|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[ MDKSA-2007:156 ] - Updated imlib2 packages fix several issues
Date: Fri Aug 10 2007 - 18:47:14 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mandriva Linux Security Advisory MDKSA-2007:156http://www.mandriva.com/security/
Package : imlib2 Date : August 10, 2007 Affected: 2007.1
_______________________________________________________________________
Problem Description:
M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library.
The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806)
The tga loader fails to bounds check input data to make sure the input data doesn load outside the memory mapped region. (CVE-2006-4807)
The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn cause a heap overflow of the pixel buffer. (CVE-2006-4808)
The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809)
Updated packages have been patched to prevent these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
93fb0190586a7d3cea1fdebd2f64fd9d 2007.1/i586/imlib2-data-1.2.2-3.1mdv2007.1.i586.rpm 31eeeba69830afe5c38d8109636d6c69 2007.1/i586/libimlib2_1-1.2.2-3.1mdv2007.1.i586.rpm d2d8be16f67dde3b7f504749bf9c890c 2007.1/i586/libimlib2_1-devel-1.2.2-3.1mdv2007.1.i586.rpm a3ea749502e4182b4395fc69d8930b62 2007.1/i586/libimlib2_1-filters-1.2.2-3.1mdv2007.1.i586.rpm 5875424ff95bba848d26994445c26072 2007.1/i586/libimlib2_1-loaders-1.2.2-3.1mdv2007.1.i586.rpm 16807bb6a2de35737fc362f88d525fa4 2007.1/SRPMS/imlib2-1.2.2-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
f5bcf12f3d6f900643bf8e4f73a365bf 2007.1/x86_64/imlib2-data-1.2.2-3.1mdv2007.1.x86_64.rpm 9ed2f086037513d7da5433e93846df70 2007.1/x86_64/lib64imlib2_1-1.2.2-3.1mdv2007.1.x86_64.rpm e178a706ae10d9f5cd3b727cd105eaae 2007.1/x86_64/lib64imlib2_1-devel-1.2.2-3.1mdv2007.1.x86_64.rpm 7957c0ddb6cd1a3cf5161005ec661236 2007.1/x86_64/lib64imlib2_1-filters-1.2.2-3.1mdv2007.1.x86_64.rpm 765d9d53ddf0b9ec81f6ec4e3fb12338 2007.1/x86_64/lib64imlib2_1-loaders-1.2.2-3.1mdv2007.1.x86_64.rpm 16807bb6a2de35737fc362f88d525fa4 2007.1/SRPMS/imlib2-1.2.2-3.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGvMCfmqjQ0CJFipgRAgzxAJ9VXVAjHYkrmN7YWZrAIV2N/btFCACdE3oc
rZAHK7PeIVpM9IRw14YB9TA=
=8DKs
-----END PGP SIGNATURE-----
Received on Sat Aug 11 11:33:35 2007
This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:11:27 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |