-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-190-1 securityat_private http://www.debian.org/security/ Wichert Akkerman November 7, 2002 - ------------------------------------------------------------------------ Package : wmaker Problem type : buffer overflow Debian-specific: no Al Viro found a problem in the image handling code use in Window Maker, a popular NEXTSTEP like window manager. When creating an image it would allocate a buffer by multiplying the image width and height, but did not check for an overflow. This makes it possible to overflow the buffer. This could be exploited by using specially crafted image files (for example when previewing themes). This has been fixed in version 0.80.0-4.1. - ------------------------------------------------------------------------ Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at http://www.debian.org/security/ - ------------------------------------------------------------------------ Debian GNU/Linux 3.0 alias woody - -------------------------------- Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. At this moment packages for mipsel are not yet available. Source archives: http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz Size/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430 http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz Size/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fb http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc Size/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb Size/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0 http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb Size/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb Size/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146 http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb Size/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721e http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb Size/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb Size/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb Size/MD5 checksum: 107852 23a35885f237a23b733ef105438761aa http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb Size/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fe http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb Size/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefeb http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb Size/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410de hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb Size/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb Size/MD5 checksum: 117434 10303109fd46a2e3b0dc54e422d73bc8 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb Size/MD5 checksum: 104508 e7d881619da171e82a796aede8d71dba http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb Size/MD5 checksum: 59880 26a96fa9a6422861ec56f2207e40dd92 http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb Size/MD5 checksum: 395706 9ca65c6d9892555c3b169e9fe96af82b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb Size/MD5 checksum: 58934 1e1ea0a1dbc7fbf0110aa729e98dd8ad http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb Size/MD5 checksum: 100986 982412044d618f6d93e8b60f48016329 http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb Size/MD5 checksum: 2035984 0677927edc56824f2d38237c875ec76a http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb Size/MD5 checksum: 93466 c7ff10540e773703762acc2c4b69a338 http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb Size/MD5 checksum: 305248 91159acc6ae18dbb5e53c3ac3cbfe765 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb Size/MD5 checksum: 133780 08e0e30df9f399ade6f6c6774b03069c http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb Size/MD5 checksum: 2557644 91951626efc89ffc244391bd1d11256e http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb Size/MD5 checksum: 61228 bd1adfd645260243a4ba046f61045534 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb Size/MD5 checksum: 122830 0d7b69562e8c700f5ee78a1fed0047ec http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb Size/MD5 checksum: 494558 e41935522601cc2e90e39d7393c346c9 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb Size/MD5 checksum: 91402 1165b0a8fadf4e457df9e2603b01b98f http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb Size/MD5 checksum: 293348 f07a355b3bb9c861c85fa748031e4ece http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb Size/MD5 checksum: 58924 20fed2a566ffc90e1153a2140aafa1b6 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb Size/MD5 checksum: 97888 bec514f995c629145171f6002399b18f http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb Size/MD5 checksum: 1977478 b502aacb81c5a368cd1b506168758357 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb Size/MD5 checksum: 386242 f74242056c3371b73040b2e4f0ede9a4 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb Size/MD5 checksum: 97494 1c3e38459edb247524ab8af00fbf46bd http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb Size/MD5 checksum: 2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb Size/MD5 checksum: 113006 ec763a7c2f7122a8664ac316ec90a25b http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb Size/MD5 checksum: 59998 0b046f3d3dc66851eb06dce2b39eeeaf powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb Size/MD5 checksum: 110198 b048be171736c11d8460c5cb8bd70d9f http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb Size/MD5 checksum: 2080496 9bc6d5cd6dc38cf4d807b7f19806120f http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb Size/MD5 checksum: 59360 1bd0d211921282ce8b92b339b6a9c82f http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb Size/MD5 checksum: 349716 97360ccc35c0ac9381408ba11171e480 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb Size/MD5 checksum: 97058 45798aab8fd1548886971c9e1de8e986 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb Size/MD5 checksum: 2054012 ea1f2c7c787421b75350253dfc02d204 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb Size/MD5 checksum: 102970 57484d85388fca52b6434f3b502bbb58 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb Size/MD5 checksum: 96718 7a6a6831c6cf76d0b6ac3f4f39c52280 http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb Size/MD5 checksum: 319682 07af4e4067aa1297746b65c6c396d781 http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb Size/MD5 checksum: 59216 b7ec2bb441654d68cf94d06c9f8fdcf9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb Size/MD5 checksum: 59126 aab1f4783be8045398e09dcedba338a2 http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb Size/MD5 checksum: 2071848 8bd9945b9f8561a800a2cba18c8a0306 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb Size/MD5 checksum: 95976 07cf420ca394c83595e906e5f8d21911 http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb Size/MD5 checksum: 105984 087137527a8c5ec0a8b6c8d23f2da17a http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb Size/MD5 checksum: 329092 8a3594e3f6773274a2bf7adb628b5d04 - -- - ---------------------------------------------------------------------------- Debian Security team <teamat_private> http://www.debian.org/security/ Mailing-List: debian-security-announceat_private -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBPcpmlqjZR/ntlUftAQF4NwL/c62WenyQuhx9lSljBQgxZDmKw4+euKJC bKJx3c7cck2WCIQpJ6up3wBGGZnuznGimi/p8MWq2u5TdyPed3+Z6+U8YBQcqDQ6 OL/swRbUc1dGRGzvaJTi5yLZVjR5eTaH =JzSg -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 08:07:46 PST