Debian GNU/Linux
Debian Security Advisory DSA 913-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
December 1st, 2005 http://www.debian.org/security/faq
Package : gdk-pixbuf
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
BugTraq ID : 15428
Debian Bug : 339431
Several vulnerabilities have been found in gdk-pixbuf, the Gtk+
GdkPixBuf XPM image rendering library. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2005-2975
Ludwig Nussel discovered an infinite loop when processing XPM
images that allows an attacker to cause a denial of service via a
specially crafted XPM file.
CVE-2005-2976
Ludwig Nussel discovered an integer overflow in the way XPM
images are processed that could lead to the execution of arbitrary
code or crash the application via a specially crafted XPM file.
CVE-2005-3186
“infamous41md” discovered an integer in the XPM processing
routine that can be used to execute arbitrary code via a
traditional heap overflow.
The following matrix explains which versions fix these
problems:
| old stable (woody) | stable (sarge) | unstable (sid) | |
| gdk-pixbuf | 0.17.0-2woody3 | 0.22.0-8.1 | 0.22.0-11 |
| gtk+2.0 | 2.0.2-5woody3 | 2.6.4-3.1 | 2.6.10-2 |
We recommend that you upgrade your gdk-pixbuf packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.dsc
Size/MD5 checksum: 706
148ab895e798cb66959ae0bf7c725424
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.diff.gz
Size/MD5 checksum: 20031
7851718d740e6e6a629e462b87269234
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
Size/MD5 checksum: 547194
021914ad9104f265527c28220315e542
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_alpha.deb
Size/MD5 checksum: 177066
edf14dd71b77d893ca27c7768dd0a9f4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_alpha.deb
Size/MD5 checksum: 9730
52bcd65497f80d9f9b649f2dff012436
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_alpha.deb
Size/MD5 checksum: 8874
1d7cfd64edf8fc05888e608bbba6edc9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_alpha.deb
Size/MD5 checksum: 193844
d20a90a4252d8f9ada81eb07b9798f25
ARM architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_arm.deb
Size/MD5 checksum: 156918
7a96bcd45ce4b637283c2b966c1fbbbc
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_arm.deb
Size/MD5 checksum: 8146
b1081dd21eadff238d9b411a71487759
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_arm.deb
Size/MD5 checksum: 7282
b65d0f3169de9ff0bd73289de74be475
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_arm.deb
Size/MD5 checksum: 161486
96ab7f9daf68d8f5317cf8e633e2da29
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_i386.deb
Size/MD5 checksum: 147604
45fbdaa219558095236d758b15ab8da0
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_i386.deb
Size/MD5 checksum: 7602
b0d9ed0671ea6b4abc1311c3b50c2821
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_i386.deb
Size/MD5 checksum: 7142
e125861f4de9b5958e47336332532408
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_i386.deb
Size/MD5 checksum: 151634
8db98edeeeceddca00ab90d23a3377fd
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_ia64.deb
Size/MD5 checksum: 194976
de93fe82b55f27ae64566d9946d0fee9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_ia64.deb
Size/MD5 checksum: 11016
11b9ec958564155bf58ecef0ce38621f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_ia64.deb
Size/MD5 checksum: 11076
d425f1ddd7dda9a2b09816976e365da8
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_ia64.deb
Size/MD5 checksum: 229474
69ad68e6ed5ea88df1abdf954e26dfa4
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_hppa.deb
Size/MD5 checksum: 181324
e3543dc0a15a94e57946647fdc777791
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_hppa.deb
Size/MD5 checksum: 9638
b392986cc6d6ddf24a47589f9fc78b5b
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_hppa.deb
Size/MD5 checksum: 9316
3be84377508b98df8f700885dc0bcb13
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_hppa.deb
Size/MD5 checksum: 190026
4741d1df4e66ba1a90758a44a68123ab
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_m68k.deb
Size/MD5 checksum: 142140
505be04e8005f316259cad3025d599c3
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_m68k.deb
Size/MD5 checksum: 7306
3967ebf6db8793d6a86fd294af843260
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_m68k.deb
Size/MD5 checksum: 7016
fb75b5d4d20a3a9f497a154622071d12
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_m68k.deb
Size/MD5 checksum: 156574
12a13ab0e1bd6aa4557d52e433ce0128
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mips.deb
Size/MD5 checksum: 167564
44823af863fa6eaea95bec78a78f3c48
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mips.deb
Size/MD5 checksum: 9566
722001dea6d4386afdcaa5503a2734f4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mips.deb
Size/MD5 checksum: 8274
8400f88e4c1ccf9d0a0fc1cdfd160818
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mips.deb
Size/MD5 checksum: 165456
e8f367d5b275641cac0dcdb78dd8b847
Little endian MIPS architecture:
Size/MD5 checksum: 168088
27fe81d3e0d259d0b2f9f1d0cb6b20c3
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mipsel.deb
Size/MD5 checksum: 9482
4d21b6c2528e39207b4e161ffc9f8bce
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mipsel.deb
Size/MD5 checksum: 8116
5465609ebc24647a0bb8cce0b855c04a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mipsel.deb
Size/MD5 checksum: 165596
9a1e6e006eccecd83d1531e22a5eb69c
PowerPC architecture:
Size/MD5 checksum: 166132
cda8b87f950b3711955c8e3124ee40e1
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_powerpc.deb
Size/MD5 checksum: 9246
6823a85cd60349e4ba10e24884a173fd
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_powerpc.deb
Size/MD5 checksum: 8072
b57e887073c448885cba21df750f7b3c
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_powerpc.deb
Size/MD5 checksum: 171316
d343436d579fbb1a359e076b84480114
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_s390.deb
Size/MD5 checksum: 153500
4e03bafc909b4461adead1162b7b2621
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_s390.deb
Size/MD5 checksum: 7866
20eb416547214564d687c6e1b6dc0d81
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_s390.deb
Size/MD5 checksum: 7564
bc0b59ddcb29b96cbbe839d881a419e2
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_s390.deb
Size/MD5 checksum: 167510
59c3f71ee91508e678a66bf28c983f82
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_sparc.deb
Size/MD5 checksum: 161136
aa671663e7343c7f7f8b47960b558f11
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_sparc.deb
Size/MD5 checksum: 8270
2f7862d0a6f2f98b0d4c6e3e0b6929df
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_sparc.deb
Size/MD5 checksum: 7502
97aac947b5168472b1ab4a6a0399d1c1
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_sparc.deb
Size/MD5 checksum: 167184
9d79c42f3dcba5026069b15e742aafdd
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.dsc
Size/MD5 checksum: 709
7a800a91469430a28ab1900ebb92ba83
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.diff.gz
Size/MD5 checksum: 372331
20d149f93e8093e4dbb365e9278ce741
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
Size/MD5 checksum: 519266
4db0503b5a62533db68b03908b981751
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_alpha.deb
Size/MD5 checksum: 185780
fbfdd560a6b3591165a757797198e931
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_alpha.deb
Size/MD5 checksum: 10376
3b5273e0e21ee40c5d540a22ff91b99a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_alpha.deb
Size/MD5 checksum: 8650
c5d672403f8038129d35022515e8a339
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_alpha.deb
Size/MD5 checksum: 205704
22b1261a845cea95520acd68cf6e74ec
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_amd64.deb
Size/MD5 checksum: 155358
8653e4d9403ff7baeefbc7c955b83eb7
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_amd64.deb
Size/MD5 checksum: 8474
ffad5870291f93584f70fa7645b54bdd
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_amd64.deb
Size/MD5 checksum: 7942
d32005b5de994f10f15dfb91a6caf507
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_amd64.deb
Size/MD5 checksum: 183366
6304fdc084b9e2ec433712b091e497c5
ARM architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_arm.deb
Size/MD5 checksum: 153978
e13ef5dd0694f3d0cc5836d2fdbddec0
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_arm.deb
Size/MD5 checksum: 8126
4ef59c62c86c0d567929d0e88fd4ebb9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_arm.deb
Size/MD5 checksum: 7076
ccc7721296431294a6a657ec5c4bf2a7
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_arm.deb
Size/MD5 checksum: 171352
afe13217c5566e0ecf26950bc9b2f4b5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_i386.deb
Size/MD5 checksum: 150416
0f2d4af07ce624a4fa3af2e0964e91a3
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_i386.deb
Size/MD5 checksum: 7860
4e0d60fa4cebefe5c434fbe2e5bf16e6
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_i386.deb
Size/MD5 checksum: 7354
3b6d8fc4ebc1314a35c307dd51ec1e1f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_i386.deb
Size/MD5 checksum: 172140
0f6b383d15e21f02a9db0f3b58d31864
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_ia64.deb
Size/MD5 checksum: 196584
25c9be6f81524a4641c8b7faf3f14b48
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_ia64.deb
Size/MD5 checksum: 10860
a04397bc288e8abe6f8094ac5cdfc8a8
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_ia64.deb
Size/MD5 checksum: 10544
97dec60626ea52e0ce3adf5df0619228
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_ia64.deb
Size/MD5 checksum: 232546
973a9a9a079936e682fe352dfb2eae0a
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_hppa.deb
Size/MD5 checksum: 173056
0960b569e9cc3c6533e4a2394b56b18a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_hppa.deb
Size/MD5 checksum: 9238
5699f6b933217187a165956a4adcf8c9
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_hppa.deb
Size/MD5 checksum: 9070
e82facecfb3184345b797176110c8795
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_hppa.deb
Size/MD5 checksum: 201596
df67a873b1f1781b5418479802780074
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_m68k.deb
Size/MD5 checksum: 137808
855cd148e584d2a47e15b893bc771076
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_m68k.deb
Size/MD5 checksum: 7114
1c2ffc6287c76e8b656ac4cc8cb45197
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_m68k.deb
Size/MD5 checksum: 6822
b23f138f206443979bef0f0d16429e9f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_m68k.deb
Size/MD5 checksum: 168122
fec535c555ffcec871f015251bb5d392
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mips.deb
Size/MD5 checksum: 166212
c3648e5b7be69cb95dd162d1532a4064
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mips.deb
Size/MD5 checksum: 9512
c4b9a6a610d879af5986eabeb819bd44
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mips.deb
Size/MD5 checksum: 8084
af031e50f98a270977aac6d3f60c37aa
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mips.deb
Size/MD5 checksum: 178910
0538e2bfe12f9fcd0d9b391adc4ca403
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mipsel.deb
Size/MD5 checksum: 167032
2739863166ce8ccdd7a289e47ce94e8f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mipsel.deb
Size/MD5 checksum: 9544
cdd63315a97c0ff14fa6982811d25ac4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mipsel.deb
Size/MD5 checksum: 8058
a7fee13884e082a5c0646c6723e757f4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mipsel.deb
Size/MD5 checksum: 180220
d15b93b2235a05eeba9ab2fdce88327e
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_powerpc.deb
Size/MD5 checksum: 163132
8562f340ba8cba0079fa6c36a5c3a384
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_powerpc.deb
Size/MD5 checksum: 9170
cd1fe56377a4313d54bbce1622c5f10f
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_powerpc.deb
Size/MD5 checksum: 9526
c9f4119ba2c4b9b2a00fd0b44b01358c
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_powerpc.deb
Size/MD5 checksum: 192594
3adc981ada6481239fc3c61af7781da2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_s390.deb
Size/MD5 checksum: 164994
c92cd17bdead77f5ab59a314208d07ea
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_s390.deb
Size/MD5 checksum: 8168
e4bce7d526b10a608e6238d0fb602131
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_s390.deb
Size/MD5 checksum: 7802
551bdf573b50cff118ff68360a249630
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_s390.deb
Size/MD5 checksum: 184668
d0917c0875e16ab54637f1ac1c299208
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_sparc.deb
Size/MD5 checksum: 155602
8c2980db112716debc75371df0ae3e3a
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_sparc.deb
Size/MD5 checksum: 8130
462d2e5c734a69f942dd73d67224f3d4
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_sparc.deb
Size/MD5 checksum: 7304
4935a0b91d3056e28b8375d99a13181c
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_sparc.deb
Size/MD5 checksum: 174592
93b600efa8160007aa687eb67b63b141
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 915-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
December 2nd, 2005 http://www.debian.org/security/faq
Package : helix-player
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2629
BugTraq ID : 15381
An integer overflow has been discovered in helix-player, the
helix audio and video player. This flaw could allow a remote
attacker to run arbitrary code on a victims computer by supplying a
specially crafted network resource.
