Debian: window maker buffer overflow

    Date07 Nov 2002
    CategoryDebian
    2810
    Posted ByLinuxSecurity Advisories
    There is a problem in the image handling code use in Window Maker.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-190-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    November  7, 2002
    ------------------------------------------------------------------------
    
    
    Package        : wmaker
    Problem type   : buffer overflow
    Debian-specific: no
    
    Al Viro found a problem in the image handling code use in Window Maker,
    a popular NEXTSTEP like window manager. When creating an image it would
    allocate a buffer by multiplying the image width and height, but did not
    check for an overflow. This makes it possible to overflow the buffer.
    This could be exploited by using specially crafted image files (for
    example when previewing themes).
    
    This has been fixed in version 0.80.0-4.1.
    
    ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  http://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security webpages
    at  http://www.debian.org/security/
    
    ------------------------------------------------------------------------
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc. At this moment packages for mipsel are not yet
      available.
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
          Size/MD5 checksum:  2452207 0768a12edff35cba82e769fcbc8de430
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
          Size/MD5 checksum:   323198 c1a49502d07e18044d2e1b579c7144fb
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
          Size/MD5 checksum:     1463 81ac44a6b0ea1dedc49834f35e5bfb51
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
          Size/MD5 checksum:  2292278 015fa329febee7722ace1d233989c5b0
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
          Size/MD5 checksum:   448638 642310838f93352e6461ba73d28ad178
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
          Size/MD5 checksum:   124220 7614f26566c44ce413e5ca05e8f3e146
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
          Size/MD5 checksum:    60026 e74d2e084ac969d1ea7d349140d2721e
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
          Size/MD5 checksum:   108778 400114e0b4d35b37d573efee840e6e73
    
      arm architecture (ARM)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
          Size/MD5 checksum:   340944 9d611e16b7b35ed5985f037a4f8f5635
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
          Size/MD5 checksum:   107852 23a35885f237a23b733ef105438761aa
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
          Size/MD5 checksum:  2068456 aa0f4630de38323faf835cf4f965b7fe
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
          Size/MD5 checksum:    59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
          Size/MD5 checksum:    95684 3a468466a4223b14b8f3b43acab410de
    
      hppa architecture (HP PA RISC)
    
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
          Size/MD5 checksum:  2189302 ef8befcc5bba64f0599f082569d56958
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb
          Size/MD5 checksum:   117434 10303109fd46a2e3b0dc54e422d73bc8
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb
          Size/MD5 checksum:   104508 e7d881619da171e82a796aede8d71dba
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb
          Size/MD5 checksum:    59880 26a96fa9a6422861ec56f2207e40dd92
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
          Size/MD5 checksum:   395706 9ca65c6d9892555c3b169e9fe96af82b
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb
          Size/MD5 checksum:    58934 1e1ea0a1dbc7fbf0110aa729e98dd8ad
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb
          Size/MD5 checksum:   100986 982412044d618f6d93e8b60f48016329
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb
          Size/MD5 checksum:  2035984 0677927edc56824f2d38237c875ec76a
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb
          Size/MD5 checksum:    93466 c7ff10540e773703762acc2c4b69a338
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
          Size/MD5 checksum:   305248 91159acc6ae18dbb5e53c3ac3cbfe765
    
      ia64 architecture (Intel ia64)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb
          Size/MD5 checksum:   133780 08e0e30df9f399ade6f6c6774b03069c
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb
          Size/MD5 checksum:  2557644 91951626efc89ffc244391bd1d11256e
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb
          Size/MD5 checksum:    61228 bd1adfd645260243a4ba046f61045534
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb
          Size/MD5 checksum:   122830 0d7b69562e8c700f5ee78a1fed0047ec
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
          Size/MD5 checksum:   494558 e41935522601cc2e90e39d7393c346c9
    
      m68k architecture (Motorola Mc680x0)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb
          Size/MD5 checksum:    91402 1165b0a8fadf4e457df9e2603b01b98f
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb
          Size/MD5 checksum:   293348 f07a355b3bb9c861c85fa748031e4ece
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb
          Size/MD5 checksum:    58924 20fed2a566ffc90e1153a2140aafa1b6
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb
          Size/MD5 checksum:    97888 bec514f995c629145171f6002399b18f
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
          Size/MD5 checksum:  1977478 b502aacb81c5a368cd1b506168758357
    
      mips architecture (MIPS (Big Endian))
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb
          Size/MD5 checksum:   386242 f74242056c3371b73040b2e4f0ede9a4
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb
          Size/MD5 checksum:    97494 1c3e38459edb247524ab8af00fbf46bd
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb
          Size/MD5 checksum:  2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb
          Size/MD5 checksum:   113006 ec763a7c2f7122a8664ac316ec90a25b
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
          Size/MD5 checksum:    59998 0b046f3d3dc66851eb06dce2b39eeeaf
    
      powerpc architecture (PowerPC)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb
          Size/MD5 checksum:   110198 b048be171736c11d8460c5cb8bd70d9f
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb
          Size/MD5 checksum:  2080496 9bc6d5cd6dc38cf4d807b7f19806120f
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb
          Size/MD5 checksum:    59360 1bd0d211921282ce8b92b339b6a9c82f
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb
          Size/MD5 checksum:   349716 97360ccc35c0ac9381408ba11171e480
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
          Size/MD5 checksum:    97058 45798aab8fd1548886971c9e1de8e986
    
      s390 architecture (IBM S/390)
    
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb
          Size/MD5 checksum:  2054012 ea1f2c7c787421b75350253dfc02d204
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb
          Size/MD5 checksum:   102970 57484d85388fca52b6434f3b502bbb58
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb
          Size/MD5 checksum:    96718 7a6a6831c6cf76d0b6ac3f4f39c52280
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb
          Size/MD5 checksum:   319682 07af4e4067aa1297746b65c6c396d781
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb
          Size/MD5 checksum:    59216 b7ec2bb441654d68cf94d06c9f8fdcf9
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb
          Size/MD5 checksum:    59126 aab1f4783be8045398e09dcedba338a2
         http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb
          Size/MD5 checksum:  2071848 8bd9945b9f8561a800a2cba18c8a0306
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb
          Size/MD5 checksum:    95976 07cf420ca394c83595e906e5f8d21911
         http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb
          Size/MD5 checksum:   105984 087137527a8c5ec0a8b6c8d23f2da17a
         http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb
          Size/MD5 checksum:   329092 8a3594e3f6773274a2bf7adb628b5d04
    
    --
    ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.