Debian: New libcairo packages fix arbitrary code execution

- ------------------------------------------------------------------------Debian Security Advisory DSA-1542-1                  security@debian.org
http://www.debian.org/security/                           Devin Carraway
April 09, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : libcairo
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-5503

Peter Valchev (Google Security) discovered a series of integer
overflow weaknesses in Cairo, a vector graphics rendering library used
by many other applications.  If an application uses cairo to render a
maliciously-crafted PNG image, the vulnerability allows the execution
of arbitrary code.

For the stable distribution (etch), these problems have been fixed in
version 1.2.4-4.1+etch1.

For the unstable distribution (sid), these problems have been fixed in
version 1.4.10-1.1.

We recommend that you upgrade your libcairo packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:      894 4bd02b09d90fb7dc966f9ad9e4653d74
      Size/MD5 checksum:  2882781 1222b2bfdf113e2c92f66b3389659f2d
      Size/MD5 checksum:    29508 df191c1acebf8b74f4dc9e9684694827

Architecture independent packages:

      Size/MD5 checksum:   299594 1265f2438a59a670a2002a1fe37ad83f

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   539986 cea40c631672aecbc07e515e33e2a9db
      Size/MD5 checksum:   411544 fa867f23b40e90f111739bae281c7348
      Size/MD5 checksum:   199550 5d1bf32875edb7358f83a2794979757e
      Size/MD5 checksum:   397872 c9d9341caa748b6c90212f95c22d1c30
      Size/MD5 checksum:   513532 ea952537b9c51f92dc70e50acc285eca

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   452564 26fd8f9e706dd0f446eada08da6aa4e3
      Size/MD5 checksum:   395362 686f9dbff74537e61ed8ab677706ad3f
      Size/MD5 checksum:   183728 8912904d7aa4d7bfda3443bde0dedd85
      Size/MD5 checksum:   471076 a05953964b5cf00d1821f9ca7eb48a50
      Size/MD5 checksum:   382068 474cc11a61af2ff477ca1443f5601324

arm architecture (ARM)

      Size/MD5 checksum:   416400 4cda8085d4f84eb9d90db6932d6457a4
      Size/MD5 checksum:   431954 7bfa5c09b8ee60b6037220d9481ae8a7
      Size/MD5 checksum:   360656 9e6dcf8edae92220132ab86b04ee068b
      Size/MD5 checksum:   371894 7a7735ff8683d80a0553a333ef4f5a02
      Size/MD5 checksum:   162388 4990362745e6022373b2333fccc94a06

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   413884 c4e214540972dd9c727ce67247ba6bed
      Size/MD5 checksum:   399968 8cfaff95765482045f39f9af72c845a6
      Size/MD5 checksum:   488146 4fc58af6eee498b6263b60fe8f29fbe2
      Size/MD5 checksum:   201684 7adcda56d3cf71f47c1cb071ac0339df
      Size/MD5 checksum:   467416 0ecb3f00d081b8bd53cec8f0b57204a1

i386 architecture (Intel ia32)

      Size/MD5 checksum:   371862 78b04e59cd3c5b6030d293766b926395
      Size/MD5 checksum:   174406 5cbdb944a46f1b97a0e84eea388bb613
      Size/MD5 checksum:   384534 40a798a8c26b7d4930b6d44e441e4917
      Size/MD5 checksum:   429240 b7aa75bf8806f6b886c8b9556354dfee
      Size/MD5 checksum:   445890 b44a16dcfa36a6a05b5f6a64c477805b

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   557968 ea3a26a3344adce06789748f68f9f433
      Size/MD5 checksum:   585262 5f33580c65809a4ac73fb6c670ce77a1
      Size/MD5 checksum:   272082 0d1bb4d44bc50fda6133772fc01bac33
      Size/MD5 checksum:   489674 3e1f2d13d38cdac74a9675680fe0daff
      Size/MD5 checksum:   470694 c4aaac4ba044fea5082bf02e92fe8e82

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   488170 e92545a6c4f12169715cb3f6f4435e93
      Size/MD5 checksum:   465238 a5afd1fe607e8c86fdad9ecac4982667
      Size/MD5 checksum:   389684 d7321be1df46e5c0afa504dd66950adf
      Size/MD5 checksum:   377046 821cbe3d5acb4bdd73908b91e6707933
      Size/MD5 checksum:   178908 2fc76539c9e93e47664b020d970ab87a

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   378354 ed811dcf921690a647280223993819db
      Size/MD5 checksum:   390846 90a7ca3743af4aaf0242381765d00fc2
      Size/MD5 checksum:   466356 0eea06972850f05cf7874ba33e697e36
      Size/MD5 checksum:   488570 1c55421ebd997fd22e20987f42be701c
      Size/MD5 checksum:   179834 60af43139c3b83c7af4e91b0d87ebc48

powerpc architecture (PowerPC)

      Size/MD5 checksum:   383326 8fe650e57f071f48bdcbdee8ef629dee
      Size/MD5 checksum:   435500 9182ae98f78de748626dcb882f09af3d
      Size/MD5 checksum:   454122 464a3b39ab81c0f22222288fa8686335
      Size/MD5 checksum:   371486 c7ad7f6842193eb284acde2933cf37a0
      Size/MD5 checksum:   172792 d1602b8093517526bc7368263d6b7ece

s390 architecture (IBM S/390)

      Size/MD5 checksum:   457120 354f0d65b96eac90345823ef8cd551aa
      Size/MD5 checksum:   438358 2fb1ba4651a1cc2bbc2e2d41e850b711
      Size/MD5 checksum:   187702 ffda9037108f8324fde9fb7f1a08199d
      Size/MD5 checksum:   399726 194e9a8528dde46db7b8fffdf56a97d4
      Size/MD5 checksum:   385820 ae0eaaedd3485a83335bd0005b6e0930

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   415042 001b42c58f1a2ca545816948381fe17c
      Size/MD5 checksum:   357198 ab14875b97ba5a4dcbf78af6698c3a9e
      Size/MD5 checksum:   368798 27c8640318302b856a9a154c881cbb1d
      Size/MD5 checksum:   158608 dc606702f1ff49c394c300e24cda5ee4
      Size/MD5 checksum:   431810 0da0e67c3ee915b8b61acccae7cb3f8d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New libcairo packages fix arbitrary code execution

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
