72911 2002-08-06 01:04 /200 rader/ Martin Schulze <joey@infodrom.org> Importerad: 2002-08-06 01:04 av Brevbäraren Extern mottagare: Debian Security Announcements <debian-security-announce@lists.debian.org> Externa svar till: security@debian.org Externa svar till: listadmin@securityfocus.com Mottagare: Bugtraq (import) <967> Ärende: [SECURITY] [DSA 140-2] New libpng packages fix potential buffer overflow ------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 140-2 security@debian.org http://www.debian.org/security/ Martin Schulze August 5th, 2002 - -------------------------------------------------------------------------- Package : libpng, libpng3 Vulnerability : Buffer overflow Problem-Type : remote Debian-specific: no In addition to the advisory DSA 140-1 the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us. This problem has been fixed in version 1.0.12-3.woody.2 of libpng and version 1.2.1-1.1.woody.2 of libpng3 for the current stable distribution (woody). We recommend that you upgrade your libpng packages. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc Size/MD5 checksum: 579 6fa91023a699b539f8406572acabcd45 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz Size/MD5 checksum: 7914 5e876cff104633b6ded3930b3c16aaa6 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc Size/MD5 checksum: 582 1ad71907a2745b4a4c66ba57399b7f12 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz Size/MD5 checksum: 8303 e72f6a3a38b4cace1971ca1c0b5bc20a http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d Alpha architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb Size/MD5 checksum: 276344 6ef427edc12b2b6f1c1cb9f70e9922f8 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb Size/MD5 checksum: 129748 c9c8197d16b91ad721d92c53de44d640 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb Size/MD5 checksum: 270238 4c6cf35a90dbbe8f7d781a6f0d7d5583 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb Size/MD5 checksum: 133154 220f5cd5020a19ed67b40208d5ece6c8 ARM architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb Size/MD5 checksum: 247430 69afbfe0aeb0e3c08a334a84b3e8cb77 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb Size/MD5 checksum: 108224 e1707faafae8955ebeae6ef3cbf70c9a http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb Size/MD5 checksum: 241200 98a7ce949f1c89161a002516042d9ebd http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb Size/MD5 checksum: 111508 791721c2c467b7c0b6fe666b9299a2d4 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb Size/MD5 checksum: 233094 f9889af54e78f47eebe1fa5a60ef33cb http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb Size/MD5 checksum: 106636 c9369f9eb9ae747365cdccf40acc3c2d http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb Size/MD5 checksum: 227308 4c452324c7308dcd268128fbe4b6439f http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb Size/MD5 checksum: 109802 8694e5afdb6f0c0c9e13b9f24aac8f63 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb Size/MD5 checksum: 278606 4e66108c22e624861a905bc5e5b55626 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb Size/MD5 checksum: 146174 91852036ba0ebff0f3734b9333a07388 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb Size/MD5 checksum: 271448 ac0dcd865700840d0efd2c36df1a217a http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb Size/MD5 checksum: 150852 f95379f323df7cd53c0fee8c8dfdde3d HP Precision architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb Size/MD5 checksum: 269384 48798cfcd2fce8157bb25e34b3b3bfc3 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb Size/MD5 checksum: 128266 85ff01a845db01cbdb5146c008f1a03d http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb Size/MD5 checksum: 262318 2dff123a3e2df906b66b02885048d412 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb Size/MD5 checksum: 132326 d3a294616ae7e5c710686d058641c7a8 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68k.deb Size/MD5 checksum: 226070 2f6a7ba8598056d782f590ea436caf36 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_m68k.deb Size/MD5 checksum: 103264 8f806c4dc79c2b3f83eff41dfe2c3ed8 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_m68k.deb Size/MD5 checksum: 220478 0a21d4692ce16aa98bfb1b1f9be699c8 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_m68k.deb Size/MD5 checksum: 106256 c36180e064f5a8375e51b7c021b84338 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_mips.deb Size/MD5 checksum: 246798 b026c3d8bbd5aebbd1c5165e38a40895 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_mips.deb Size/MD5 checksum: 108336 de2f358f510ab45d26ec566a16a653ce http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_mips.deb Size/MD5 checksum: 240378 f6f86bb6a308189f6681b9d3c78207e4 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_mips.deb Size/MD5 checksum: 111730 036b8290d2c590a52b40a4e4d297c97f Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_mipsel.deb Size/MD5 checksum: 246750 bce709abe60767e9148ee8bd2f31bf79 http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_mipsel.deb Size/MD5 checksum: 108208 c858c8d26f79ed9fa86e0b4a273a0a62 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_mipsel.deb Size/MD5 checksum: 240266 f0e223ddf818ecb5cdaaed0d9b5be1d1 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_mipsel.deb Size/MD5 checksum: 111642 fee8803a26ef4fc3eb5a84f3d7f34929 PowerPC architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_powerpc.deb Size/MD5 checksum: 240358 e45598add532892d4f9e78689746e5ba http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_powerpc.deb Size/MD5 checksum: 109638 20caff5351a2c73b4c60351b962e7547 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_powerpc.deb Size/MD5 checksum: 234366 a4cf783b849f32d3e587b4f98ece26fd http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_powerpc.deb Size/MD5 checksum: 112708 0d6696004fc745980d816921e3ec440b IBM S/390 architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_s390.deb Size/MD5 checksum: 232366 8c7e8d41b3d14d2e08f97a1fc8914c9c http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_s390.deb Size/MD5 checksum: 107324 43e46e6174fd4052b2ea103c6771ad4d http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_s390.deb Size/MD5 checksum: 226490 1a081fc6435c091bc824f898a848d2d7 http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_s390.deb Size/MD5 checksum: 110792 880a6b36459adddbf80ed9ec19f741fd Sun Sparc architecture: http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_sparc.deb Size/MD5 checksum: 237660 f1efbe23919ea8d37e3ebe57597a7bbd http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_sparc.deb Size/MD5 checksum: 109716 9db86c437af56a16f200977b68cb84b8 http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_sparc.deb Size/MD5 checksum: 231820 ae29d63b9698612331035f894ef3755a http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_sparc.deb Size/MD5 checksum: 113114 3cadf1a05fb83ce6476423243ac16806 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9TkS9W5ql+IAeqTIRArQ5AJ4vekZfvkoGZBnfa+VXtEVQdKKOWwCgjzXM i7iQSw4G87r++sEK9CHKHgY= =PkIu -----END PGP SIGNATURE----- (72911) /Martin Schulze <joey@infodrom.org>/--------