|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[Full-disclosure] [SECURITY] [DSA 1796-1] New libwmf packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1796-1 security@xxxxxxxxxx
link://[click] Nico Golde
April 7th, 2009 link://[click]
- --------------------------------------------------------------------------
Package : libwmf
Vulnerability : pointer use-after-free
Problem type : local (remote)
Debian-specific: no
Debian bug : 526434
CVE ID : CVE-2009-1364
Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed. An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.
For the oldstable distribution (etch), this problem has been fixed in
version 0.2.8.4-2+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 0.2.8.4-6+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.4-6.1.
We recommend that you upgrade your libwmf packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
link://[click]
Size/MD5 checksum: 7644 2b4fed248a00761fd52d0121b1a85bc3
link://[click]
Size/MD5 checksum: 777 3cee5266c519e54d0da6af8e7bfce4fb
link://[click]
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0
Architecture independent packages:
link://[click]
Size/MD5 checksum: 285000 dad2e5a29f12e8eb1044aa0e8711f9ca
alpha architecture (DEC Alpha)
link://[click]
Size/MD5 checksum: 20778 cb687c76275147f88647cc66432c7e19
link://[click]
Size/MD5 checksum: 266074 b339918318e45eb257f17a118189ce84
link://[click]
Size/MD5 checksum: 202096 d17c7648e7a36c487cc350a2337a9895
amd64 architecture (AMD x86_64 (AMD64))
link://[click]
Size/MD5 checksum: 18236 c297e08f3ef5b051539e953e86c079ef
link://[click]
Size/MD5 checksum: 181534 84d6098d1c8664b140af1133a2131a21
link://[click]
Size/MD5 checksum: 207970 38bb87b9709162127b1781f1f94faabd
arm architecture (ARM)
link://[click]
Size/MD5 checksum: 17282 babef9667a9f4b08caefd35768a3a46d
link://[click]
Size/MD5 checksum: 193728 e746d7645a15cd86949b100cdf45b40d
link://[click]
Size/MD5 checksum: 171004 5a3619cbce2f2a5c372b95264b89deeb
hppa architecture (HP PA RISC)
link://[click]
Size/MD5 checksum: 233692 cd29f5b00baf76ff13024fbb86f6d9e3
link://[click]
Size/MD5 checksum: 199222 8065d7a00098dc8369db734a05b9c17f
link://[click]
Size/MD5 checksum: 20012 248ff058981781eb05dd840e267be350
i386 architecture (Intel ia32)
link://[click]
Size/MD5 checksum: 16972 6c9b82eb6ec8bae312e3b9560287f128
link://[click]
Size/MD5 checksum: 173774 574bd6bfae2c31dd6b327adbc3f8198e
link://[click]
Size/MD5 checksum: 196458 fd9303e305f980531f7189bde27cf9d2
ia64 architecture (Intel ia64)
link://[click]
Size/MD5 checksum: 302452 52a71013e006a01c8c9fa9812dcbbce8
link://[click]
Size/MD5 checksum: 26150 8d4c7ca669c634d5a4a0c038f603f8b8
link://[click]
Size/MD5 checksum: 264844 21f1ff094fd730d04e7e2b4377b874f6
mips architecture (MIPS (Big Endian))
link://[click]
Size/MD5 checksum: 229336 d52a35cbfe9b5bc6791f43b894f6bda8
link://[click]
Size/MD5 checksum: 176096 5dc5d4b8417ddcdca85ccac83c7072ef
link://[click]
Size/MD5 checksum: 18994 80122014dde275e45efb64b4451603e8
powerpc architecture (PowerPC)
link://[click]
Size/MD5 checksum: 186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b
link://[click]
Size/MD5 checksum: 207140 10bbafbc62f653e29b2f8c88bbdd9b02
link://[click]
Size/MD5 checksum: 22900 543ae9e4df3d297121f899b634636713
s390 architecture (IBM S/390)
link://[click]
Size/MD5 checksum: 18116 1206f23d337f638a7bf405fae7f9a7a1
link://[click]
Size/MD5 checksum: 203422 4d8465b694e76c2b5a58d3787b4914c6
link://[click]
Size/MD5 checksum: 183234 639d7e103590d7688224d9f5502126b0
sparc architecture (Sun SPARC/UltraSPARC)
link://[click]
Size/MD5 checksum: 173576 4d7b14354b5c143ed4fa096bbcb1a752
link://[click]
Size/MD5 checksum: 203976 f319ee7010a0efd187db5023359a8beb
link://[click]
Size/MD5 checksum: 17268 bb5de5301730ce0cd417e6e945838512
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
link://[click]
Size/MD5 checksum: 7894 4f82263c3909e9b63e0cbc7ed10e997d
link://[click]
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0
link://[click]
Size/MD5 checksum: 1195 ca8aa8b0ca3a03408032af1ff3882569
Architecture independent packages:
link://[click]
Size/MD5 checksum: 285920 c5388d928771785efcbf9cecb6c589a1
alpha architecture (DEC Alpha)
link://[click]
Size/MD5 checksum: 20598 d06f257a8d9ac39374bd69327bb44856
link://[click]
Size/MD5 checksum: 263434 8daea32a448767b08e888f051dcc95f7
link://[click]
Size/MD5 checksum: 203738 e9ac47fa10381c5510c5ace60b920c1a
amd64 architecture (AMD x86_64 (AMD64))
link://[click]
Size/MD5 checksum: 18992 49529a2273c18658ed927016b33e0ff5
link://[click]
Size/MD5 checksum: 186908 79c5cf0608709bb8a8e52547a050e94c
link://[click]
Size/MD5 checksum: 210036 b933a8713fee44409613401692602bc9
arm architecture (ARM)
link://[click]
Size/MD5 checksum: 16936 de40799cfcd047a65470c67d90c99996
link://[click]
Size/MD5 checksum: 173436 7ac2f9516551b7e87c58e9b3c90c4aae
link://[click]
Size/MD5 checksum: 193904 70ff03d5f3353a7921b9e64a7d575865
armel architecture (ARM EABI)
link://[click]
Size/MD5 checksum: 181438 af85015b825f8ff0afe5013b9198f612
link://[click]
Size/MD5 checksum: 18334 5b6ebb4cf15385f5ee4cb5994ceca5e0
link://[click]
Size/MD5 checksum: 199168 ac0f164a3f1cb5773351026db81c3b4a
hppa architecture (HP PA RISC)
link://[click]
Size/MD5 checksum: 19770 3bef399e7872f710e425bd4f9e4327a6
link://[click]
Size/MD5 checksum: 201662 faf3930f62f1e8040b98df980e011b57
link://[click]
Size/MD5 checksum: 236120 f92e57dfc0f888949f2d54f6ee9687a1
i386 architecture (Intel ia32)
link://[click]
Size/MD5 checksum: 176452 a70ddf1417312c0acad56e05403b8875
link://[click]
Size/MD5 checksum: 194024 f3d7fb16b81a8df01eccb01dfce91cc4
link://[click]
Size/MD5 checksum: 16928 572efd6f96ec0aad181fea0ba46e96f2
ia64 architecture (Intel ia64)
link://[click]
Size/MD5 checksum: 25766 6dc665e9ced6a39c279eb93abcf1469f
link://[click]
Size/MD5 checksum: 304474 60d47ed04099d9128c255097536b59fd
link://[click]
Size/MD5 checksum: 270232 6e92952dc90896353b46392f2a5d0edb
mips architecture (MIPS (Big Endian))
link://[click]
Size/MD5 checksum: 18192 c962575a11e80c524148034e335c02b3
link://[click]
Size/MD5 checksum: 229846 23e8811e367af817997a8dc2c87f45c7
link://[click]
Size/MD5 checksum: 179160 907f41074981099e5b970ba373770483
mipsel architecture (MIPS (Little Endian))
link://[click]
Size/MD5 checksum: 223738 d719ba660f5a356e982fd173f51bcf73
link://[click]
Size/MD5 checksum: 17854 8f1b053ebe04427d7ecdbad974865302
link://[click]
Size/MD5 checksum: 180004 4effa6b4a227d70e574106d88150660d
powerpc architecture (PowerPC)
link://[click]
Size/MD5 checksum: 214354 e7433c7790e0b0456c415d84c9dd7cd2
link://[click]
Size/MD5 checksum: 27392 7282af7c836ee8c2339e48f04885e955
link://[click]
Size/MD5 checksum: 196128 61d4022bd0ac9028e6fac9b8521a3fd3
s390 architecture (IBM S/390)
link://[click]
Size/MD5 checksum: 203604 6195247347970250b62101f6b798409b
link://[click]
Size/MD5 checksum: 18624 3c2be19a55bb550e1a6383b93f0eda9e
link://[click]
Size/MD5 checksum: 186986 17b24ed61aea2f6153f700378d512e02
sparc architecture (Sun SPARC/UltraSPARC)
link://[click]
Size/MD5 checksum: 177318 02b2b31bb88340a03e58ad679370e3aa
link://[click]
Size/MD5 checksum: 200278 9e0041b2d3b87acfbcf9fd1790677859
link://[click]
Size/MD5 checksum: 17748 5f0f3860c1af2bba8e6a77cb9ed67cca
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb link://[click] stable/updates main
For dpkg-ftp: link://[click] dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and link://[click]<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoDCo0ACgkQHYflSXNkfP8TYgCfT4n7imxW2vBRC1vCFgz/AB3+
lv8AoKrcIB/i5m/JAsssjkDLkr1GH8v8
=om0D
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
