Debian: libgd1 arbitrary code execution fix

    Date09 Nov 2004
    CategoryDebian
    2636
    Posted ByLinuxSecurity Advisories
    "infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 589-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    November 9th, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : libgd
    Vulnerability  : integer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0990
    BugTraq ID     : 11523
    
    "infamous41md" discovered several integer overflows in the PNG image
    decoding routines of the GD graphics library.  This could lead to the
    execution of arbitrary code on the victim's machine.
    
    For the stable distribution (woody) these problems have been fixed in
    version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
    libgd2.
    
    For the unstable distribution (sid) these problems will be fixed soon.
    
    We recommend that you upgrade your libgd1 packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc
          Size/MD5 checksum:      707 475a021c51d4a13211a211c17b1551f6
         http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz
          Size/MD5 checksum:     8695 d208e651d9d7eef22fcfd27455335c26
         http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
          Size/MD5 checksum:   559248 813625508e31f5c205904a305bdc8669
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb
          Size/MD5 checksum:   134716 18f7bb31f9c2df1876fcd43ee07cb317
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb
          Size/MD5 checksum:   133308 800918d9a4c773155bdc1328f8e46119
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb
          Size/MD5 checksum:   111812 6ac46129674d4377a65140a26c320f3b
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb
          Size/MD5 checksum:   111188 53f277a1a0b1cd239a42e2f3e9558338
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb
          Size/MD5 checksum:   123676 b73ca28de04f8eff9f2f2dc6200ae089
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb
          Size/MD5 checksum:   123162 2616147546687bef695eaecbe87cd5da
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb
          Size/MD5 checksum:   104214 ad6dfb3a678252b8aea3f1e942ed9e18
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb
          Size/MD5 checksum:   103616 b5ed245e0b10ce9248c69a362c0023f4
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb
          Size/MD5 checksum:   121132 5531183a357e500c3ec58f094caf6c89
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb
          Size/MD5 checksum:   120650 73aa302b99d761988c6be28a0b6a866a
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb
          Size/MD5 checksum:   104058 f2f25e0c784aa732d5f3a6941faf8d5e
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb
          Size/MD5 checksum:   103526 b315185c17011b5b061b2f660962c04d
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb
          Size/MD5 checksum:   145576 57beb3ee63cfc0b0f959d8fe28ee73d8
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb
          Size/MD5 checksum:   144628 c5f3fc093c8f8b8ee02cbc4a434e072a
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb
          Size/MD5 checksum:   125622 59b992afcbfd47d9cf36a27e9e505472
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb
          Size/MD5 checksum:   124316 c506be2df33949840ab704c988509975
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb
          Size/MD5 checksum:   132100 6058fb1f80653f72e0adbce6fcfcb453
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb
          Size/MD5 checksum:   131300 eb08f0d6d0624e61f73315a4bf577a72
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb
          Size/MD5 checksum:   111508 7a64ea78b91c49de452ae08ad13508d5
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb
          Size/MD5 checksum:   110998 36efa25648536b0fc132ef8979dced21
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb
          Size/MD5 checksum:   119284 c82fb2b6d484d42a97c9f0449492ae39
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb
          Size/MD5 checksum:   118738 5409641a546bcc32425186e2c08460d7
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb
          Size/MD5 checksum:   102364 8df32eaca36695c625a640aa24c13bce
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb
          Size/MD5 checksum:   101906 e031bade76cf4ec424ba1e43f435b3fe
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb
          Size/MD5 checksum:   128900 9aa4a7d18cf202a32be6769266eafb27
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb
          Size/MD5 checksum:   128158 25a50011dde812a6850fbccb75aff32e
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb
          Size/MD5 checksum:   106426 f4cf28af2cb5191c7d352ead07184fea
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb
          Size/MD5 checksum:   105842 2132ce70ebf0c291b0b407ff73cea032
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb
          Size/MD5 checksum:   129090 73d06a669f116d6a748578995daff5e1
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb
          Size/MD5 checksum:   128270 32154086e87ddd24867be3ba9b95ecc5
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb
          Size/MD5 checksum:   106432 ed6fdd0570066c23e49c5da15d358aa8
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb
          Size/MD5 checksum:   105872 ff5c9599e2bece96cd180b5a622f6bf7
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb
          Size/MD5 checksum:   126418 406865e1b60c2c1d608b11f713a60db5
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb
          Size/MD5 checksum:   125524 ab9460c78e7ae3ccfcddfbbd8c842cce
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb
          Size/MD5 checksum:   106928 185e67aa0ac4eda2b06c6033f4faf6b3
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb
          Size/MD5 checksum:   106400 b1520aac55563125eb3abad8866c28a4
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb
          Size/MD5 checksum:   122502 13b4f35fd483d9503cb31f00907e3e41
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb
          Size/MD5 checksum:   121956 b81e27b20483ed0a4da783867fbcf7b5
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb
          Size/MD5 checksum:   106278 e7ebafa88cb575404ee952ca8a515423
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb
          Size/MD5 checksum:   105686 152394d7f0ff8c6d42f9eb0d80fe7c21
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb
          Size/MD5 checksum:   123342 ae43cdd72272edac59d42717c4892024
         http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb
          Size/MD5 checksum:   122820 ac87eae8ec44e4efb5ed241dc74b2b76
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb
          Size/MD5 checksum:   104754 3d712ec702de16480f53424644ec78cd
         http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb
          Size/MD5 checksum:   104506 34360c4b52b08560e17af05c557c2fbe
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.