From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1842-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 28, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openexr
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1720 CVE-2009-1721 CVE-2009-1722
Several vulnerabilities have been discovered in the OpenEXR image
library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-1720
Drew Yao discovered integer overflows in the preview and
compression code.
CVE-2009-1721
Drew Yao discovered that an uninitialised pointer could be freed
in the decompression code.
CVE-2009-1722
A buffer overflow was discovered in the compression code.
For the old stable distribution (etch), these problems have been fixed
in version 1.2.2-4.3+etch2.
For the stable distribution (lenny), these problems have been fixed
in version 1.6.1-3+lenny3.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your openexr packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2.orig.tar.gz
Size/MD5 checksum: 9324108 a2e56af78dc47c7294ff188c8f78394b
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.dsc
Size/MD5 checksum: 841 38524b64a8f8a689b2db3a697b1bb7e3
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
Size/MD5 checksum: 11620 fe26549c7913a1217795382ad0f31153
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_alpha.deb
Size/MD5 checksum: 649894 fc9a1c67beee9197266747ee562e0349
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_alpha.deb
Size/MD5 checksum: 742016 0f11446d30377a662670724f7ea03a5c
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_alpha.deb
Size/MD5 checksum: 313564 e34baa2d06d796eea67aafe84bdf7b0e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_amd64.deb
Size/MD5 checksum: 287856 c051a4558f5b145e7246618b4397169a
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_amd64.deb
Size/MD5 checksum: 730450 8180e6cb370177d6355f5755c865ab14
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_amd64.deb
Size/MD5 checksum: 535914 0c98d699e11e308151a003ce28b7c77c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_arm.deb
Size/MD5 checksum: 531144 bd9b1cea94db20840f380a6c288cf3c9
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_arm.deb
Size/MD5 checksum: 290886 bda7210cc96811000b36b3e760400f56
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_arm.deb
Size/MD5 checksum: 729258 2472ecda1421bc323f978b943ae0cc96
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_hppa.deb
Size/MD5 checksum: 742604 95cda2414e2f4296dee1a044978cec50
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_hppa.deb
Size/MD5 checksum: 389476 8a6f6c386fd65e1c422cd8145e3a058f
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_hppa.deb
Size/MD5 checksum: 641946 aed1b15e04d26de29ee314639b28f27b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_i386.deb
Size/MD5 checksum: 730140 d6bd597c1c794304f02b8c2cba564cd3
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_i386.deb
Size/MD5 checksum: 507006 787feeaf0e889f000f687b41f132b7b5
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_i386.deb
Size/MD5 checksum: 298682 282cb1311545aeb1a9a30635fa0d8afc
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_ia64.deb
Size/MD5 checksum: 758978 ad87aee6e8b0c45eec39564920461fba
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_ia64.deb
Size/MD5 checksum: 351604 eb21634f92ab972a0fde896190ff1640
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_ia64.deb
Size/MD5 checksum: 675014 68d763fa96db1bd9bf709386b188a0bb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mips.deb
Size/MD5 checksum: 345100 03b43b1028d85a2fb33cb63e83980083
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mips.deb
Size/MD5 checksum: 740040 535c2f97ed619f281bbe537ac5c6bc2d
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mips.deb
Size/MD5 checksum: 621990 34ae3431d730c36710102e9f9cab12e2
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mipsel.deb
Size/MD5 checksum: 557340 211e63375b0678bdb466bf751da16d17
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)