From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2026-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano
April 02, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : netpbm-free
Vulnerability : stack-based buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-4274
Debian Bug : 569060
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities.
An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
For the stable distribution (lenny), this problem has been fixed in
version 2:10.0-12+lenny1.
For the testing distribution (squeeze), this problem has been fixed in
version 2:10.0-12.1+squeeze1.
For the unstable distribution (sid), this problem will be fixed soon.
Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.
We recommend that you upgrade your netpbm-free package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc
Size/MD5 checksum: 1170 fa9aeb6e0fea3225fd5052b0ec0367a1
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz
Size/MD5 checksum: 50581 1c11ea48609ce48dd8033e076d5600a4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb
Size/MD5 checksum: 85754 ee6a4c6985623b01251b2eea34f3b0ed
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
Size/MD5 checksum: 77066 3f446c0ba741db2fa3bcfd23d364dd49
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb
Size/MD5 checksum: 1418402 ae06867d12399db5347715dc4ec2a7a9
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb
Size/MD5 checksum: 138666 7a9f884eb231e458af1ecf0f3eccfa95
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb
Size/MD5 checksum: 139220 815b677ff56f0ca1d565f9d0ae0fd783
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb
Size/MD5 checksum: 1316736 fcc0ee53a1e98cdd555bf64082dff7de
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
Size/MD5 checksum: 121202 7b8458cfacab39974af0455f6cd1d740
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb
Size/MD5 checksum: 79746 56f418df417d027e2424d57ac6196718
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb
Size/MD5 checksum: 71600 0f9251a5ac278afd7c9ac0def7f542aa
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb
Size/MD5 checksum: 121328 efaf769ff3769c8253af36a20facd612
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb
Size/MD5 checksum: 110038 de55f1c7285508902453d36280a3473a
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
Size/MD5 checksum: 70448 9258f240185bff2f2aeb6e2acf7abe07
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb
Size/MD5 checksum: 1289442 e2155667bdef26b4a56082d1954aede2
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb
Size/MD5 checksum: 62610 88cb6d123e7585524c455f84cf7eee06
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb
Size/MD5 checksum: 109408 cb72adb5662a710cb95884cb7c7c3486
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb
Size/MD5 checksum: 1346838 74780ea09c6a52978e099966c7b082c8
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
Size/MD5 checksum: 73150 69b0a60700bcfcf7dd2f4ff0fd9d3639
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb
Size/MD5 checksum: 111376 7a1c83e484415ed1612f7dbda0759a4b
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb
Size/MD5 checksum: 111524 26ce44e801847b99eb7ff4182a2ac513
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb
Size/MD5 checksum: 65690 424c79bb258ae1060dc3c162a6a224ff
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)