Package : sdl-image1.2
Vulnerability : buffer overflows
Problem type : local(remote)
CVE Id(s) : CVE-2007-6697 CVE-2008-0554
An oversight led to the version number of the Debian 4.0 `Etch' update
for advisory DSA 1493-1 being lower than the version in the main archive,
making it uninstallable. This update corrects the version number.
For reference the full advisory is quoted below:
Several local/remote vulnerabilities have been discovered in the image
loading library for the Simple DirectMedia Layer 1.2. The Common
Vulnerabilities and Exposures project identifies the following problems:
Gynvael Coldwind discovered a buffer overflow in GIF image parsing,
which could result in denial of service and potentially the
execution of arbitrary code.
It was discovered that a buffer overflow in IFF ILBM image parsing
could result in denial of service and potentially the execution of
For the stable distribution (etch), these problems have been fixed in
For the old stable distribution (sarge), these problems have been fixed
in version 1.2.4-1etch1. Due to a copy & paste error "etch1" was appended
to the version number instead of "sarge1". Since the update is otherwise
technically correct, the update was not rebuilt to the buildd network.
We recommend that you upgrade your sdl-image1.2 packages.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.