Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: imlib arbitrary code execution fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Debian Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim.

Debian Security Advisory DSA 618-1                                        Martin Schulze
December 24th, 2004           

Package        : imlib
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CAN-2004-1025 CAN-2004-1026
BugTraq ID     : 11830
Debian Bug     : 284925

Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib, an imaging library for X and X11.
An attacker could create a carefully crafted image file in such a way
that it could cause an application linked with imlib to execute
arbitrary code when the file was opened by a victim.  The Common
Vulnerabilities and Exposures project identifies the following


    Multiple heap-based buffer overflows.


    Multiple integer overflows.

For the stable distribution (woody) these problems have been fixed in
version 1.9.14-2woody2.

For the unstable distribution (sid) these problems have been fixed in
version 1.9.14-17.1.

We recommend that you upgrade your imlib packages immediately.

Upgrade Instructions

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

  Source archives:
      Size/MD5 checksum:      805 6b89c44e7635494ab6309f31e8977a71
      Size/MD5 checksum:   273298 66b9b193f65f0f552a3c7475504b4aa3
      Size/MD5 checksum:   748591 1fa54011e4e1db532d7eadae3ced6a8c

  Architecture independent components:
      Size/MD5 checksum:   114710 04c82fdad40b4c81ca6145015d1ca9e7

  Alpha architecture:
      Size/MD5 checksum:   119716 e6b3de272b4ccded198ca1c7a8cbe9c7
      Size/MD5 checksum:    97146 afa40cb2097baab7293694292a163373
      Size/MD5 checksum:   117364 43f345f06377fefe9a5976a3d571876c
      Size/MD5 checksum:   262202 2baf347e73e7833f340b72d250709b2f
      Size/MD5 checksum:    97202 af8d9bcb83596b124cc7148b4b42a612

  ARM architecture:
      Size/MD5 checksum:    94088 97cab67730bda9ca0a83ff1e8fd646c7
      Size/MD5 checksum:    75402 db81fe94e6b35c3baa2505f533f6aa01
      Size/MD5 checksum:    94136 d6d974eb4fb709141cd8482b45756a74
      Size/MD5 checksum:   258262 da89d3962a56d4d37bcb4084e5ae4176
      Size/MD5 checksum:    76330 b1f75f5cc08f4175b72ba932c7b34210

  Intel IA-32 architecture:
      Size/MD5 checksum:    77884 c24a0ebb06c178eb4d473c20433b7389
      Size/MD5 checksum:    69338 b284172f465ac35e7fdf44bea07504e8
      Size/MD5 checksum:    76452 acaaca70c492ee827d678743dd990d61
      Size/MD5 checksum:   258354 790ada2bfc6205c0cd43459ae95fb127
      Size/MD5 checksum:    69730 05f8b9bbab5f9008599f2fa37caaed2c

  Intel IA-64 architecture:
      Size/MD5 checksum:   129024 a059b5c1e0411f389c2fd39e594f5b5a
      Size/MD5 checksum:   116312 9eb937b6c56c0237487b2bf2e84eed4f
      Size/MD5 checksum:   129156 c726f93cf1456230e99ac2c03783080f
      Size/MD5 checksum:   266510 87aee70d85386bd2c29ee89b76360c75
      Size/MD5 checksum:   119094 026ac0e934b06183ee32f46cb70dbe76

  HP Precision architecture:
      Size/MD5 checksum:   105152 1cdbb634730781005e656d4a6f45afe4
      Size/MD5 checksum:    92194 902a728a355b9090c76083e49240111c
      Size/MD5 checksum:   103532 e86528e832c62b21b90e4d1a15c5821f
      Size/MD5 checksum:   261002 f39d5a52457a8a348d7881a649450fe3
      Size/MD5 checksum:    91622 efec147e4b6fb0bfb0d6510359dcd6a3

  Motorola 680x0 architecture:
      Size/MD5 checksum:    72004 3cb969b4018031188492c6bc448705dc
      Size/MD5 checksum:    64146 8bbbf2e8b4f7c31aa4e302dffe35ad71
      Size/MD5 checksum:    69820 8d7d31a6c3a44f7a3dcb5c0e17fc7bca
      Size/MD5 checksum:   257372 52888389b545dc1e3cce3b899a65a2d4
      Size/MD5 checksum:    64660 86ed5f17d0a2ab99c8775619b451cb17

  Big endian MIPS architecture:
      Size/MD5 checksum:    95756 615f2919772c3278475db2a123e10365
      Size/MD5 checksum:    75404 04fc84337f3cc79da350e63e54c0bd39
      Size/MD5 checksum:    92638 fc95257f5614e0ca9000083d0863e23e
      Size/MD5 checksum:   257934 43d3ab6970888d80aca888a90fc3b9dc
      Size/MD5 checksum:    75948 45b966a81a0bc4fdad17776491eebfbb

  Little endian MIPS architecture:
      Size/MD5 checksum:    95806 5d8184b2fa877b5140df8cd4f05bc629
      Size/MD5 checksum:    75478 54248fbb3244f95da8bd1a5e0dcc64c2
      Size/MD5 checksum:    92688 ba0e8f951706a1642ab2994a11113a0c
      Size/MD5 checksum:   257834 99d601494d76618f8974b05ba3f21401
      Size/MD5 checksum:    75884 856fed2b0af1665d36a7ac76dc4516a4

  PowerPC architecture:
      Size/MD5 checksum:    94166 ce1b5d6adc54b226054a2fbd83b2a86d
      Size/MD5 checksum:    76854 ba841bf89a7af734b741a33a591cab8f
      Size/MD5 checksum:    90276 23d95df53d747a550721960c673e8d9f
      Size/MD5 checksum:   258522 4619a569bcb42a6ff4e691a9a73b4298
      Size/MD5 checksum:    75432 1f72571029157018583561cd829f47b1

  IBM S/390 architecture:
      Size/MD5 checksum:    83314 ba3c9382fe7b468b74e36f8cd4eece90
      Size/MD5 checksum:    78052 2eb2a4951c05bedbe5e131b8f6ecc3eb
      Size/MD5 checksum:    84168 9de33add121dc1d258389522c0456544
      Size/MD5 checksum:   258680 909968f199ff27b6f6a51712043925d9
      Size/MD5 checksum:    78622 9eb679c1377078e6065f8f0183388a70

  Sun Sparc architecture:
      Size/MD5 checksum:    88778 d37e329386b3b5c9514fb9619175e75f
      Size/MD5 checksum:    76534 23476af1594709264a14e72a301bd747
      Size/MD5 checksum:    85812 74c633ae47eab66ee3402b9b3f8329b5
      Size/MD5 checksum:   258760 87f9a03a2528ff6dce1008ad9a7e1392
      Size/MD5 checksum:    76790 db539c8ee1aff2573c2e54bb525468fc

  These files will probably be moved into the stable distribution on
  its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.