Advisories

Mandriva Advisories

Package name	imlib2
Date	August 10th, 2007
Advisory ID	MDKSA-2007:156
Affected versions	2007.1
Synopsis	Updated imlib2 packages fix several issues

Problem Description

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2
graphics library.

The load() function of several of the Imlib2 image loaders does not
check the width and height of an image before allocating memory. As
a result, a carefully crafted image file can trigger a segfault when
an application using Imlib2 attempts to view the image. (CVE-2006-4806)

The tga loader fails to bounds check input data to make sure the
input data doesn load outside the memory mapped region. (CVE-2006-4807)

The RLE decoding loops of the load() function in the tga loader does
not check that the count byte of an RLE packet doesn cause a heap
overflow of the pixel buffer. (CVE-2006-4808)

The load() function of the pnm loader writes arbitrary length user
data into a fixed size stack allocated buffer buf[] without bounds
checking. (CVE-2006-4809)

Updated packages have been patched to prevent these issues.

Updated Packages

Mandriva Linux 2007.1

 93fb0190586a7d3cea1fdebd2f64fd9d  2007.1/i586/imlib2-data-1.2.2-3.1mdv2007.1.i586.rpm
 31eeeba69830afe5c38d8109636d6c69  2007.1/i586/libimlib2_1-1.2.2-3.1mdv2007.1.i586.rpm
 d2d8be16f67dde3b7f504749bf9c890c  2007.1/i586/libimlib2_1-devel-1.2.2-3.1mdv2007.1.i586.rpm
 a3ea749502e4182b4395fc69d8930b62  2007.1/i586/libimlib2_1-filters-1.2.2-3.1mdv2007.1.i586.rpm
 5875424ff95bba848d26994445c26072  2007.1/i586/libimlib2_1-loaders-1.2.2-3.1mdv2007.1.i586.rpm 
 16807bb6a2de35737fc362f88d525fa4  2007.1/SRPMS/imlib2-1.2.2-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 f5bcf12f3d6f900643bf8e4f73a365bf  2007.1/x86_64/imlib2-data-1.2.2-3.1mdv2007.1.x86_64.rpm
 9ed2f086037513d7da5433e93846df70  2007.1/x86_64/lib64imlib2_1-1.2.2-3.1mdv2007.1.x86_64.rpm
 e178a706ae10d9f5cd3b727cd105eaae  2007.1/x86_64/lib64imlib2_1-devel-1.2.2-3.1mdv2007.1.x86_64.rpm
 7957c0ddb6cd1a3cf5161005ec661236  2007.1/x86_64/lib64imlib2_1-filters-1.2.2-3.1mdv2007.1.x86_64.rpm
 765d9d53ddf0b9ec81f6ec4e3fb12338  2007.1/x86_64/lib64imlib2_1-loaders-1.2.2-3.1mdv2007.1.x86_64.rpm 
 16807bb6a2de35737fc362f88d525fa4  2007.1/SRPMS/imlib2-1.2.2-3.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer