Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.0449 -- [Debian]
libwmf: Execute Arbitrary Code
8 May 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libwmf
Publisher: Debian
Operating System: Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2009-1364
Ref: ESB-2009.0424
Original Bulletin: http://www.debian.org/security/2009/dsa-1796
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA-1796-1 security@debian.org
http://www.debian.org/security/ Nico Golde
April 7th, 2009 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : libwmf
Vulnerability : pointer use-after-free
Problem type : local (remote)
Debian-specific: no
Debian bug : 526434
CVE ID : CVE-2009-1364
Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed. An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.
For the oldstable distribution (etch), this problem has been fixed in
version 0.2.8.4-2+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 0.2.8.4-6+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.4-6.1.
We recommend that you upgrade your libwmf packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Debian (oldstable)
- - ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.diff.gz
Size/MD5 checksum: 7644 2b4fed248a00761fd52d0121b1a85bc3
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.dsc
Size/MD5 checksum: 777 3cee5266c519e54d0da6af8e7bfce4fb
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0
Architecture independent packages:
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-2+etch1_all.deb
Size/MD5 checksum: 285000 dad2e5a29f12e8eb1044aa0e8711f9ca
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_alpha.deb
Size/MD5 checksum: 20778 cb687c76275147f88647cc66432c7e19
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_alpha.deb
Size/MD5 checksum: 266074 b339918318e45eb257f17a118189ce84
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_alpha.deb
Size/MD5 checksum: 202096 d17c7648e7a36c487cc350a2337a9895
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_amd64.deb
Size/MD5 checksum: 18236 c297e08f3ef5b051539e953e86c079ef
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_amd64.deb
Size/MD5 checksum: 181534 84d6098d1c8664b140af1133a2131a21
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_amd64.deb
Size/MD5 checksum: 207970 38bb87b9709162127b1781f1f94faabd
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_arm.deb
Size/MD5 checksum: 17282 babef9667a9f4b08caefd35768a3a46d
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_arm.deb
Size/MD5 checksum: 193728 e746d7645a15cd86949b100cdf45b40d
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_arm.deb
Size/MD5 checksum: 171004 5a3619cbce2f2a5c372b95264b89deeb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_hppa.deb
Size/MD5 checksum: 233692 cd29f5b00baf76ff13024fbb86f6d9e3
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_hppa.deb
Size/MD5 checksum: 199222 8065d7a00098dc8369db734a05b9c17f
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_hppa.deb
Size/MD5 checksum: 20012 248ff058981781eb05dd840e267be350
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_i386.deb
Size/MD5 checksum: 16972 6c9b82eb6ec8bae312e3b9560287f128
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_i386.deb
Size/MD5 checksum: 173774 574bd6bfae2c31dd6b327adbc3f8198e
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_i386.deb
Size/MD5 checksum: 196458 fd9303e305f980531f7189bde27cf9d2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_ia64.deb
Size/MD5 checksum: 302452 52a71013e006a01c8c9fa9812dcbbce8
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_ia64.deb
Size/MD5 checksum: 26150 8d4c7ca669c634d5a4a0c038f603f8b8
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_ia64.deb
Size/MD5 checksum: 264844 21f1ff094fd730d04e7e2b4377b874f6
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_mips.deb
Size/MD5 checksum: 229336 d52a35cbfe9b5bc6791f43b894f6bda8
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_mips.deb
Size/MD5 checksum: 176096 5dc5d4b8417ddcdca85ccac83c7072ef
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_mips.deb
Size/MD5 checksum: 18994 80122014dde275e45efb64b4451603e8
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_powerpc.deb
Size/MD5 checksum: 186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_powerpc.deb
Size/MD5 checksum: 207140 10bbafbc62f653e29b2f8c88bbdd9b02
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_powerpc.deb
Size/MD5 checksum: 22900 543ae9e4df3d297121f899b634636713
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_s390.deb
Size/MD5 checksum: 18116 1206f23d337f638a7bf405fae7f9a7a1
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_s390.deb
Size/MD5 checksum: 203422 4d8465b694e76c2b5a58d3787b4914c6
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_s390.deb
Size/MD5 checksum: 183234 639d7e103590d7688224d9f5502126b0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_sparc.deb
Size/MD5 checksum: 173576 4d7b14354b5c143ed4fa096bbcb1a752
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_sparc.deb
Size/MD5 checksum: 203976 f319ee7010a0efd187db5023359a8beb
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_sparc.deb
Size/MD5 checksum: 17268 bb5de5301730ce0cd417e6e945838512
