----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Debian update for camlimages

SECUNIA ADVISORY ID:
SA35819

VERIFY ADVISORY:
http://secunia.com/advisories/35819/

DESCRIPTION:
Debian has issued an update for camlimages. This fixes some
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) and potentially compromise an application
using the library.

The vulnerabilities are caused due to integer overflows within the
"read_png_file()" and "read_png_file_as_rgb24()" functions, which can
be exploited to cause a heap-based buffer overflow when processing
specially crafted PNG images.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
Size/MD5 checksum: 8737 1616ade3176c67bc862f7672d4c056dd
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.dsc
Size/MD5 checksum: 1196 0407fcb4b885258c0b81e979e03df7c4
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
Size/MD5 checksum: 599282 578f54fe1370704e0bc80dfdf8a20049

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_alpha.deb
Size/MD5 checksum: 973198 2d06cc1c9c73ec3a5078df33dde45279
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_alpha.deb
Size/MD5 checksum: 28966 acc9643b4efed997dcc1f8c1315b3936

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_amd64.deb
Size/MD5 checksum: 27906 f2fc6d36ca1b496ff82cbe55c975d96d
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb
Size/MD5 checksum: 870676 b114baff0ce4169f42847cad2f7f87e1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_arm.deb
Size/MD5 checksum: 25642 a123f0ffd1dcca413f2eca85d047a81c
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb
Size/MD5 checksum: 885436 99897af751a474b339b8ba01cd10c0b8

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_hppa.deb
Size/MD5 checksum: 482368 635d36e2aec2e709b5b79e8074ab4a24
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_hppa.deb
Size/MD5 checksum: 29834 b99951421ced2015ed118b4ca60cdde8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb
Size/MD5 checksum: 24224 480002667928107c5a379008abcb6710
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
Size/MD5 checksum: 772576 483bf540a811aa854565ec26f0812de0

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_ia64.deb
Size/MD5 checksum: 1100896 2a5f01d40983c0dbb473f0efbc814b5f
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_ia64.deb
Size/MD5 checksum: 36206 8bbbfd674e78d5cbfde79761aa935e34

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mips.deb
Size/MD5 checksum: 467010 de4da1b7baf6df72e8d2efaaa3f92341
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mips.deb
Size/MD5 checksum: 25614 6504eb3683990a8d733025d05c590534

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mipsel.deb
Size/MD5 checksum: 427210 a51713da2bc7d1670dc00b99863ca0f2
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mipsel.deb
Size/MD5 checksum: 25566 eeb7c800c5cafff30eb2419a2b6c841c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_powerpc.deb
Size/MD5 checksum: 963708 2cdc2329f6102615fded0b247e8f854b
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_powerpc.deb
Size/MD5 checksum: 32812 924085f56d6b5e3585fa4017f377b416

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_sparc.deb
Size/MD5 checksum: 24596 cee3b23510a181598d7a8fa96b1c0d5b
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_sparc.deb
Size/MD5 checksum: 934718 ebc2899241e369cfbfecce8ce87646c7

-- Debian GNU/Linux 5.0 alias lenny --

Source archives:

http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz
Size/MD5 checksum: 9707 3c88dc5e8528e685876485d310edf1c4
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc
Size/MD5 checksum: 1993 06d190174afce7dbe2d337bf3577c0a8
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
Size/MD5 checksum: 1385525 d933eb58c7983f70b1a000fa01893aa4

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
Size/MD5 checksum: 601364 577c511958087e582e893a4f174fa31c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_alpha.deb
Size/MD5 checksum: 32208 42eb3769e659ddbfdffd9b960412d603
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_alpha.deb
Size/MD5 checksum: 543084 4c1659b52e35ee819bbca24f917824cd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_amd64.deb
Size/MD5 checksum: 31364 6d98eeb479c628858e0bc991637022e5
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_amd64.deb
Size/MD5 checksum: 978144 c1977ebd20027e74de2f6f297da05e0d

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_arm.deb
Size/MD5 checksum: 28838 4ceaec79b0cdde93f51e5b49bf61fa05
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_arm.deb
Size/MD5 checksum: 559286 2801a414b3c5e9002dd40f406dcc4b37

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_armel.deb
Size/MD5 checksum: 29658 594886fe8311b54fccb61eaee44a3c02
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_armel.deb
Size/MD5 checksum: 571664 45911009fdefb1ea30130bd33d31c35a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_hppa.deb
Size/MD5 checksum: 588132 a95c95d82148d7b8b91c836a68ac7385
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_hppa.deb
Size/MD5 checksum: 32858 1dee58411cfe4a51329df8592dd52a53

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
Size/MD5 checksum: 27722 dbda0c3362977d516c9b9799a052f330
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
Size/MD5 checksum: 953866 eebdf69c111869e266fe0d273ffc2f21

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_ia64.deb
Size/MD5 checksum: 545784 c15dfebf6974c23db3058cccb3d74a97
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_ia64.deb
Size/MD5 checksum: 39612 126b5b4e7eb783fb3323ff30d38a9468

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mips.deb
Size/MD5 checksum: 569842 5255f663cb728e93f56bfafc3b5953aa
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mips.deb
Size/MD5 checksum: 28610 f2b8a4aa2d67d0e59679534b5cbcb93d

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mipsel.deb
Size/MD5 checksum: 515800 5aba5d1ce2e2ae5d927f111f89eed5c6
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mipsel.deb
Size/MD5 checksum: 28368 9ec52520ff65438150dfafb89ed3fc0a

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_powerpc.deb
Size/MD5 checksum: 987998 c9a1362f01e353424e0c028c25dc4d69
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_powerpc.deb
Size/MD5 checksum: 38676 8317d63a699feeb5bfa7f829f28409b8

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_sparc.deb
Size/MD5 checksum: 957764 5602e2c367324be5ca5137b8c23cb0ad
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_sparc.deb
Size/MD5 checksum: 27712 c2c4c2397004024c440721709a45d4cb

PROVIDED AND/OR DISCOVERED BY:
Tielei Wang, ICST-ERCIS.

ORIGINAL ADVISORY:
DSA-1832-1:
http://lists.debian.org/debian-security-announce/2009/msg00145.html

OTHER REFERENCES:
http://www.ocert.org/advisories/ocert-2009-009.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------