Linux Security
    Linux Security
    Linux Security

    Debian: window maker buffer overflow

    Date 07 Nov 2002
    Posted By LinuxSecurity Advisories
    There is a problem in the image handling code use in Window Maker.
    Debian Security Advisory DSA-190-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.                         Wichert Akkerman
    November  7, 2002
    Package        : wmaker
    Problem type   : buffer overflow
    Debian-specific: no
    Al Viro found a problem in the image handling code use in Window Maker,
    a popular NEXTSTEP like window manager. When creating an image it would
    allocate a buffer by multiplying the image width and height, but did not
    check for an overflow. This makes it possible to overflow the buffer.
    This could be exploited by using specially crafted image files (for
    example when previewing themes).
    This has been fixed in version 0.80.0-4.1.
    Obtaining updates:
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
      With apt:
        deb stable/updates main
            added to /etc/apt/sources.list will provide security updates
    Additional information can be found on the Debian security webpages
    Debian GNU/Linux 3.0 alias woody
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc. At this moment packages for mipsel are not yet
      Source archives:
          Size/MD5 checksum:  2452207 0768a12edff35cba82e769fcbc8de430
          Size/MD5 checksum:   323198 c1a49502d07e18044d2e1b579c7144fb
          Size/MD5 checksum:     1463 81ac44a6b0ea1dedc49834f35e5bfb51
      alpha architecture (DEC Alpha)
          Size/MD5 checksum:  2292278 015fa329febee7722ace1d233989c5b0
          Size/MD5 checksum:   448638 642310838f93352e6461ba73d28ad178
          Size/MD5 checksum:   124220 7614f26566c44ce413e5ca05e8f3e146
          Size/MD5 checksum:    60026 e74d2e084ac969d1ea7d349140d2721e
          Size/MD5 checksum:   108778 400114e0b4d35b37d573efee840e6e73
      arm architecture (ARM)
          Size/MD5 checksum:   340944 9d611e16b7b35ed5985f037a4f8f5635
          Size/MD5 checksum:   107852 23a35885f237a23b733ef105438761aa
          Size/MD5 checksum:  2068456 aa0f4630de38323faf835cf4f965b7fe
          Size/MD5 checksum:    59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
          Size/MD5 checksum:    95684 3a468466a4223b14b8f3b43acab410de
      hppa architecture (HP PA RISC)
          Size/MD5 checksum:  2189302 ef8befcc5bba64f0599f082569d56958
          Size/MD5 checksum:   117434 10303109fd46a2e3b0dc54e422d73bc8
          Size/MD5 checksum:   104508 e7d881619da171e82a796aede8d71dba
          Size/MD5 checksum:    59880 26a96fa9a6422861ec56f2207e40dd92
          Size/MD5 checksum:   395706 9ca65c6d9892555c3b169e9fe96af82b
      i386 architecture (Intel ia32)
          Size/MD5 checksum:    58934 1e1ea0a1dbc7fbf0110aa729e98dd8ad
          Size/MD5 checksum:   100986 982412044d618f6d93e8b60f48016329
          Size/MD5 checksum:  2035984 0677927edc56824f2d38237c875ec76a
          Size/MD5 checksum:    93466 c7ff10540e773703762acc2c4b69a338
          Size/MD5 checksum:   305248 91159acc6ae18dbb5e53c3ac3cbfe765
      ia64 architecture (Intel ia64)
          Size/MD5 checksum:   133780 08e0e30df9f399ade6f6c6774b03069c
          Size/MD5 checksum:  2557644 91951626efc89ffc244391bd1d11256e
          Size/MD5 checksum:    61228 bd1adfd645260243a4ba046f61045534
          Size/MD5 checksum:   122830 0d7b69562e8c700f5ee78a1fed0047ec
          Size/MD5 checksum:   494558 e41935522601cc2e90e39d7393c346c9
      m68k architecture (Motorola Mc680x0)
          Size/MD5 checksum:    91402 1165b0a8fadf4e457df9e2603b01b98f
          Size/MD5 checksum:   293348 f07a355b3bb9c861c85fa748031e4ece
          Size/MD5 checksum:    58924 20fed2a566ffc90e1153a2140aafa1b6
          Size/MD5 checksum:    97888 bec514f995c629145171f6002399b18f
          Size/MD5 checksum:  1977478 b502aacb81c5a368cd1b506168758357
      mips architecture (MIPS (Big Endian))
          Size/MD5 checksum:   386242 f74242056c3371b73040b2e4f0ede9a4
          Size/MD5 checksum:    97494 1c3e38459edb247524ab8af00fbf46bd
          Size/MD5 checksum:  2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2
          Size/MD5 checksum:   113006 ec763a7c2f7122a8664ac316ec90a25b
          Size/MD5 checksum:    59998 0b046f3d3dc66851eb06dce2b39eeeaf
      powerpc architecture (PowerPC)
          Size/MD5 checksum:   110198 b048be171736c11d8460c5cb8bd70d9f
          Size/MD5 checksum:  2080496 9bc6d5cd6dc38cf4d807b7f19806120f
          Size/MD5 checksum:    59360 1bd0d211921282ce8b92b339b6a9c82f
          Size/MD5 checksum:   349716 97360ccc35c0ac9381408ba11171e480
          Size/MD5 checksum:    97058 45798aab8fd1548886971c9e1de8e986
      s390 architecture (IBM S/390)
          Size/MD5 checksum:  2054012 ea1f2c7c787421b75350253dfc02d204
          Size/MD5 checksum:   102970 57484d85388fca52b6434f3b502bbb58
          Size/MD5 checksum:    96718 7a6a6831c6cf76d0b6ac3f4f39c52280
          Size/MD5 checksum:   319682 07af4e4067aa1297746b65c6c396d781
          Size/MD5 checksum:    59216 b7ec2bb441654d68cf94d06c9f8fdcf9
      sparc architecture (Sun SPARC/UltraSPARC)
          Size/MD5 checksum:    59126 aab1f4783be8045398e09dcedba338a2
          Size/MD5 checksum:  2071848 8bd9945b9f8561a800a2cba18c8a0306
          Size/MD5 checksum:    95976 07cf420ca394c83595e906e5f8d21911
          Size/MD5 checksum:   105984 087137527a8c5ec0a8b6c8d23f2da17a
          Size/MD5 checksum:   329092 8a3594e3f6773274a2bf7adb628b5d04
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.