LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated imlib packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026).

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           imlib
 Advisory ID:            MDKSA-2005:007
 Date:                   January 12th, 2005

 Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Pavel Kankovsky discovered several heap overflow flaw in the imlib
 image handler.  An attacker could create a carefully crafted image file
 in such a way that it could cause an application linked with imlib to
 execute arbitrary code when the file was opened by a user
 (CAN-2004-1025).
 
 As well, Pavel also discovered several integer overflows in imlib.
 These could allow an attacker, creating a carefully crafted image
 file, to cause an application linked with imlib to execute arbitrary
 code or crash (CAN-2004-1026).
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 bd7bbc47dfdf26b04d510c6b030b3cac  10.0/RPMS/imlib-1.9.14-8.2.100mdk.i586.rpm
 f204804429ead96fa2f90f5b8a531571  10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.i586.rpm
 ac82e42545e886d3e1362d0af8834d71  10.0/RPMS/libimlib1-1.9.14-8.2.100mdk.i586.rpm
 0d824361bc7b789a4b244be0be5b20ef  10.0/RPMS/libimlib1-devel-1.9.14-8.2.100mdk.i586.rpm
 7d6cb872bed064d54dba0d631eb9b673  10.0/RPMS/libimlib2_1-1.0.6-4.2.100mdk.i586.rpm
 71ab28571ee2bbff24c7396881e7d51e  10.0/RPMS/libimlib2_1-devel-1.0.6-4.2.100mdk.i586.rpm
 ecc8bda60ab924afe42f4eb5834bf42c  10.0/RPMS/libimlib2_1-filters-1.0.6-4.2.100mdk.i586.rpm
 f2946cf510224a452cc928f5546ff1f0  10.0/RPMS/libimlib2_1-loaders-1.0.6-4.2.100mdk.i586.rpm
 9382c1d6bce0884340042fa9e525fd08  10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
 7698695bd2daa38fba1612c1e91a5b3a  10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3e37213ffc4b149e26e5e6a88912ecae  amd64/10.0/RPMS/imlib-1.9.14-8.2.100mdk.amd64.rpm
 b14f75972c2ab469b800e7b6cdc90c55  amd64/10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.amd64.rpm
 bca21d96eab3e80d6be9d4b5628b0690  amd64/10.0/RPMS/lib64imlib1-1.9.14-8.2.100mdk.amd64.rpm
 59a9d02a3108a833b42b43b84efd6aa3  amd64/10.0/RPMS/lib64imlib1-devel-1.9.14-8.2.100mdk.amd64.rpm
 d14d300215f734dc6eafb63c78957399  amd64/10.0/RPMS/lib64imlib2_1-1.0.6-4.2.100mdk.amd64.rpm
 46656504ac97b356c559134b718ad65b  amd64/10.0/RPMS/lib64imlib2_1-devel-1.0.6-4.2.100mdk.amd64.rpm
 6f2bbe8bef5bd694a6b062f0dfa50667  amd64/10.0/RPMS/lib64imlib2_1-filters-1.0.6-4.2.100mdk.amd64.rpm
 98279179853713a4ff3e328275d39c9f  amd64/10.0/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.100mdk.amd64.rpm
 9382c1d6bce0884340042fa9e525fd08  amd64/10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
 7698695bd2daa38fba1612c1e91a5b3a  amd64/10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 b804394b67f0b9bb15c1a2704f20b8fd  10.1/RPMS/imlib-1.9.14-10.1.101mdk.i586.rpm
 5dbd8093bb1c95dcf04d1e3cafee8379  10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.i586.rpm
 74fe1d864ceaf4b1f9915dbc65fc837d  10.1/RPMS/libimlib1-1.9.14-10.1.101mdk.i586.rpm
 c0392b410caf1fe46414cc4ce5d5c502  10.1/RPMS/libimlib1-devel-1.9.14-10.1.101mdk.i586.rpm
 e16941d022d2b244f58c538d096f9197  10.1/RPMS/libimlib2_1-1.1.0-4.1.101mdk.i586.rpm
 2ad468fc89027a25fccf0b2264ab3846  10.1/RPMS/libimlib2_1-devel-1.1.0-4.1.101mdk.i586.rpm
 a98356b5cc103684758a82779b16d9b3  10.1/RPMS/libimlib2_1-filters-1.1.0-4.1.101mdk.i586.rpm
 801a3eb303cc342880166557697479c6  10.1/RPMS/libimlib2_1-loaders-1.1.0-4.1.101mdk.i586.rpm
 e6bd5e4f0bc5978fb3a8d26ae5c5dd72  10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
 f096122ff3f7446a973f82569ce6d19b  10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 42e81c0bad99a2a9eff7fff43b38de2f  x86_64/10.1/RPMS/imlib-1.9.14-10.1.101mdk.x86_64.rpm
 35b869d568d1b0cce730ef4f3c5d2f71  x86_64/10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.x86_64.rpm
 ddf5381735f1ed8ed482d179a9c42de1  x86_64/10.1/RPMS/lib64imlib1-1.9.14-10.1.101mdk.x86_64.rpm
 583fdf2bf60cc87927db70af044238ff  x86_64/10.1/RPMS/lib64imlib1-devel-1.9.14-10.1.101mdk.x86_64.rpm
 99011882872248e9c9aef49eb78fe683  x86_64/10.1/RPMS/lib64imlib2_1-1.1.0-4.1.101mdk.x86_64.rpm
 aa42db65e9630f21240c147ca4922127  x86_64/10.1/RPMS/lib64imlib2_1-devel-1.1.0-4.1.101mdk.x86_64.rpm
 320cf06b9011f6825604d9592df0d5d7  x86_64/10.1/RPMS/lib64imlib2_1-filters-1.1.0-4.1.101mdk.x86_64.rpm
 010da67dacee54bf6cde18d2324ff96a  x86_64/10.1/RPMS/lib64imlib2_1-loaders-1.1.0-4.1.101mdk.x86_64.rpm
 e6bd5e4f0bc5978fb3a8d26ae5c5dd72  x86_64/10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
 f096122ff3f7446a973f82569ce6d19b  x86_64/10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

