Debian: New chbg packages fix arbitrary code execution

    Date17 Jan 2005
    CategoryDebian
    6845
    Posted ByJoe Shakespeare
    Danny Lungstrom discoverd a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 644-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 18th, 2005                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : chbg
    Vulnerability  : buffer overflow
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-1264
    Debian Bug     : 285904
    
    Danny Lungstrom discoverd a vulnerability in chbg, a tool to change
    background pictures.  A maliciously crafted configuration/scenario
    file could overflow a buffer and lead to the execution of arbitrary
    code on the victim's machine.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.5-1woody1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.5-4.
    
    We recommend that you upgrade your chbg package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc
          Size/MD5 checksum:      600 3cb28b61fb97dca63f09a486dae5612f
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz
          Size/MD5 checksum:     3612 08098cf0fec406380e968186766de027
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz
          Size/MD5 checksum:   322878 4a158c94c25b359c86da1de9ef3e986b
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb
          Size/MD5 checksum:   294456 afd6ce377d43c0df909d955e04c328cd
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb
          Size/MD5 checksum:   247338 878c528ab81decd999503ad47557fc4a
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb
          Size/MD5 checksum:   244862 d3a09b86dfc44164c541cda2eb66ce66
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb
          Size/MD5 checksum:   345228 e4b9ae6b9da9c34d5a930727bdfc1a44
    
      HP Precision architecture:
    
        Cannot be updated due to compiler error.
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb
          Size/MD5 checksum:   222916 7dce4c0b3ae27f624ee472bd153d5c66
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb
          Size/MD5 checksum:   249054 66402b53b158bfa0b2144b6b97b1d794
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb
          Size/MD5 checksum:   247536 769f5074ad1f4b148191d0e196d01778
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb
          Size/MD5 checksum:   271272 f6b03b2a05de42ee203d7d9cbfe7c468
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb
          Size/MD5 checksum:   239098 f20c7b0e36ecfc4540d3673f4ec477dd
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb
          Size/MD5 checksum:   263302 28df5318e314bbaf79493b485aa6cffa
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.