-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.617 -- Debian Security Advisory DSA-190-1
                      Buffer overflow in Window Maker
                             08 November 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                wmaker
Vendor:                 Debian
Operating System:       Debian GNU/Linux 3.0
Impact:                 Denial of Service
                        Execute Arbitrary Code/Commands
Access Required:        Remote

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-190-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
November  7, 2002
- - ------------------------------------------------------------------------


Package        : wmaker
Problem type   : buffer overflow
Debian-specific: no

Al Viro found a problem in the image handling code use in Window Maker,
a popular NEXTSTEP like window manager. When creating an image it would
allocate a buffer by multiplying the image width and height, but did not
check for an overflow. This makes it possible to overflow the buffer.
This could be exploited by using specially crafted image files (for
example when previewing themes).

This has been fixed in version 0.80.0-4.1.

- - ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at http://www.debian.org/security/

- - ------------------------------------------------------------------------

Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. At this moment packages for mipsel are not yet
  available.

  Source archives:

    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
      Size/MD5 checksum:  2452207 0768a12edff35cba82e769fcbc8de430
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
      Size/MD5 checksum:   323198 c1a49502d07e18044d2e1b579c7144fb
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
      Size/MD5 checksum:     1463 81ac44a6b0ea1dedc49834f35e5bfb51

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
      Size/MD5 checksum:  2292278 015fa329febee7722ace1d233989c5b0
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
      Size/MD5 checksum:   448638 642310838f93352e6461ba73d28ad178
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
      Size/MD5 checksum:   124220 7614f26566c44ce413e5ca05e8f3e146
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
      Size/MD5 checksum:    60026 e74d2e084ac969d1ea7d349140d2721e
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
      Size/MD5 checksum:   108778 400114e0b4d35b37d573efee840e6e73

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
      Size/MD5 checksum:   340944 9d611e16b7b35ed5985f037a4f8f5635
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
      Size/MD5 checksum:   107852 23a35885f237a23b733ef105438761aa
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
      Size/MD5 checksum:  2068456 aa0f4630de38323faf835cf4f965b7fe
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
      Size/MD5 checksum:    59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
      Size/MD5 checksum:    95684 3a468466a4223b14b8f3b43acab410de

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
      Size/MD5 checksum:  2189302 ef8befcc5bba64f0599f082569d56958
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb
      Size/MD5 checksum:   117434 10303109fd46a2e3b0dc54e422d73bc8
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb
      Size/MD5 checksum:   104508 e7d881619da171e82a796aede8d71dba
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb
      Size/MD5 checksum:    59880 26a96fa9a6422861ec56f2207e40dd92
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
      Size/MD5 checksum:   395706 9ca65c6d9892555c3b169e9fe96af82b

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb
      Size/MD5 checksum:    58934 1e1ea0a1dbc7fbf0110aa729e98dd8ad
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb
      Size/MD5 checksum:   100986 982412044d618f6d93e8b60f48016329
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb
      Size/MD5 checksum:  2035984 0677927edc56824f2d38237c875ec76a
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb
      Size/MD5 checksum:    93466 c7ff10540e773703762acc2c4b69a338
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
      Size/MD5 checksum:   305248 91159acc6ae18dbb5e53c3ac3cbfe765

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb
      Size/MD5 checksum:   133780 08e0e30df9f399ade6f6c6774b03069c
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb
      Size/MD5 checksum:  2557644 91951626efc89ffc244391bd1d11256e
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb
      Size/MD5 checksum:    61228 bd1adfd645260243a4ba046f61045534
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb
      Size/MD5 checksum:   122830 0d7b69562e8c700f5ee78a1fed0047ec
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
      Size/MD5 checksum:   494558 e41935522601cc2e90e39d7393c346c9

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb
      Size/MD5 checksum:    91402 1165b0a8fadf4e457df9e2603b01b98f
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb
      Size/MD5 checksum:   293348 f07a355b3bb9c861c85fa748031e4ece
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb
      Size/MD5 checksum:    58924 20fed2a566ffc90e1153a2140aafa1b6
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb
      Size/MD5 checksum:    97888 bec514f995c629145171f6002399b18f
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
      Size/MD5 checksum:  1977478 b502aacb81c5a368cd1b506168758357

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb
      Size/MD5 checksum:   386242 f74242056c3371b73040b2e4f0ede9a4
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb
      Size/MD5 checksum:    97494 1c3e38459edb247524ab8af00fbf46bd
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb
      Size/MD5 checksum:  2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb
      Size/MD5 checksum:   113006 ec763a7c2f7122a8664ac316ec90a25b
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
      Size/MD5 checksum:    59998 0b046f3d3dc66851eb06dce2b39eeeaf

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb
      Size/MD5 checksum:   110198 b048be171736c11d8460c5cb8bd70d9f
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb
      Size/MD5 checksum:  2080496 9bc6d5cd6dc38cf4d807b7f19806120f
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb
      Size/MD5 checksum:    59360 1bd0d211921282ce8b92b339b6a9c82f
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb
      Size/MD5 checksum:   349716 97360ccc35c0ac9381408ba11171e480
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
      Size/MD5 checksum:    97058 45798aab8fd1548886971c9e1de8e986

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb
      Size/MD5 checksum:  2054012 ea1f2c7c787421b75350253dfc02d204
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb
      Size/MD5 checksum:   102970 57484d85388fca52b6434f3b502bbb58
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb
      Size/MD5 checksum:    96718 7a6a6831c6cf76d0b6ac3f4f39c52280
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb
      Size/MD5 checksum:   319682 07af4e4067aa1297746b65c6c396d781
    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb
      Size/MD5 checksum:    59216 b7ec2bb441654d68cf94d06c9f8fdcf9

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb
      Size/MD5 checksum:    59126 aab1f4783be8045398e09dcedba338a2
    http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb
      Size/MD5 checksum:  2071848 8bd9945b9f8561a800a2cba18c8a0306
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb
      Size/MD5 checksum:    95976 07cf420ca394c83595e906e5f8d21911
    http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb
      Size/MD5 checksum:   105984 087137527a8c5ec0a8b6c8d23f2da17a
    http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb
      Size/MD5 checksum:   329092 8a3594e3f6773274a2bf7adb628b5d04

- - -- 
- - ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org


- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPcpmlqjZR/ntlUftAQF4NwL/c62WenyQuhx9lSljBQgxZDmKw4+euKJC
bKJx3c7cck2WCIQpJ6up3wBGGZnuznGimi/p8MWq2u5TdyPed3+Z6+U8YBQcqDQ6
OL/swRbUc1dGRGzvaJTi5yLZVjR5eTaH
=JzSg
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPcvXRyh9+71yA2DNAQFOGQQAnN9eU2HmxFV3RNLP6a95lr/CyIL7i3P2
yXYsTcanLqqBve49JWNNh7gjz8AjWeov2FpfXYnIy4L0lPiycF9VbsxrmoGUaOFn
LrFV65aCYT5ChKqSvPoGOx6u2ZxRBgVm9sdzRc5Gxaac4gHuLDZaoJF/lryQjJ28
ndGpPvJbW/E=
=1PYC
-----END PGP SIGNATURE-----