dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Debian GNU/Linux Advisories: imagemagic, imlib, gdk-pixbuf

Sep 16, 2004, 18:14 (0 Talkback[s])

Debian Security Advisory DSA 547-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq


Package : imagemagic
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0827 Debian Bug : 268357

Marcus Meissner from SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.

For the stable distribution (woody) this problem has been fixed in version 5.4.4.5-1woody3.

For the unstable distribution (sid) this problem has been fixed in version 6.0.6.2-1.

We recommend that you upgrade your imagemagick packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.dsc
Size/MD5 checksum: 852 bd30219ef391bf92ddd1d9440bb204c8
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.diff.gz
Size/MD5 checksum: 15029 919a9ce109d79cbd46be07600659ad23
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
Size/MD5 checksum: 3901237 f35e356b4ac1ebc58e3cffa7ea7abc07

Alpha architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 1309670 da500b46b1267ff4d03976e308065acd
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 154074 6971608db558ff0782c3ad0ae009462c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 56140 092caa97de894d81df0140dd2b28dae4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 833318 10bbbd147658ead4decfda1df4e18a1d
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 67182 12ff257149eabf085a6dfce68053f402
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_alpha.deb
Size/MD5 checksum: 113698 9f081ff178091a2e608d067790d01436

ARM architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 1296992 05fa897edf7b0d89995491f4ba449688
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 118588 6f9a48ee452713a8e55ab41be4ef470c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 56186 1ad5494d3584fcc8a0a5b80b8a393c03
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 898494 f07051e3c12c743335abf1a0485cf03c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 67226 fdf2758a658b2327166a757e69b47851
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_arm.deb
Size/MD5 checksum: 109822 9b76a15b68ae88c118c589e33db86b96

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 1295002 649843a11bd6e67e716a7b428a003ed7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 122680 df5253599920dcc08e930b9fb066f5ab
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 56154 c88abf1babb06cbf1fb331867e07b0f7
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 772402 b4af59f9a6b39ba622f7044a6c803098
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 67192 93da49b34877c0d0a1cc5401d015f3ec
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_i386.deb
Size/MD5 checksum: 106814 31e28aa6bb9018089636a765542292f4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 1336076 83a4c1a3cb25f72329af8c1911155364
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 136966 32bcfb89db6ef6303259b89690f6b34a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 56144 cc7a6e8c841953f5c2f28172f3339bdf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 1359876 b859f2de467d20bc88a49d5255113518
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 67184 b1c6c79044eaee12ea665e838173e644
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_ia64.deb
Size/MD5 checksum: 132808 64357db2d047e28efb6ecf34712f81d4

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 1297246 d91a93010d0a9b06ef2e7e7c24067eab
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 132754 d94ce1833a7622ec7cb1e87e1f7d4d1f
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 56178 227dc8a44dec7c8f5ffd7d04d007bf5a
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 859610 5e31aa4f3847a122c9b028a7e4cc53c2
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 67224 1aa9441ecd0df3be9c9c521c023235f4
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_hppa.deb
Size/MD5 checksum: 117068 569cddc344832c2651a09302adcb4be9

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 1292374 d33d961d168fa1da3e81258593f6cad1
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 133904 818babd031d9464983228be672f3ba63
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 56194 62f0e0c37d37def3276b472748baf09c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 751662 f15c730f9e533099c4a4fffc43b97320
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 67248 e745b4e81854b018b410351f06d4f9f5
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_m68k.deb
Size/MD5 checksum: 107322 00fa726acbc7db8761babcf7c3f12b6c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 1294824 e1c5c5962301328b006f84d9f4552473
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 120156 e8682a8b9ae6add5268a36d40c7cf60c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 56204 39898ed1a2842b4af52cecb46dc11e01
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 732964 a4fb5327892e275223584dac87fd5f70
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 67238 08cab47dc272d5c79268616d4cfdafc4
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mips.deb
Size/MD5 checksum: 103238 74db9479973dd03fa2043b86c09e6f54

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 1294630 0567612bd39cbb9e112305e981f3dddb
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 113644 9f02d8c68dc3a3ec3ac1a0bbefaf3cd4
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 56188 197d278743e9a63d2965debf6307e229
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 720946 267d45b9082758cb6d248d4835d7a906
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 67222 9288acd5cf8e0d954a698a57490bdf9f
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mipsel.deb
Size/MD5 checksum: 102766 8c1f9380559702fc5763cc3591d289a6

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 1291356 13b81750624a3251a6bf6c73a41ddffc
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 135816 6bb64246e67de0778d6f92f126e6cedd
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 56162 7f8990171bc17c386d1fd59f76d8d0f5
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 785946 30216abae843bfb90a40ed0e54899648
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 67212 a42b2482a1cabaeaba2a0464bd50d197
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_powerpc.deb
Size/MD5 checksum: 111830 a2b06d2e30c5acb8384896d66cd6ec56

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 1292026 87ad365ff0f76a959d15e6791099861e
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 131922 b592d2de28c42fad73003745620ba6a6
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 56168 27d05d99677a8f05814991d6c54d3125
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 777904 28d8e1d90473b7fd9de7008133826106
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 67210 bc6bc6951ac1845ad2c2576ba12b4144
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_s390.deb
Size/MD5 checksum: 108872 3a9b40bd966e82e72b6083933257b108

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 1295066 75a65f7dc635c36b0e106f320fc003b9
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 123762 f1e8dd9d054f5c6720ef3a72e9292956
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 56180 aab8608e0ebb8bfb114517afb32731bf
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 802498 afed76b4789398a8844af142ded2612c
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 67216 99ac5d6fd3dabef7acec81b29a90fc9c
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_sparc.deb
Size/MD5 checksum: 112778 b263339035dad232832a8b48dc221ed8

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 548-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq


Package : imlib
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0817

Marcus Meissner discovered a heap overflow error in imlib, an imaging library for X and X11, that could be abused by an attacker to execute arbitrary code on the vicims machine.

For the stable distribution (woody) this problem has been fixed in version 1.9.14-2wody1.

For the unstable distribution (sid) this problem has been fixed in version 1.9.14-17 of imlib and in version 1.9.14-16 of imlib+png2.

We recommend that you upgrade your imlib1 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2wody1.dsc
Size/MD5 checksum: 803 6472ca2afec2286f184350d849bf9a5d
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2wody1.diff.gz
Size/MD5 checksum: 269552 31472b9a33f689d518c237fa7d742961
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
Size/MD5 checksum: 748591 1fa54011e4e1db532d7eadae3ced6a8c

Architecture independent components:

http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2wody1_all.deb
Size/MD5 checksum: 114576 15b012593229931c4bbc29040d2fdae5

Alpha architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_alpha.deb
Size/MD5 checksum: 119104 4e64b397ae2e9a839600fc8f19fdd1df
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_alpha.deb
Size/MD5 checksum: 96582 a0f07e9f4ded557eb3fabc0914ea6625
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_alpha.deb
Size/MD5 checksum: 116752 d036103895155f0267a26283631978d5
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_alpha.deb
Size/MD5 checksum: 262078 5e49dc13a1a4d61f74222dc1ae1bcb57
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_alpha.deb
Size/MD5 checksum: 96668 b4cff88f951f6682358f6f393691a5bd

ARM architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_arm.deb
Size/MD5 checksum: 93592 9c928508c6366fa367cddaecf4d2e99d
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_arm.deb
Size/MD5 checksum: 75032 4f90fccb7d8bc12b188d62da43f8f712
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_arm.deb
Size/MD5 checksum: 93634 1c44359a8043ecd94dbcd7a4349fac6a
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_arm.deb
Size/MD5 checksum: 258134 5f10db2bcb55a1ef8de534bdd0be730a
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_arm.deb
Size/MD5 checksum: 75924 87ff486de47e594a996992a8721c9542

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_i386.deb
Size/MD5 checksum: 77454 2b01b6df4f0859f6975932d2c3889fef
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_i386.deb
Size/MD5 checksum: 68730 afaadff6f4e14d885a663bd47c68c97a
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_i386.deb
Size/MD5 checksum: 76038 3b541785c7423bbb1c08b7ab4195f25d
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_i386.deb
Size/MD5 checksum: 258222 89e8b55aac576760bb7dbd2fbce97ef4
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_i386.deb
Size/MD5 checksum: 69332 1a2f9af32e10060af9712309565de823

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_ia64.deb
Size/MD5 checksum: 128272 be9e12e56078ad9426c018fd589a386c
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_ia64.deb
Size/MD5 checksum: 115640 2894139657c170641f026a5f51be8ae4
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_ia64.deb
Size/MD5 checksum: 128662 a0d502bd1cb1147ec2806739dab6ffd9
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_ia64.deb
Size/MD5 checksum: 266378 5febdea31eb17b29854233fbfb307869
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_ia64.deb
Size/MD5 checksum: 118478 b53e063c50cbee0082fd3f34e6495a07

HP Precision architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_hppa.deb
Size/MD5 checksum: 104722 cd83de0a77ec1a2e9ad2b89661f7ce95
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_hppa.deb
Size/MD5 checksum: 91568 e7ea261ab12d3026c655b88816b03fb1
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_hppa.deb
Size/MD5 checksum: 103092 787e38c5c6804290826fb24d39942471
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_hppa.deb
Size/MD5 checksum: 260886 6b7d99f18c2c4e531268d0685cec7815
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_hppa.deb
Size/MD5 checksum: 91038 c8ca84e673418e3c0be7fd6f983b72a5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_m68k.deb
Size/MD5 checksum: 71648 46ee28536a1eca2cde30c8956aced176
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_m68k.deb
Size/MD5 checksum: 63886 c27cb2052b30443ccbd8aaa1ee70752c
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_m68k.deb
Size/MD5 checksum: 69480 62a8fdc6b8eefdf233073d27ff143159
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_m68k.deb
Size/MD5 checksum: 257254 2062e2c1e836765fa547540c25217dc0
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_m68k.deb
Size/MD5 checksum: 64098 bb634b1f3812b538a158fcb5ffb2037a

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_mips.deb
Size/MD5 checksum: 95334 6df97ffb427a10ea4ad53b9031725fca
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_mips.deb
Size/MD5 checksum: 75042 dc6945a5f284fe9df84f73aef5c5fd98
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_mips.deb
Size/MD5 checksum: 92272 77d49cb7e43d26ff1c760f509b68a692
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_mips.deb
Size/MD5 checksum: 257824 03abbd17269e50822da7d9ff8962500d
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_mips.deb
Size/MD5 checksum: 75606 6173739a1120d7388a77727ee28a1c50

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_mipsel.deb
Size/MD5 checksum: 95350 af89cfadec5bbb4e48f9ae0bb6c59b03
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_mipsel.deb
Size/MD5 checksum: 75088 340cedde5a835f610164753e64d8a36d
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_mipsel.deb
Size/MD5 checksum: 92286 48df55c16c2760bd82d5dfbd051d1104
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_mipsel.deb
Size/MD5 checksum: 257692 f9b42b3f6d6ba9e4bdc48df5fe5c2d22
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_mipsel.deb
Size/MD5 checksum: 75520 2c8d731adcee92a92307fd11861fdaae

PowerPC architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_powerpc.deb
Size/MD5 checksum: 93706 6cc8b8753c18f11793805faeeb25aded
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_powerpc.deb
Size/MD5 checksum: 76440 50d611afb959762e4b975bdf181dabe4
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_powerpc.deb
Size/MD5 checksum: 89862 cbf553ff94b438dccea73bd68cb64f8f
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_powerpc.deb
Size/MD5 checksum: 258394 2cbbcc991c068aa94adff360210dfc41
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_powerpc.deb
Size/MD5 checksum: 75050 8e123dbbfc8e0ad2ec3acf21619f4658

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_s390.deb
Size/MD5 checksum: 82924 5fff2f003dcd49d4786f09210b76df35
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_s390.deb
Size/MD5 checksum: 77602 270ce2d438f02793c50f3f27dc26c872
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_s390.deb
Size/MD5 checksum: 83804 6413991452e5bee44855606146c3402d
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_s390.deb
Size/MD5 checksum: 258558 0f331b840d6f82164f4869ee4d9847d7
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_s390.deb
Size/MD5 checksum: 78164 521720c8c47a87ef9c768108ec9bffed

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_sparc.deb
Size/MD5 checksum: 88346 7e8d46b4b7af331e92dc8bc40e1af3f1
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_sparc.deb
Size/MD5 checksum: 76190 14d67fc9827d7eae2533c4ff3ad048b3
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_sparc.deb
Size/MD5 checksum: 85312 5c8b26804737b09678f60ef9ea4048ba
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_sparc.deb
Size/MD5 checksum: 258638 c2577ef0cc83d0934778c2eec3d106e3
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_sparc.deb
Size/MD5 checksum: 76356 f500ce8f5cf4f16de487c1677970eccb

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 546-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 16th, 2004 http://www.debian.org/security/faq


Package : gdk-pixbuf
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0753 CAN-2004-0782 CAN-2004-0788

Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf library used in Gtk. It is possible for an attacker to execute arbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an external package. For Gtk+2.0 it's part of the main gtk package.

The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:

CAN-2004-0753

Denial of service in bmp loader.

CAN-2004-0782

Heap-based overflow in pixbuf_create_from_xpm.

CAN-2004-0788

Integer overflow in the ico loader.

For the stable distribution (woody) these problems have been fixed in version 0.17.0-2woody2.

For the unstable distribution (sid) these problems have been fixed in version 0.22.0-7.

