:   128068 e89b255509ae53d3d471b3ea6b61a327
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb
        Size/MD5 checksum:  1353520 91538d1fbce976a3da0fce0686d266d7
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_hppa.deb
        Size/MD5 checksum:    83408 d64f90b2130a88a04ed91743a6b8c80d
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_hppa.deb
        Size/MD5 checksum:   127756 1a0ef4c73e013fc76812421d62b4f725
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_hppa.deb
        Size/MD5 checksum:    73956 2d9790dbc1b51b84c13ee3655a8f9c5f
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_i386.deb
        Size/MD5 checksum:    71320 cd5419ceca00a00137544292cc81e65d
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb
        Size/MD5 checksum:   112556 415cddd4ba07fa6c2d88728c6aa771ab
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_i386.deb
        Size/MD5 checksum:    65948 2bd2b8060fa1ad585f40c2b523e26ef2
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_i386.deb
        Size/MD5 checksum:  1232756 4cdd10ae0b4fc3c29b8e48b22db4b2ab
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_i386.deb
        Size/MD5 checksum:   112684 0c1eba758b1e845e998ec05dd2a20184
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_ia64.deb
        Size/MD5 checksum:   151460 24ce4061a129d4b7487269b52bd981ad
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb
        Size/MD5 checksum:   102784 a11907eeb23bd601e1fd1fe6f6b5b97d
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_ia64.deb
        Size/MD5 checksum:  1801030 c2d3b4e5df13a19fc37d3eae936f4242
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_ia64.deb
        Size/MD5 checksum:   150852 0e92c75557c5abc011209f997511b529
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_ia64.deb
        Size/MD5 checksum:    93860 74dcc6fe263a10b582a9f3338ac5678f
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_powerpc.deb
        Size/MD5 checksum:    72810 9246b314de363fb063d622c8dda26ad5
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb
        Size/MD5 checksum:   121484 aec4928130710350d2f27799cfc93199
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_powerpc.deb
        Size/MD5 checksum:  1609076 8b142b29702b3b31772bbad6be09f667
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_powerpc.deb
        Size/MD5 checksum:   121488 32334965bde2c40bb1af211918884e6a
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_powerpc.deb
        Size/MD5 checksum:    85750 6fdf0f2c35f64a7828ac266d3cf32753
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_sparc.deb
        Size/MD5 checksum:  1247660 f7a873f8aec06b1226adfd146ebd7582
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb
        Size/MD5 checksum:    64146 ad097ce36cc8b23357ad249a5faaad72
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_sparc.deb
        Size/MD5 checksum:    70864 407a64c9358e99d5b827828a26b6affe
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_sparc.deb
        Size/MD5 checksum:   112638 b6e9adb2cb989bd992e962608ec58bfe
      http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_sparc.deb
        Size/MD5 checksum:   113266 144e281cbbab19fd283d3f664b3bc2d6
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.