copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2009.1427 - [UNIX/Linux][Debian] camlimages: Execute arbitrary code/commands - Remote with user interaction

Date: 19 October 2009
References: ESB-2009.1159  ESB-2009.1437  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1427
                New camlimages fix arbitrary code execution
                              19 October 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           camlimages
Publisher:         Debian
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Debian GNU/Linux 4
                   Debian GNU/Linux 5
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-3296 CVE-2009-2660 

Reference:         ESB-2009.1159

Original Bulletin: 
   http://www.debian.org/security/2009/dsa-1912

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running camlimages check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1912-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
October 16, 2009                      http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : camlimages
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2009-3296 CVE-2009-2660

It was discovered that CamlImages, an open source image processing
library, suffers from several integer overflows, which may lead to a
potentially exploitable heap overflow and result in arbitrary code
execution. This advisory addresses issues with the reading of TIFF
files. It also expands the patch for CVE-2009-2660 to cover another
potential overflow in the processing of JPEG images.


For the oldstable distribution (etch), this problem has been fixed in
version 2.20-8+etch3.

For the stable distribution (lenny), this problem has been fixed in
version 1:2.2.0-4+lenny3.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.


We recommend that you upgrade your camlimages package.


Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.dsc
    Size/MD5 checksum:     1545 1170baf359b7ca7bd0490a4482e2cdcd
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz
    Size/MD5 checksum:     9758 0c6c814cf06b854f2078747d166d714f
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch3_all.deb
    Size/MD5 checksum:   598648 ee530d7dc14ff4250358f7354fc4a8a1

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_alpha.deb
    Size/MD5 checksum:  1024484 72e9aea9c06f1ae264d70d1f7a6c85d2
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_alpha.deb
    Size/MD5 checksum:    29570 eaa6ec5925c36acc5a155c72c7f29b01

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_amd64.deb
    Size/MD5 checksum:   872188 24f06eda9f7ca39b28b25932981b4cda
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_amd64.deb
    Size/MD5 checksum:    28126 7d3cf0404d52d005103206dd7f30aa8a

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_arm.deb
    Size/MD5 checksum:    26196 6c735d474717b7025b1b594bf515a2de
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_arm.deb
    Size/MD5 checksum:   880106 7e9b0c0b13949b71f1a23010f5ef68c8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_hppa.deb
    Size/MD5 checksum:    30408 6c6afd274d1f944887d318394efe1dc2
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_hppa.deb
    Size/MD5 checksum:   483264 1f1f707859dca186cc518241390f6b84

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_i386.deb
    Size/MD5 checksum:    24670 01ed837cea61b5fd6143edaede81636c
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_i386.deb
    Size/MD5 checksum:   845016 a2a7c9d64df8e2be8933ff994c9ace7e

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_ia64.deb
    Size/MD5 checksum:  1102148 001cb473b718078fbe7186f7e772633e
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_ia64.deb
    Size/MD5 checksum:    36800 d877b308032849966a1f6cb5c2a00b6a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_mips.deb
    Size/MD5 checksum:   428882 bd86f4f9c1158b4776008370b41be622
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_mips.deb
    Size/MD5 checksum:    25790 de5ac9debe1bb1348b951cb9f1dfd388

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_mipsel.deb
    Size/MD5 checksum:    25834 768d6a896e11ae46e179f35190995f57
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_mipsel.deb
    Size/MD5 checksum:   428224 58c7839e5389a64094606de277d087ba

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_powerpc.deb
    Size/MD5 checksum:   895248 43b16604d6881ab4804f94456048a48a
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_powerpc.deb
    Size/MD5 checksum:    32570 f1af72abb55c3e32f9ae222bdfc22056

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_sparc.deb
    Size/MD5 checksum:    25030 210e8127fb4036a1f1992e07d2157352
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_sparc.deb
    Size/MD5 checksum:   935978 15ef02c3ce9d7459f8671312167549e0


Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz
    Size/MD5 checksum:    10720 d4f5baa708d8aa4712fcc33c1f7ffff3
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.dsc
    Size/MD5 checksum:     2345 4ad8de6c2d37f872d7c2e2b0ab43b808
  http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
    Size/MD5 checksum:  1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny3_all.deb
    Size/MD5 checksum:   599582 10bab3213572595c00e0352af8f4dfe4

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_alpha.deb
    Size/MD5 checksum:   592116 06ab9d71856b10193bc79f01aedf8756
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_alpha.deb
    Size/MD5 checksum:    32984 a17be3ec372d3c4d6a1a8168f8e9f32e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_amd64.deb
    Size/MD5 checksum:   980586 f534bd73c8d30474e828a240b3e2b4a5
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_amd64.deb
    Size/MD5 checksum:    31590 80a337fa12104d9c0fce29ff8f461ed2

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_arm.deb
    Size/MD5 checksum:   572050 605f010519b443711d7cd522583bb926
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_arm.deb
    Size/MD5 checksum:    29434 f76c8d0f13a1543951849c977f4e70b1

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_armel.deb
    Size/MD5 checksum:   571320 3c100fd7afae68885505eecc94af093e
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_armel.deb
    Size/MD5 checksum:    30372 fe84c2007671320780b8a728e6273764

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_hppa.deb
    Size/MD5 checksum:    33366 8a28b12eae0b4e3b7286b3f891f3568f
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_hppa.deb
    Size/MD5 checksum:   589268 e25d4c0c1e381e3d694cc71a1ea2d7b5

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_i386.deb
    Size/MD5 checksum:   935914 0fb5e0b4a858dcbdd5d90e743ef90226
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_i386.deb
    Size/MD5 checksum:    28040 468978ba1d5eab25954dea743ed7676c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_ia64.deb
    Size/MD5 checksum:    40320 0cad2f2198840bd55f29ba2e3554faa8
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_ia64.deb
    Size/MD5 checksum:   546854 4d0e5c2498ff2de52a7657d6c9fb570d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_mips.deb
    Size/MD5 checksum:    28634 b16e535428d491997508a80036624255
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_mips.deb
    Size/MD5 checksum:   517920 519bc5fab6b7de22b9f14da703f2def8

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_mipsel.deb
    Size/MD5 checksum:    28662 93f62626a5451e1721b6bbacf8124e15
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_mipsel.deb
    Size/MD5 checksum:   516758 91cf3745a3cca541514057f4a7ac628a

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_powerpc.deb
    Size/MD5 checksum:    39120 13370abfdd27dd90c30bad71752ac033
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_powerpc.deb
    Size/MD5 checksum:   988834 0eebdfd25514ec7449fd345f42df562f

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_sparc.deb
    Size/MD5 checksum:    28332 147a027feb48eabf9e836d553ca3da94
  http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_sparc.deb
    Size/MD5 checksum:  1041264 3de6d0ac50434c647e544181d115cee1


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrYSTYACgkQ62zWxYk/rQeunQCdHYBog6ekM3gl3yEHxHbCjdJ6
09AAoL91LGNRUgz8XqN2ywg6g66vVe22
=HoVL
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFK25AxNVH5XJJInbgRAkvcAJoCu3yPx+ZJ5BWZE2Bm43msUkUGGQCeN+at
wq1MNbvdAkXGqmsRiK++COI=
=UK0H
-----END PGP SIGNATURE-----