We recommend that you upgrade your gdk-pixbuf packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.dsc
Size/MD5 checksum: 706 3cc56516d717be2ce80caf00a7801748
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.diff.gz
Size/MD5 checksum: 19285 a5a7762e36a8b172f9e66709ec23adcd
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
Size/MD5 checksum: 547194 021914ad9104f265527c28220315e542

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_alpha.deb
Size/MD5 checksum: 177060 279cbc10c636658467f3f0399aa143b7
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_alpha.deb
Size/MD5 checksum: 9722 43600435d5bc6aab0613544693151248
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_alpha.deb
Size/MD5 checksum: 8874 81163f83dd6375b295bcd080293b508a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_alpha.deb
Size/MD5 checksum: 193636 7f2f524d42131e607ee0fdf7eab21c8e

ARM architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_arm.deb
Size/MD5 checksum: 156888 247743e5c98c50c236fe8881d525a9e2
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_arm.deb
Size/MD5 checksum: 8142 5763a1963ad9544d4e6825eaa5787047
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_arm.deb
Size/MD5 checksum: 7288 e7dddce3c14109a08b6bcd1ca2b7495c
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_arm.deb
Size/MD5 checksum: 161318 79938be443732c5f7add7c54984c8771

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_i386.deb
Size/MD5 checksum: 147634 a8acb10f8485d0f46257a06a8a07bb45
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_i386.deb
Size/MD5 checksum: 7602 2ce52283726d0ac94f4db8075eec6f24
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_i386.deb
Size/MD5 checksum: 7146 a0cf92a722c6125c2c4de312f25283e9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_i386.deb
Size/MD5 checksum: 151454 83e9903d762952eb4f37a8894db27113

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_ia64.deb
Size/MD5 checksum: 194964 5bcf490f3b65cbe85f25fedda3ad9bca
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_ia64.deb
Size/MD5 checksum: 11016 c43a72253d262d345fe18a6af37a8463
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_ia64.deb
Size/MD5 checksum: 11070 e9a001c2709caa51b8093942711647e4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_ia64.deb
Size/MD5 checksum: 229470 ed2b1e4cb830bf7b6518580560e948cf

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_hppa.deb
Size/MD5 checksum: 181318 1be47304016ae08cb2aaf874a1c23595
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_hppa.deb
Size/MD5 checksum: 9638 5eb751003626768ca9c5162a6c956748
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_hppa.deb
Size/MD5 checksum: 9314 cbe69c3c2aa9f111f225da90b1f88142
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_hppa.deb
Size/MD5 checksum: 189910 2d63ccaa4567281505319e570eb28052

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_m68k.deb
Size/MD5 checksum: 142148 2b56601acbdbe62447a0b8222f04f32d
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_m68k.deb
Size/MD5 checksum: 7308 f105f85118d7d2e7e64beb15f1edfd3a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_m68k.deb
Size/MD5 checksum: 7030 c99be5492c71c4b06ec47a0e131f910d
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_m68k.deb
Size/MD5 checksum: 156408 5f844e43fb3645802a9cf0848e929074

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mips.deb
Size/MD5 checksum: 167560 8cc8f41bbe9b5e8bc5a16fd4bd2355e9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mips.deb
Size/MD5 checksum: 9566 996c4d6ba55b275f67e129312775866f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mips.deb
Size/MD5 checksum: 8270 b7ceb187fdb72c6d2f9190c4e1ac6803
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mips.deb
Size/MD5 checksum: 165278 247d7804a0d275c9f06b6a70fba5c990

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mipsel.deb
Size/MD5 checksum: 168116 fff2704f2ab052b09c6efe885fc4ac9b
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mipsel.deb
Size/MD5 checksum: 9482 915611160e8c6e7b56a63b405705e2cc
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mipsel.deb
Size/MD5 checksum: 8122 cedb46e7c6949508455b4e2cf6d2ab64
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mipsel.deb
Size/MD5 checksum: 165452 95ef85acba0495ea804dbceaa3d194f9

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_powerpc.deb
Size/MD5 checksum: 166110 76dfd7b42b1f2980a888505461b1fba5
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_powerpc.deb
Size/MD5 checksum: 9248 b6979133bf009a1b34ef00407546563c
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_powerpc.deb
Size/MD5 checksum: 8072 1dc256cb98fcef2f2fe66d887dbe3f1d
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_powerpc.deb
Size/MD5 checksum: 171118 f75945d7015087d7671512d7c843889c

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_s390.deb
Size/MD5 checksum: 153494 02968dda9991f11e736a8f67ab31041f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_s390.deb
Size/MD5 checksum: 7858 2fede104ce269e4c2c7d86f18368a181
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_s390.deb
Size/MD5 checksum: 7564 626a7c5fa143002b72930b08d0259b8f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_s390.deb
Size/MD5 checksum: 167354 abd0019162d198d1e6485a8661cc17c9

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_sparc.deb
Size/MD5 checksum: 161154 64d01e6702c95b8dec9e21e9cd846527
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_sparc.deb
Size/MD5 checksum: 8270 45fcd5861d90a258b715ed7ad8458bab
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_sparc.deb
Size/MD5 checksum: 7502 04cd802ed9d51e1889a3200bd28990ca
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_sparc.deb
Size/MD5 checksum: 167018 b1009ca14d8ef9f42a6568d6ac7f3e81

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>