List Info

Thread: New libextractor packages fix arbitrary code execution
New libextractor packages fix arbitrary code execution
user name
 2006-05-29 07:31:17 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-
------------------------------------------------------------
--------------
Debian Security Advisory DSA 1081-1                   
securitydebian.org
http://www.debian.org
/security/                             Martin Schulze
May 29th, 2006                          http://www.debian.
org/security/faq
-
------------------------------------------------------------
--------------

Package        : libextractor
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-2458
BugTraq ID     : 18021

Luigi Auriemma discovered a buffer overflow in the
processing of ASF
files in libextractor, a library to extract arbitrary
meta-data from
files., which can lead to the execution of arbitrary code.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been
fixed in
version 0.4.2-2sarge5.

For the unstable distribution (sid) this problem has been
fixed in
version 0.5.14-1.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line
for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from
the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/libextractor_0.4
.2-2sarge5.dsc
      Size/MD5 checksum:      778
c3215a74f69c129ed235db8b5fe178e6
    http://security
.debian.org/pool/updates/main/libe/libextractor/libextractor
_0.4.2-2sarge5.diff.gz
      Size/MD5 checksum:     7079
d2037e9f74bef85bf4a73f852ddfafad
    http://security.deb
ian.org/pool/updates/main/libe/libextractor/libextractor_0.4
.2.orig.tar.gz
      Size/MD5 checksum:  5887095
d99e1b13a017d39700e376a0edbf7ba2

  Alpha architecture:

    http://security.de
bian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2
sarge5_alpha.deb
      Size/MD5 checksum:    19598
815bb87bcc9d5e143513c8adff67b338
    http://secur
ity.debian.org/pool/updates/main/libe/libextractor/libextrac
tor1_0.4.2-2sarge5_alpha.deb
      Size/MD5 checksum:  5804952
22c415c2aee20ed8007a2d0662bebad6
    http://s
ecurity.debian.org/pool/updates/main/libe/libextractor/libex
tractor1-dev_0.4.2-2sarge5_alpha.deb
      Size/MD5 checksum:    19384
2f3a45d22e6a52721ed57543f199313f

  AMD64 architecture:

    http://security.de
bian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2
sarge5_amd64.deb
      Size/MD5 checksum:    18270
1a47010ad219b069f264a8024fd72aed
    http://secur
ity.debian.org/pool/updates/main/libe/libextractor/libextrac
tor1_0.4.2-2sarge5_amd64.deb
      Size/MD5 checksum:  5641542
efb4ac008ec794d8d17d1eb214ad3542
    http://s
ecurity.debian.org/pool/updates/main/libe/libextractor/libex
tractor1-dev_0.4.2-2sarge5_amd64.deb
      Size/MD5 checksum:    17548
d6763b38aca5065486aa3c45f49dd2e0

  ARM architecture:

    http://security.debi
an.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sa
rge5_arm.deb
      Size/MD5 checksum:    17648
7e52bda1ca202ea165cf305092d063f7
    http://securit
y.debian.org/pool/updates/main/libe/libextractor/libextracto
r1_0.4.2-2sarge5_arm.deb
      Size/MD5 checksum:  5710838
71d5589d4a0c3815a0b24474fb44af68
    http://sec
urity.debian.org/pool/updates/main/libe/libextractor/libextr
actor1-dev_0.4.2-2sarge5_arm.deb
      Size/MD5 checksum:    16964
0bc00d8fa937e1958c4db72f01566732

  Intel IA-32 architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_i386.deb
      Size/MD5 checksum:    17788
09bb0f12aa606fb48b7574305ccd8abc
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_i386.deb
      Size/MD5 checksum:  5713332
234c03f92ed071fdc69844e04523514c
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_i386.deb
      Size/MD5 checksum:    16706
5c5744dc49991cf0789a33f8a43557e1

  Intel IA-64 architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_ia64.deb
      Size/MD5 checksum:    20578
ade1344228270f2a2faede7e2507913c
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_ia64.deb
      Size/MD5 checksum:  5905588
d1d4a949aecc95d5a3715a5e1bcc4b70
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_ia64.deb
      Size/MD5 checksum:    19328
6aa6ab7c949e0dd8771b8961f97fbe4b

  HP Precision architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_hppa.deb
      Size/MD5 checksum:    18728
fbd85db9bf81bd503cd9101d782e7610
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_hppa.deb
      Size/MD5 checksum:  5687480
0ead195a721a06e0361b33da33e2cb6c
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_hppa.deb
      Size/MD5 checksum:    17880
9cd7927dece9ba96f162cb4a3e94b62c

  Motorola 680x0 architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_m68k.deb
      Size/MD5 checksum:    17366
c5b4f3d26088cd7e20bddf43607ad460
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_m68k.deb
      Size/MD5 checksum:  5708448
2be9420e48bda34ee4b7ca60a08007d3
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_m68k.deb
      Size/MD5 checksum:    16574
5ef21edcb2b7be36a3e5bb13355a60bf

  Big endian MIPS architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_mips.deb
      Size/MD5 checksum:    18586
d024ee53f3337ec967a0b660c2a8d781
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_mips.deb
      Size/MD5 checksum:  5729374
80e33bbc9f3347e296d34bdfce142a90
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_mips.deb
      Size/MD5 checksum:    17882
563942bd2a628afbc5a2475d5e9de5ec

  Little endian MIPS architecture:

    http://security.d
ebian.org/pool/updates/main/libe/libextractor/extract_0.4.2-
2sarge5_mipsel.deb
      Size/MD5 checksum:    18640
acb9a3bca9d8ded8a1a58762be94d1b6
    http://secu
rity.debian.org/pool/updates/main/libe/libextractor/libextra
ctor1_0.4.2-2sarge5_mipsel.deb
      Size/MD5 checksum:  5727126
0e0346025b7ab811d9157fe5b6742499
    http://
security.debian.org/pool/updates/main/libe/libextractor/libe
xtractor1-dev_0.4.2-2sarge5_mipsel.deb
      Size/MD5 checksum:    17918
61e23eb764acadc7af516a77451e0fb9

  PowerPC architecture:

    http://security.
debian.org/pool/updates/main/libe/libextractor/extract_0.4.2
-2sarge5_powerpc.deb
      Size/MD5 checksum:    19770
7acbd573f6316a70ae546ea67aa90d96
    http://sec
urity.debian.org/pool/updates/main/libe/libextractor/libextr
actor1_0.4.2-2sarge5_powerpc.deb
      Size/MD5 checksum:  5678108
1837c793ee66dd1808b2fa45e97c5a5a
    http:/
/security.debian.org/pool/updates/main/libe/libextractor/lib
extractor1-dev_0.4.2-2sarge5_powerpc.deb
      Size/MD5 checksum:    17740
4977aa16ee70428ed20b8bca1822c7d4

  IBM S/390 architecture:

    http://security.deb
ian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2s
arge5_s390.deb
      Size/MD5 checksum:    18154
6aa5dffe5d0e7ad9c7b0393e58317756
    http://securi
ty.debian.org/pool/updates/main/libe/libextractor/libextract
or1_0.4.2-2sarge5_s390.deb
      Size/MD5 checksum:  5768262
83c28645ee0719728be1436d5d61e697
    http://se
curity.debian.org/pool/updates/main/libe/libextractor/libext
ractor1-dev_0.4.2-2sarge5_s390.deb
      Size/MD5 checksum:    18100
181d2897f6e9b3c058ac78c8b5ae82a1

  Sun Sparc architecture:

    http://security.de
bian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2
sarge5_sparc.deb
      Size/MD5 checksum:    17660
3c84b9981ee26f04e2a77d9b338c78b1
    http://secur
ity.debian.org/pool/updates/main/libe/libextractor/libextrac
tor1_0.4.2-2sarge5_sparc.deb
      Size/MD5 checksum:  5752372
f24a5dcbd614ee91b7c8951586be1c7b
    http://s
ecurity.debian.org/pool/updates/main/libe/libextractor/libex
tractor1-dev_0.4.2-2sarge5_sparc.deb
      Size/MD5 checksum:    16872
e12a3b7c42006fce3418ceafb9ea3618


  These files will probably be moved into the stable
distribution on
  its next update.

-
------------------------------------------------------------
---------------------
For apt-get: deb http://security.debian.or
g/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announcelists.debian.org
Package info: `apt-cache show <pkg>' and http://package
s.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEeqNFW5ql+IAeqTIRApEEAJ41PaNaTDfIb1aNJi4/QntWJMTxsQCf
fy/s
lFomZMakfXbcme1r1vg664U=
=5ckF
-----END PGP SIGNATURE-----
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )