Debian: xzgv arbitrary code execution fix

    Date21 Dec 2004
    CategoryDebian
    5781
    Posted ByJoe Shakespeare
    Luke "infamous41md" discoverd multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 614-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    December 21st, 2004                     http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : xzgv
    Vulnerability  : integer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0994
    
    Luke "infamous41md" discoverd multiple vulnerabilities in xzgv, a
    picture viewer for X11 with a thumbnail-based selector.  Remote
    exploitation of an integer overflow vulnerability could allow the
    execution of arbitrary code.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.7-6woody2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.8-3.
    
    We recommend that you upgrade your xzgv package immediately.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.dsc
          Size/MD5 checksum:      579 27ae6cedb8409d1a61250227194a6b18
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.diff.gz
          Size/MD5 checksum:     6782 fc970417371b3fab54b0cee4bc9ad695
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz
          Size/MD5 checksum:   296814 9a376cc01cf486a2a8901fbc8b040d29
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_alpha.deb
          Size/MD5 checksum:   199532 b3ac4de63867a36dd018ed530f0d10f7
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_arm.deb
          Size/MD5 checksum:   187026 299e911e0b72e2ec50a4e2fe483631fd
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_i386.deb
          Size/MD5 checksum:   185198 8daddd8cd55896f09bd34a962d506480
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_ia64.deb
          Size/MD5 checksum:   219706 d06e18a31733ed58a8f0515d98ae36dd
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_hppa.deb
          Size/MD5 checksum:   195394 de8fb62bad56ed7b39d14242b82f501d
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_m68k.deb
          Size/MD5 checksum:   181580 32bb51323358c9592bcb7a9a6254d378
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mips.deb
          Size/MD5 checksum:   188456 b9db5a09c63151dd48a8c10670828527
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mipsel.deb
          Size/MD5 checksum:   187458 6db543152183971188c0f02b2f06f5e6
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_powerpc.deb
          Size/MD5 checksum:   189504 c2df06701aef5409b88d342ef826335d
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_s390.deb
          Size/MD5 checksum:   188976 530d93c6ca5132b42d64ca60c9fab9b0
    
      Sun Sparc architecture:
        http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_sparc.deb
          Size/MD5 checksum:   188952 9f5fefef2a5581e77cf94b9ad4e9f042
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.