Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4761
HistoryJun 30, 2003 - 12:00 a.m.

[Full-Disclosure] [SECURITY] [DSA-337-1] New gtksee packages fix buffer overflow

2003-06-3000:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA 337-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
June 29th, 2003 http://www.debian.org/security/faq

Package : gtksee
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2003-0444

Viliam Holub discovered a bug in gtksee whereby, when loading PNG
images of certain color depths, gtksee would overflow a heap-allocated
buffer. This vulnerability could be exploited by an attacker using a
carefully constructed PNG image to execute arbitrary code when the
victim loads the file in gtksee.

For the stable distribution (woody) this problem has been fixed in
version 0.5.0-6.

For the unstable distribution (sid) this problem will be fixed soon.
Refer to Debian bug #76346.

We recommend that you update your gtksee package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6.dsc
  Size/MD5 checksum:      609 816a95eaab25f8602b45f07cc9535da3
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6.diff.gz
  Size/MD5 checksum:     3631 50123e3acce09d5bba798deef836acf5
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0.orig.tar.gz
  Size/MD5 checksum:   224809 21a8a9f28fa61d73725fb606962fa108

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_alpha.deb
  Size/MD5 checksum:   137056 29f5d8f312f6ac17d937b0924f671b70

ARM architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_arm.deb
  Size/MD5 checksum:   118008 5c1071f06eb3b55449345e1ef7434e88

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_i386.deb
  Size/MD5 checksum:   118084 fd16b3894d3462fceb02cb90aa74783b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_ia64.deb
  Size/MD5 checksum:   196372 60d7d6156c3f48ac1bb85f6f44d259fb

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_hppa.deb
  Size/MD5 checksum:   122912 2943288b598af7d17db20eb61e173fec

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_m68k.deb
  Size/MD5 checksum:   115652 a934c616f63385b803bd96366e319eed

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_mips.deb
  Size/MD5 checksum:   118154 bb34474023526ed5dd47d13c005fce93

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_mipsel.deb
  Size/MD5 checksum:   114920 6671eed391cb58cb63336465dc95e3af

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_powerpc.deb
  Size/MD5 checksum:   115882 3b71d0550032209bb3b6685eed3210a6

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_s390.deb
  Size/MD5 checksum:   116520 d38703d62fe603f477adc047b4500536

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_sparc.deb
  Size/MD5 checksum:   117670 a3644e7ec17ebecb5db9eb4224cacb1c

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+/xazArxCt0PiXR4RAhSwAKCLLFKzUHOSdUAWZRUxLOg8EM2gMgCgpnvB
mKKYe7e3CPRFHPFq5v61N0U=
=s4P6
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Related

osv 1
debian 1
nessus 1
cve 1
osv
osv
gtksee - buffer overflow
2003-06-29 00:00:00
debian
debian
[SECURITY] [DSA-337-1] New gtksee packages fix buffer overflow
2003-06-29 16:41:43
nessus
nessus
Debian DSA-337-1 : gtksee - buffer overflow
2004-09-29 00:00:00
cve
cve
CVE-2003-0444
2004-03-29 05:00:00
JSON
Related for SECURITYVULNS:DOC:4761
osv1debian1nessus1cve1