LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated SDL_image packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:040
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : SDL_image
 Date    : February 7, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image
 contain a boundary error that could be triggered to cause a static
 buffer overflow and a heap-based buffer overflow.  If a user using
 an application linked against the SDL_image library were to open a
 carefully crafted GIF or IFF ILBM file, the application could crash
 or possibly allow for the execution of arbitrary code.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3b60927741b60c634afd430c5aa4ae00  2007.0/i586/libSDL_image1.2-1.2.5-1.1mdv2007.0.i586.rpm
 71875c2de4180b5958a91107a974e327  2007.0/i586/libSDL_image1.2-devel-1.2.5-1.1mdv2007.0.i586.rpm
 89b1410a912346b148393f95e01cfee0  2007.0/i586/libSDL_image1.2-test-1.2.5-1.1mdv2007.0.i586.rpm 
 f0142948917c13c85db6d9a414a744b2  2007.0/SRPMS/SDL_image-1.2.5-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 d2857eb81cc32a44621d047b432fab33  2007.0/x86_64/lib64SDL_image1.2-1.2.5-1.1mdv2007.0.x86_64.rpm
 41ef7e520b3cca2670fcd0cb149f7c63  2007.0/x86_64/lib64SDL_image1.2-devel-1.2.5-1.1mdv2007.0.x86_64.rpm
 ffa3317bcb0516f791317f2f917a8b74  2007.0/x86_64/lib64SDL_image1.2-test-1.2.5-1.1mdv2007.0.x86_64.rpm 
 f0142948917c13c85db6d9a414a744b2  2007.0/SRPMS/SDL_image-1.2.5-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 bb2d59af04d2816958816e327dbda0bc  2007.1/i586/libSDL_image1.2-1.2.5-2.1mdv2007.1.i586.rpm
 44ce0300888500b1d1e4a3100ad268eb  2007.1/i586/libSDL_image1.2-devel-1.2.5-2.1mdv2007.1.i586.rpm
 5441a072b2d68546aa54ed36e54829d5  2007.1/i586/libSDL_image1.2-test-1.2.5-2.1mdv2007.1.i586.rpm 
 e154807a8ec099e1d3dc547b932ceff6  2007.1/SRPMS/SDL_image-1.2.5-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 bc77c3b06e626902adc6372ef553442c  2007.1/x86_64/lib64SDL_image1.2-1.2.5-2.1mdv2007.1.x86_64.rpm
 0fca19243b1718cce5b696bc4a0c6028  2007.1/x86_64/lib64SDL_image1.2-devel-1.2.5-2.1mdv2007.1.x86_64.rpm
 a700e02ec34d2c29faa682da74545d8b  2007.1/x86_64/lib64SDL_image1.2-test-1.2.5-2.1mdv2007.1.x86_64.rpm 
 e154807a8ec099e1d3dc547b932ceff6  2007.1/SRPMS/SDL_image-1.2.5-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e40fff1a799fe26e0374702198768c48  2008.0/i586/libSDL_image1.2-1.2.6-1.1mdv2008.0.i586.rpm
 1a021d41e4efa44a2df41939e70aa479  2008.0/i586/libSDL_image1.2-devel-1.2.6-1.1mdv2008.0.i586.rpm
 22a22ac45381677f13e3b053c62f47d4  2008.0/i586/libSDL_image1.2-test-1.2.6-1.1mdv2008.0.i586.rpm 
 0ed8f31fca8e68ee38e66714ed0b2ea5  2008.0/SRPMS/SDL_image-1.2.6-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 aaf18e912ee7ae18060f5a45f8b52d5c  2008.0/x86_64/lib64SDL_image1.2-1.2.6-1.1mdv2008.0.x86_64.rpm
 63c882b5750b11cf1aec1669d26eed40  2008.0/x86_64/lib64SDL_image1.2-devel-1.2.6-1.1mdv2008.0.x86_64.rpm
 96b96533f54e7297fb68e0de1682bc28  2008.0/x86_64/lib64SDL_image1.2-test-1.2.6-1.1mdv2008.0.x86_64.rpm 
 0ed8f31fca8e68ee38e66714ed0b2ea5  2008.0/SRPMS/SDL_image-1.2.6-1.1mdv2008.0.src.rpm

 Corporate 3.0:
 3eb65d139568c061dd34e599a7ebdfdb  corporate/3.0/i586/libSDL_image1.2-1.2.3-3.1.C30mdk.i586.rpm
 fce96c4bfc823e5f8ae308daedabbdfe  corporate/3.0/i586/libSDL_image1.2-devel-1.2.3-3.1.C30mdk.i586.rpm
 828b87047944aec9533b04f9e95df814  corporate/3.0/i586/libSDL_image1.2-test-1.2.3-3.1.C30mdk.i586.rpm 
 47cd75e075030313a3259560d7173de7  corporate/3.0/SRPMS/SDL_image-1.2.3-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 700a0b9eeceb7958270c7469b4d9526e  corporate/3.0/x86_64/lib64SDL_image1.2-1.2.3-3.1.C30mdk.x86_64.rpm
 0247d9f7c8c3c07b0a6d8eaf0ddb49ad  corporate/3.0/x86_64/lib64SDL_image1.2-devel-1.2.3-3.1.C30mdk.x86_64.rpm
 d88895f601d1ead8ceef727e141c06ae  corporate/3.0/x86_64/lib64SDL_image1.2-test-1.2.3-3.1.C30mdk.x86_64.rpm 
 47cd75e075030313a3259560d7173de7  corporate/3.0/SRPMS/SDL_image-1.2.3-3.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.