 Corporate Server 2.1:
 ab41a6e06b2c394050ddeb285f621695  corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.i586.rpm
 9d05176150bdf59ceecf40241a1631f5  corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.i586.rpm
 52b5c874ee7e144d85039aa49682ad3f  corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.i586.rpm
 e260cdadcdf523def0d4b66115b8320a  corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.i586.rpm
 1c12ac001c73155f2e923816da7047c0  corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.i586.rpm
 70a4a84f76bbb393df69b4ab117cdbb6  corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.i586.rpm
 264d82ddd09ebf4c1ae1fdb88e794f40  corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.i586.rpm
 a847cb7487e25a62748b7ee266984a0e  corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.i586.rpm
 ca39e30856216675d571f9f9f9a2b4be  corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
 e7e6f332b38fd76ec211fbbc46212a50  corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 fa90e46be3192cbab1a1444624ca40a5  x86_64/corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.x86_64.rpm
 9c5aef1f71673548fcdc9b3206941837  x86_64/corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.x86_64.rpm
 15d184b211666b7276e0a1300b669649  x86_64/corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.x86_64.rpm
 cf09dfd10b3cbf2685e4c6584eddee9e  x86_64/corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.x86_64.rpm
 0f23c5a1360a652e38f7c01311b4a79e  x86_64/corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.x86_64.rpm
 ab887e8c51e6576b2669cc9221573e2e  x86_64/corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.x86_64.rpm
 8f53044bc07b6426b425fc9593f893fb  x86_64/corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.x86_64.rpm
 cb4f6b69b23b18b10412e85446339597  x86_64/corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.x86_64.rpm
 ca39e30856216675d571f9f9f9a2b4be  x86_64/corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
 e7e6f332b38fd76ec211fbbc46212a50  x86_64/corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

 Mandrakelinux 9.2:
 79bdc3aa16d848940ed1cf94e19887a8  9.2/RPMS/imlib-1.9.14-8.2.92mdk.i586.rpm
 72df820a8b61c902e2a6332c99aab1c4  9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.i586.rpm
 a2b76c722b5ae0007a6ad59bc31cfb8d  9.2/RPMS/libimlib1-1.9.14-8.2.92mdk.i586.rpm
 441bf743e1762a8a0743058af6ac57ca  9.2/RPMS/libimlib1-devel-1.9.14-8.2.92mdk.i586.rpm
 d70303d4fcd33aa96623d126fddcaaa7  9.2/RPMS/libimlib2_1-1.0.6-4.2.92mdk.i586.rpm
 3cd32605bfdcf4c500716cd7d5b7a3e7  9.2/RPMS/libimlib2_1-devel-1.0.6-4.2.92mdk.i586.rpm
 62b1faf5b90cd88f17e18d5a7d38c641  9.2/RPMS/libimlib2_1-filters-1.0.6-4.2.92mdk.i586.rpm
 0d939526721cfe411ee5ef785de2b0d3  9.2/RPMS/libimlib2_1-loaders-1.0.6-4.2.92mdk.i586.rpm
 40f1dd9fd95b30eba31a44394e2b73c2  9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
 7ad3b6b6914332ca7c344df43814465f  9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 25edf03f98c07e50d6be3feabcc65738  amd64/9.2/RPMS/imlib-1.9.14-8.2.92mdk.amd64.rpm
 8ad4f7a5276450271a3497e0eda5b172  amd64/9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.amd64.rpm
 5dd09c5e9c63016451162ae3ec73fd58  amd64/9.2/RPMS/lib64imlib1-1.9.14-8.2.92mdk.amd64.rpm
 40cd5079caa745125e8160de58bd64fe  amd64/9.2/RPMS/lib64imlib1-devel-1.9.14-8.2.92mdk.amd64.rpm
 fbf581720a50a7cc8052da20f63de75f  amd64/9.2/RPMS/lib64imlib2_1-1.0.6-4.2.92mdk.amd64.rpm
 e37d711c09e62f40965c37316fd67f0b  amd64/9.2/RPMS/lib64imlib2_1-devel-1.0.6-4.2.92mdk.amd64.rpm
 2bda7e59415e5774cd68f2b2a080c1a7  amd64/9.2/RPMS/lib64imlib2_1-filters-1.0.6-4.2.92mdk.amd64.rpm
 26e31fe0f48212b698cd612dba1a7c5a  amd64/9.2/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.92mdk.amd64.rpm
 40f1dd9fd95b30eba31a44394e2b73c2  amd64/9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
 7ad3b6b6914332ca7c344df43814465f  amd64/9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.