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Debian (stable)
- - ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.diff.gz
Size/MD5 checksum: 7894 4f82263c3909e9b63e0cbc7ed10e997d
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.dsc
Size/MD5 checksum: 1195 ca8aa8b0ca3a03408032af1ff3882569
Architecture independent packages:
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-6+lenny1_all.deb
Size/MD5 checksum: 285920 c5388d928771785efcbf9cecb6c589a1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_alpha.deb
Size/MD5 checksum: 20598 d06f257a8d9ac39374bd69327bb44856
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_alpha.deb
Size/MD5 checksum: 263434 8daea32a448767b08e888f051dcc95f7
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_alpha.deb
Size/MD5 checksum: 203738 e9ac47fa10381c5510c5ace60b920c1a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_amd64.deb
Size/MD5 checksum: 18992 49529a2273c18658ed927016b33e0ff5
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_amd64.deb
Size/MD5 checksum: 186908 79c5cf0608709bb8a8e52547a050e94c
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_amd64.deb
Size/MD5 checksum: 210036 b933a8713fee44409613401692602bc9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_arm.deb
Size/MD5 checksum: 16936 de40799cfcd047a65470c67d90c99996
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_arm.deb
Size/MD5 checksum: 173436 7ac2f9516551b7e87c58e9b3c90c4aae
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_arm.deb
Size/MD5 checksum: 193904 70ff03d5f3353a7921b9e64a7d575865
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_armel.deb
Size/MD5 checksum: 181438 af85015b825f8ff0afe5013b9198f612
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_armel.deb
Size/MD5 checksum: 18334 5b6ebb4cf15385f5ee4cb5994ceca5e0
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_armel.deb
Size/MD5 checksum: 199168 ac0f164a3f1cb5773351026db81c3b4a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_hppa.deb
Size/MD5 checksum: 19770 3bef399e7872f710e425bd4f9e4327a6
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_hppa.deb
Size/MD5 checksum: 201662 faf3930f62f1e8040b98df980e011b57
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_hppa.deb
Size/MD5 checksum: 236120 f92e57dfc0f888949f2d54f6ee9687a1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_i386.deb
Size/MD5 checksum: 176452 a70ddf1417312c0acad56e05403b8875
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_i386.deb
Size/MD5 checksum: 194024 f3d7fb16b81a8df01eccb01dfce91cc4
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_i386.deb
Size/MD5 checksum: 16928 572efd6f96ec0aad181fea0ba46e96f2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_ia64.deb
Size/MD5 checksum: 25766 6dc665e9ced6a39c279eb93abcf1469f
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_ia64.deb
Size/MD5 checksum: 304474 60d47ed04099d9128c255097536b59fd
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_ia64.deb
Size/MD5 checksum: 270232 6e92952dc90896353b46392f2a5d0edb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mips.deb
Size/MD5 checksum: 18192 c962575a11e80c524148034e335c02b3
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mips.deb
Size/MD5 checksum: 229846 23e8811e367af817997a8dc2c87f45c7
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mips.deb
Size/MD5 checksum: 179160 907f41074981099e5b970ba373770483
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mipsel.deb
Size/MD5 checksum: 223738 d719ba660f5a356e982fd173f51bcf73
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mipsel.deb
Size/MD5 checksum: 17854 8f1b053ebe04427d7ecdbad974865302
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mipsel.deb
Size/MD5 checksum: 180004 4effa6b4a227d70e574106d88150660d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_powerpc.deb
Size/MD5 checksum: 214354 e7433c7790e0b0456c415d84c9dd7cd2
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_powerpc.deb
Size/MD5 checksum: 27392 7282af7c836ee8c2339e48f04885e955
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_powerpc.deb
Size/MD5 checksum: 196128 61d4022bd0ac9028e6fac9b8521a3fd3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_s390.deb
Size/MD5 checksum: 203604 6195247347970250b62101f6b798409b
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_s390.deb
Size/MD5 checksum: 18624 3c2be19a55bb550e1a6383b93f0eda9e
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_s390.deb
Size/MD5 checksum: 186986 17b24ed61aea2f6153f700378d512e02
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_sparc.deb
Size/MD5 checksum: 177318 02b2b31bb88340a03e58ad679370e3aa
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_sparc.deb
Size/MD5 checksum: 200278 9e0041b2d3b87acfbcf9fd1790677859
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_sparc.deb
Size/MD5 checksum: 17748 5f0f3860c1af2bba8e6a77cb9ed67cca
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoDCo0ACgkQHYflSXNkfP8TYgCfT4n7imxW2vBRC1vCFgz/AB3+
lv8AoKrcIB/i5m/JAsssjkDLkr1GH8v8
=om0D
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKA7cQNVH5XJJInbgRArHzAJ9nIbW2AvOgfqX/TiszfE2CD7pXXwCfW07f
Xrws2H/PmvNDso/RwOUH6eU=
=uyh+
-----END PGP SIGNATURE-----