LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2010:127: imlib2 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in imlib2: imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:127
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : imlib2
 Date    : July 2, 2010
 Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in imlib2:
 
 imlib2 before 1.4.2 allows context-dependent attackers to have
 an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,
 (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several
 heap and stack based buffer overflows - partly due to integer
 overflows. (CVE-2008-6079).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 44775a46ed2702b80cbf63e8c1ad6430  2008.0/i586/imlib2-data-1.4.0.003-2.3mdv2008.0.i586.rpm
 a6150d70c6b29b2e21378ca55dc6f35a  2008.0/i586/libimlib2_1-1.4.0.003-2.3mdv2008.0.i586.rpm
 4c663e43d1b53c1e4e5ac32bffca0273  2008.0/i586/libimlib2_1-filters-1.4.0.003-2.3mdv2008.0.i586.rpm
 feba632aa64abc8c9a81e83414777d8b  2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.3mdv2008.0.i586.rpm
 b0dee530993d519f416ccb38d9c79ef8  2008.0/i586/libimlib2-devel-1.4.0.003-2.3mdv2008.0.i586.rpm 
 c24a678f524e7a75852054d9e1e01483  2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d7ef86c53237c09dbf7445a573a235bd  2008.0/x86_64/imlib2-data-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 f710c17aa8151dd76a80e436a75843bc  2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 7d92d382b2852e9313293a396ab15b37  2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 f914ea7be880629917db47ac40700ff3  2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 09ae18e587c716ae0d95676eb30c539b  2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.3mdv2008.0.x86_64.rpm 
 c24a678f524e7a75852054d9e1e01483  2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 e317f7bcc0b25932bd3125f3c16c90b9  2009.0/i586/imlib2-data-1.4.1.000-3.2mdv2009.0.i586.rpm
 efbc27572707b46bf2c680560b1bc349  2009.0/i586/libimlib2_1-1.4.1.000-3.2mdv2009.0.i586.rpm
 eb69a0467269d3e46789b6b2a5328b65  2009.0/i586/libimlib2_1-filters-1.4.1.000-3.2mdv2009.0.i586.rpm
 e66144b6c698235602b888f2a90ce22f  2009.0/i586/libimlib2_1-loaders-1.4.1.000-3.2mdv2009.0.i586.rpm
 c5f8f3b4dda137ec74f67997f76edec0  2009.0/i586/libimlib2-devel-1.4.1.000-3.2mdv2009.0.i586.rpm 
 51d6d49bae6bd35ee65ce8a3c7c70c25  2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5e9f4c9af90adaac48130777ea0b784c  2009.0/x86_64/imlib2-data-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 458cc010adaf15fc83848a6d150efd57  2009.0/x86_64/lib64imlib2_1-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 e65c3df3acbb740b50e96c6a40b9ce98  2009.0/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 35be2e751aab4de9edd2db61e4647739  2009.0/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 bbe1ad62f52c79d83fb74ad11ea3840d  2009.0/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdv2009.0.x86_64.rpm 
 51d6d49bae6bd35ee65ce8a3c7c70c25  2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm

 Corporate 4.0:
 0d41f9cb78064f11e4f775e39be9e8ac  corporate/4.0/i586/imlib2-data-1.2.1-1.6.20060mlcs4.i586.rpm
 9ce4cde62732af818be24c6fc33d0279  corporate/4.0/i586/libimlib2_1-1.2.1-1.6.20060mlcs4.i586.rpm
 378625e54b23230947fa8eb237bb8d38  corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.6.20060mlcs4.i586.rpm
 70b27fef5d7a95aad000c2465ec468c7  corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.6.20060mlcs4.i586.rpm
 2062cd95c0ee57f25ec0efc2f1e3a83e  corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.6.20060mlcs4.i586.rpm 
 9b5952347360bd17d25050f8d7f5f7fd  corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a32feafa4926d0f71cf5664b60204dbe  corporate/4.0/x86_64/imlib2-data-1.2.1-1.6.20060mlcs4.x86_64.rpm
 cf30082289356e0a2f45ab71bdb707ca  corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.6.20060mlcs4.x86_64.rpm
 f4ead40dfa17c31b1d87ea0675092375  corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.6.20060mlcs4.x86_64.rpm
 66f87a7e3b4098051fd052dfe16974fc  corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.6.20060mlcs4.x86_64.rpm
 4fb44a690f2db9180cebb87172a46439  corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.6.20060mlcs4.x86_64.rpm 
 9b5952347360bd17d25050f8d7f5f7fd  corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 baf8c0a0ea8254304060455408961a42  mes5/i586/imlib2-data-1.4.1.000-3.2mdvmes5.1.i586.rpm
 1df3ce2a3089561327d7164222d2f9c3  mes5/i586/libimlib2_1-1.4.1.000-3.2mdvmes5.1.i586.rpm
 84e807dd66631fd93cc2fa68a63aa860  mes5/i586/libimlib2_1-filters-1.4.1.000-3.2mdvmes5.1.i586.rpm
 65b8c13302b9ba82dfc932d5ee92d6c9  mes5/i586/libimlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.i586.rpm
 c0b5aacea05f8eee1a2ff3827892decf  mes5/i586/libimlib2-devel-1.4.1.000-3.2mdvmes5.1.i586.rpm 
 baff71f19c813011965e3f83d7efb866  mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8e87ffe2e6a2280c9a4c60b1d280b9c7  mes5/x86_64/imlib2-data-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 e620c5fa18ae672eb89ae03fc36b06a0  mes5/x86_64/lib64imlib2_1-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 3e80f2c8b451511c00278b0b761de8da  mes5/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 93011efa1553c3f90414bb92e6983641  mes5/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 cf3fa26d2adb4eeb35ba92622d6d9165  mes5/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdvmes5.1.x86_64.rpm 
 baff71f19c813011965e3f83d7efb866  mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.