LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: November 28th, 2008
Linux Security Week: November 24th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Extras [3 4 5 6 devel] / 1.2.1-2 [FE 3 4], 1.3.0-3 [FE 5 6 devel] Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora CVE IDs: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Fedora Extras versions earlier then the versions mentioned above are vulnerable to this problem, upgrade to fix this vulnerability. 
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-EXTRAS-2006-004
2006-11-09
---------------------------------------------------------------------
Product:    Fedora Extras [3 4 5 6 devel]
Name:       imlib2
Version:    1.2.1-2 [FE 3 4], 1.3.0-3 [FE 5 6 devel]
Summary:    Image loading, saving, rendering, and manipulation library
Description:
Imlib 2 is a library that does image file loading and saving as well
as rendering, manipulation, arbitrary polygon support, etc.
---------------------------------------------------------------------
Update Information:

CVE IDs: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809

M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the 
validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images.  If a user 
were tricked into viewing or processing a specially crafted image with 
an application that uses imlib2, the flaws could be exploited to execute 
arbitrary code with the user's privileges.

Fedora Extras versions earlier then the versions mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.
---------------------------------------------------------------------
This update can be installed with the 'yum' update program.  Use 'yum
update package-name' at the command line.  For more information, refer
to 'Managing Software with yum,' available at
http://fedora.redhat.com/docs/yum/


_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner:

 
Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Weekend Edition
Cyber-Attack on Defense Department Computers Raises Concerns

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.