This vulnerability is fixed by version 1.0.6-1 in unstable.
Helix-player is not currently in the testing distribution.
The old stable distribution (woody) does not contain a
helix-player package.
For the stable distribution (sarge) these problems have been
fixed in version 1.0.4-1sarge2.
For the unstable distribution (sid) these problems have been
fixed in version 1.0.6-1.
We recommend that you upgrade your helix-player package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc
Size/MD5 checksum: 908
5abe49b8d746b78b1f70016382d44a35
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz
Size/MD5 checksum: 9113
b7103af4ca93cb52cd548a4f7da43c3b
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
Size/MD5 checksum: 18044552
a277710be35426b317869503a4ad36d7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb
Size/MD5 checksum: 4289142
afe49d505b51edefe6b66e92720e9a62
PowerPC architecture:
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb
Size/MD5 checksum: 4415648
9a9ad7733abed7ffcd6c69ce366d576c
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Core
Fedora Update Notification
FEDORA-2005-1116
2005-12-01
Product : Fedora Core 3
Name : perl
Version : 5.8.5
Release : 18.FC3
Summary : The Perl programming language.
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl’s hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl’s most common applications are system
administration utilities and web programming. A large proportion of
the CGI scripts on the web are written in Perl. You need the perl
package installed on your system so that your system can handle
Perl scripts.
Install this package if you want to program in Perl or enable
your system to handle Perl scripts.
Update Information:
Fixes security vulnerabilites:
CVE-2005-3962:
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
CVE-2005-3912:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
CVE-2005-0452:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452
CVE-2004-0976:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
- Thu Dec 1 2005 Jason Vas Dias <jvdias@redhat.com> –
3:5.8.5-18.FC3- fix bug 174683 / CVE-2005-3962: sprintf integer overflow
vulnerability backport upstream patch #26240
- fix bug 174683 / CVE-2005-3962: sprintf integer overflow
- Wed Nov 9 2005 Jason Vas Dias <jvdias@redhat.com> –
3:5.8.5-17- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
while removing empty LD_RUN_PATH
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
- Tue Nov 8 2005 Jason Vas Dias <jvdias@redhat.com> –
3:5.8.5-17- fix CAN-2004-0976: insecure use of temporary files
- Wed Nov 2 2005 Jason Vas Dias <jvdias@redhat.com> –
3:5.8.5-17- fix bug 164772: panic (crash) on invalid UTF-8 in
Encode.xs - fix bug 172327 / upstream bug 37056: backport upstream patch
25084: prevent realloc recursion on nss get* ERANGE errno
- fix bug 164772: panic (crash) on invalid UTF-8 in
- Tue Nov 1 2005 Jason Vas Dias <jvdias@redhat.com> –
3:5.8.5-17- fix bug 170088: broken h2ph fixed with h2ph from 5.8.7
- fix bug 171111 / upstream bug 37535: IOCPARM_LEN should be
_IOC_SIZE - fix bug 172236: make h2ph pick up gcc built-in include
directory
- Tue Aug 2 2005 Petr Rockai <prockai@redhat.com> –
3:5.8.5-16- update filter-depends.sh to get rid of FCGI requires
- Wed Jul 27 2005 Petr Rockai <prockai@redhat.com> –
3:5.8.5-15- remove incorrect Provides on FCGI and Mac::File, cf.
