-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmmm... That's a pretty strange subject for a Security Advisory! :-)
- -------- Original Message -------- Subject: unsubscribe Resent-Date: Mon, 10 Oct 2005 14:30:46 -0500 (CDT) Resent-From: [email protected] Date: Mon, 10 Oct 2005 21:07:42 +0200 From: security <[EMAIL PROTECTED]> To: [email protected] References: <[EMAIL PROTECTED]> Martin Schulze wrote: > -------------------------------------------------------------------------- > Debian Security Advisory DSA 858-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > October 10th, 2005 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : xloadimage > Vulnerability : buffer overflows > Problem type : local (remote) > Debian-specific: no > CVE ID : CAN-2005-3178 > Debian Bug : 332524 > > Ariel Berkman discovered several buffer overflows in xloadimage, a > graphics file viewer for X11, that can be exploited via large image > titles and cause the execution of arbitrary code. > > For the old stable distribution (woody) these problems have been fixed in > version 4.1-10woody2. > > For the stable distribution (sarge) these problems have been fixed in > version 4.1-14.3. > > For the unstable distribution (sid) these problems have been fixed in > version 4.1-15. > > We recommend that you upgrade your xloadimage package. > > > Upgrade Instructions > -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.dsc > Size/MD5 checksum: 608 2b194d25f2cd86d8c1b1f2f5a467bcc9 > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.diff.gz > Size/MD5 checksum: 50186 53a9172758b709cf3f0e99936d47c4a4 > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz > Size/MD5 checksum: 596021 7331850fc04056ab8ae6b5725d1fb3d2 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_alpha.deb > Size/MD5 checksum: 139088 7be358557b829074706d31d8e02482e6 > > ARM architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_arm.deb > Size/MD5 checksum: 111128 6b7317be277325f505f73e15e4a2e5d1 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_i386.deb > Size/MD5 checksum: 105382 0ab75115524b1bc8de2e6ef3f4a44eeb > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_ia64.deb > Size/MD5 checksum: 169892 25d4ed26d2a77ef23e496daf5f7123e0 > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_hppa.deb > Size/MD5 checksum: 125956 92a18e4bfb850b4e0d45edd854241bef > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_m68k.deb > Size/MD5 checksum: 99060 d8b7db59ee60184b1c6655d44ae9d8ab > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mips.deb > Size/MD5 checksum: 119736 3224dc48075eebeb2204e24f41a9be8b > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mipsel.deb > Size/MD5 checksum: 119622 0309e0d20f98b0baf6b9d464dc2f9c92 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_powerpc.deb > Size/MD5 checksum: 112998 bb0d48772430bacf901f91413e58b8cb > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_s390.deb > Size/MD5 checksum: 113296 7704a714f140c824f9a76a68bb0cf5fb > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_sparc.deb > Size/MD5 checksum: 115220 c42cc65553599e953baf2140c5f63365 > > > Debian GNU/Linux 3.1 alias sarge > -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.dsc > Size/MD5 checksum: 613 c22e9b8a14b2e3cb09db7b0eaaceb74e > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.diff.gz > Size/MD5 checksum: 66821 75afd2e1725f602ea7ee6c31677de491 > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz > Size/MD5 checksum: 596021 7331850fc04056ab8ae6b5725d1fb3d2 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_alpha.deb > Size/MD5 checksum: 144484 b56080219d894c106d3930893e0c5efb > > AMD64 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_amd64.deb > Size/MD5 checksum: 117762 f96ca8e4fd5c8181508cda671e250835 > > ARM architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_arm.deb > Size/MD5 checksum: 113260 6f70e2fd9b04aab3acb31e8f32d8004f > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_i386.deb > Size/MD5 checksum: 112570 939143ec3b3c1a9de86a3d239c21dd9d > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_ia64.deb > Size/MD5 checksum: 168800 ce97c7a1db1491382d7bec6388920098 > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_hppa.deb > Size/MD5 checksum: 127336 307fcd295e7f63204f21c3484dc07d84 > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_m68k.deb > Size/MD5 checksum: 102792 bd1d5a3337433499a89946f6377ac3c6 > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mips.deb > Size/MD5 checksum: 124776 8bfe51681d7619d7850325ea00f87f5a > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mipsel.deb > Size/MD5 checksum: 125416 027a884f264f32c67b1d5cc0c9d48e98 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_powerpc.deb > Size/MD5 checksum: 120466 3ed583a03a58367e6e26d99d1f30f050 > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_s390.deb > Size/MD5 checksum: 120484 3990984d86ef50845d894b57d0036f36 > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_sparc.deb > Size/MD5 checksum: 112758 d9d7f94f2722b0a9b1fd7ea09955e3e7 > > > These files will probably be moved into the stable distribution on > its next update. > > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] - -- Felipe Augusto van de Wiel (faw) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFDSta3CjAO0JDlykYRAp6UAKC7bj7bAY7M0XzTSOC5z/62wDFU4ACfRJCa LBifN3VjfjJlppWbyHeNOYM= =Ppnf -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
