-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1159
           New camlimages packages fix arbitrary code execution
                              10 August 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           camlimages
Publisher:         Debian
Operating System:  Debian GNU/Linux 4
                   Debian GNU/Linux 5
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-2660  

Original Bulletin: 
   http://www.debian.org/security/2009/dsa-1857

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running camlimages check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1857-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
August 10, 2009                       http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : camlimages
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2009-2660
Debian Bug     : 540146

Tielei Wang discovered that CamlImages, an open source image processing
library, suffers from several integer overflows which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution. This advisory addresses issues with the reading of JPEG and
GIF Images, while DSA 1832-1 addressed the issue with PNG images.

For the oldstable distribution (etch), this problem has been fixed in
version 2.20-8+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 1:2.2.0-4+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 1:3.0.1-3.


We recommend that you upgrade your camlimages package.


Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.diff.gz
    Size/MD5 checksum:     9346 cf4767d4ac5521e64b409605f3803506
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.dsc
    Size/MD5 checksum:      904 9dc39921e9569777eeb24c38b0ba0fae

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch2_all.deb
    Size/MD5 checksum:   600500 16d54539aab49f9f6c7cc5a8fe7bbf92

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_alpha.deb
    Size/MD5 checksum:  1024080 5bb5670e039095dd74fc09831faacb25
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_alpha.deb
    Size/MD5 checksum:    29454 c48de53b96d1358e56a1b9f1b0795527

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_amd64.deb
    Size/MD5 checksum:   820030 668fab0f7d5416229ec40bcbb508db82
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_amd64.deb
    Size/MD5 checksum:    27888 d54c0e9a04629c4226b61a9b49f538e3

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_arm.deb
    Size/MD5 checksum:   879818 60f8dc22fb087ee654ff9375ac38359f
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_arm.deb
    Size/MD5 checksum:    26028 3b3bf2cdf56485a29b871274519b6bc6

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_hppa.deb
    Size/MD5 checksum:   482842 d5573f24528c510df3144e0096e1a7f1
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_hppa.deb
    Size/MD5 checksum:    30270 530aca3cc44c9b4d1afedc89dbb19722

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_i386.deb
    Size/MD5 checksum:    24594 2a25218e9ad03594f8c22f884e850cff
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_i386.deb
    Size/MD5 checksum:   845868 a4abd61aa97cfb9996e0641c9ed9f378

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_ia64.deb
    Size/MD5 checksum:  1101544 a4c3c311105476617a51f6067d91f015
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_ia64.deb
    Size/MD5 checksum:    36510 368745aec6d1ea85becb03c0b8028fed

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mips.deb
    Size/MD5 checksum:   467426 40b73c7cb6ebb04a02a29663828652d1
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mips.deb
    Size/MD5 checksum:    25758 e882e1deca67f0c8860a645a14460967

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mipsel.deb
    Size/MD5 checksum:    25730 0e46cf01caa08a6ab71f71a28e2cd8a1
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mipsel.deb
    Size/MD5 checksum:   427706 1b8a689d484552d08f564548f4d3abf9

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_powerpc.deb
    Size/MD5 checksum:    33080 0f1a2238accd05c53d919b7d3856cca9
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_powerpc.deb
    Size/MD5 checksum:   963968 1b0e5da88c0cdf5679d08699a8403173

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_sparc.deb
    Size/MD5 checksum:   915706 1c5379e299fea7eb8bceaaa2d01b86af
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_sparc.deb
    Size/MD5 checksum:    24820 84a97496ae1366cf589e725ce2d2add9


Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.dsc
    Size/MD5 checksum:     1704 e31602e616bfb495c440e6ff2d4a8cc4
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.diff.gz
    Size/MD5 checksum:    10276 9951858aae15e9eaeeeb8bda63ee49a2

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny2_all.deb
    Size/MD5 checksum:   601216 8c425e344795481cb0c7080b7a9bcf27

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_alpha.deb
    Size/MD5 checksum:   543736 b6e09d20f6e1a8164bbbae7d22b62e31
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_alpha.deb
    Size/MD5 checksum:    32438 ea87852f43bb8c43ae5a339606f7ee1e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_amd64.deb
    Size/MD5 checksum:   978978 9f9a77d4efc81fda2cf930dd5fa7a4d2
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_amd64.deb
    Size/MD5 checksum:    31546 56c8c4e3e7cfce3a1f7ee50fd2b42697

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_arm.deb
    Size/MD5 checksum:   571634 b67876154217a5a0c66c896bec6ef46d
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_arm.deb
    Size/MD5 checksum:    29200 4f0a1b4fa67cf8b3dbc6f640768a8a3b

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_armel.deb
    Size/MD5 checksum:   572294 919fa4aac6b6c3c44e8dbda6dc8aba3a
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_armel.deb
    Size/MD5 checksum:    30012 b3fda0b39e0fe5a94f608b2664076b0e

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_hppa.deb
    Size/MD5 checksum:   588858 f80e9e8768c7782f14ec9a695b3f0dee
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_hppa.deb
    Size/MD5 checksum:    33210 83d6ac320847d66c843d82450fe147ad

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_i386.deb
    Size/MD5 checksum:   953792 e9b7136b5706fce67e6ff199b6b85148
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_i386.deb
    Size/MD5 checksum:    27806 c70d399a74066ded2a200bce05f857ee

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_ia64.deb
    Size/MD5 checksum:   546404 d3c66dbcd96b2c979561ce88130fe4d5
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_ia64.deb
    Size/MD5 checksum:    39908 836473e40186da716daa1706b0847b8b

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mips.deb
    Size/MD5 checksum:    28564 5d9082f4da49378377cd6f474c5cd2de
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mips.deb
    Size/MD5 checksum:   517662 9214d6a0e3c2ea0bb2168407d807231b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mipsel.deb
    Size/MD5 checksum:   516288 9a1097c612de8ccc91334e9739d992bc
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mipsel.deb
    Size/MD5 checksum:    28586 9bab86b4ac11757c66bfda987415a577

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_powerpc.deb
    Size/MD5 checksum:    39032 ac500e3472c118015b8b22716b16663e
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_powerpc.deb
    Size/MD5 checksum:   988710 63c40e8f37fd9724ced5c09ec0cebae3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_s390.deb
    Size/MD5 checksum:   542084 79beed9662ba01af642d472f4918d720
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_s390.deb
    Size/MD5 checksum:    30950 7b4400fe856c9d197da23128e1983b66

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_sparc.deb
    Size/MD5 checksum:    28182 0b8f98591ab9dc3650b0951510a80336
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_sparc.deb
    Size/MD5 checksum:  1040682 517ca3b7c2ebc8c090e91521b22cd20b


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp/b5UACgkQ62zWxYk/rQeGgACgsOS9mIn5ElhLXjXhpanTM3xX
C1kAoJHPbaMLsDe/P9Haus9eyu+tiBNk
=dXvE
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFKf5mfNVH5XJJInbgRAje/AJ4oXQiuqPfu5ooCf2p8Yept8soifwCeOO2b
tAkukwrNgmpy/z67KkL+9EQ=
=8aY8
-----END PGP SIGNATURE-----