BR148848
- remove incorrect Provides on FCGI and Mac::File, cf.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
2ebe04eeb426388b213977c552e6a004
SRPMS/perl-5.8.5-18.FC3.src.rpm
bb9e5f6a8e05992e4c74e532841cf686
x86_64/perl-5.8.5-18.FC3.x86_64.rpm
2d70d5e1b85d8d6f0a11cd2ef4a6b3cd
x86_64/perl-suidperl-5.8.5-18.FC3.x86_64.rpm
d4904e4d622040a34d905c7bfa4a0a03
x86_64/debug/perl-debuginfo-5.8.5-18.FC3.x86_64.rpm
946544c3a8d689c3521719a2205d1aea
i386/perl-5.8.5-18.FC3.i386.rpm
0dd03d80622fdbac49b53a0b76a6cf45
i386/perl-suidperl-5.8.5-18.FC3.i386.rpm
aa479beda71d9c015e283b769e4465a7
i386/debug/perl-debuginfo-5.8.5-18.FC3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:166943
Issue date: 2005-12-02
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2498 CVE-2005-3390 CVE-2005-3389 CVE-2005-3388
CVE-2005-3353
1. Topic:
Updated PHP packages that fix multiple security issues are now
available.
PHP is an HTML-embedded scripting language commonly used with
the Apache HTTP Web server.
[Updated 2nd December 2005]
Red Hat Linux 9 packages have been updated to add missing security
patches.
2. Relevant releases/architectures:
Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
3. Problem description:
A bug was discovered in the PEAR XML-RPC Server package included
in PHP. If a PHP script is used which implements an XML-RPC Server
using the PEAR XML-RPC package, then it is possible for a remote
attacker to construct an XML-RPC request which can cause PHP to
execute arbitrary PHP commands as the ‘apache’ user. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-2498 to this issue.
A flaw was found in the way PHP registers global variables
during a file upload request. A remote attacker could submit a
carefully crafted multipart/form-data POST request that would
overwrite the $GLOBALS array, altering expected script behavior,
and possibly leading to the execution of arbitrary PHP commands.
Please note that this vulnerability only affects installations
which have register_globals enabled in the PHP configuration file,
which is not a default or recommended option. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2005-3390 to this issue.
A flaw was found in the PHP parse_str() function. If a PHP
script passes only one argument to the parse_str() function, and
the script can be forced to abort execution during operation (for
example due to the memory_limit setting), the register_globals may
be enabled even if it is disabled in the PHP configuration file.
This vulnerability only affects installations that have PHP scripts
using the parse_str function in this way. (CVE-2005-3389)
A Cross-Site Scripting flaw was found in the phpinfo() function.
If a victim can be tricked into following a malicious URL to a site
with a page displaying the phpinfo() output, it may be possible to
inject javascript or HTML content into the displayed page or steal
data such as cookies. This vulnerability only affects installations
which allow users to view the output of the phpinfo() function. As
the phpinfo() function outputs a large amount of information about
the current state of PHP, it should only be used during debugging
or if protected by authentication. (CVE-2005-3388)
A denial of service flaw was found in the way PHP processes EXIF
image data. It is possible for an attacker to cause PHP to crash by
supplying carefully crafted EXIF image data. (CVE-2005-3353)
Users of PHP should upgrade to these updated packages, which
contain backported patches that resolve these issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
8bdf500386f11c6484c04361095061cce6c5c5f8
redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
592c870e99523279267a0daea98c7dc08b09e5ca
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
9f84a76296d88673ba8354f416a6ee75b86afb3f
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
8c4b7136f2cac5f8eea394db819e0f67a973e4ff
redhat/7.3/updates/i386/php-ldap