Advisories

Mandriva Advisories

Package name	imlib
Date	April 25th, 2002
Advisory ID	MDKSA-2002:029
Affected versions	7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis	Updated imlib packages fix image viewing vulnerabilities

Problem Description

Previous versions of imlib, prior to 1.9.13, would fall back to the
NetPBM library which is not suitable for loading untrusted images due
to various problem in it's code. The new imlib also fixes some
problems with arguments passed to malloc(). These problems could allow
attackers to construct images that could cause crashes or, potentially,
the execution of arbitrary code when said images are loaded by a viewer
that uses imlib.

Thanks to Alan Cox and Al Viro for discovering the problems.

Updated Packages

Mandrakelinux 7.1

 fe82fcada2f3d71a562b0551594192ac  7.1/RPMS/imlib-1.9.13-2.5mdk.i586.rpm
a4aa27f231f94ea586c71f538af32f04  7.1/RPMS/imlib-cfgeditor-1.9.13-2.5mdk.i586.rpm
f195bf7954cd7efe2617fba434a8ed93  7.1/RPMS/imlib-devel-1.9.13-2.5mdk.i586.rpm
b052c14ed00cc28096a92f9070d3e096  7.1/SRPMS/imlib-1.9.13-2.5mdk.src.rpm

Mandrakelinux 7.2

 4e7046816f14ea82116bbc1afb9b59e2  7.2/RPMS/imlib-1.9.13-2.4mdk.i586.rpm
376d6333b6ec112499240c8d0f13fb36  7.2/RPMS/imlib-cfgeditor-1.9.13-2.4mdk.i586.rpm
3535da52444176f3cb3f1ef42bce8d72  7.2/RPMS/imlib-devel-1.9.13-2.4mdk.i586.rpm
858f5bd0f2612c370b89aa35b22845f0  7.2/SRPMS/imlib-1.9.13-2.4mdk.src.rpm

Mandrakelinux 8.0

 6214439510523b121714230529ddcc99  8.0/RPMS/imlib-1.9.13-2.3mdk.i586.rpm
4435d0efbcf6f7284b865c11c2a085f0  8.0/RPMS/imlib-cfgeditor-1.9.13-2.3mdk.i586.rpm
c62d8f27629120f6ee63890fb50382f9  8.0/RPMS/libimlib1-1.9.13-2.3mdk.i586.rpm
1de239cf58fa591b2fbf41464162b911  8.0/RPMS/libimlib1-devel-1.9.13-2.3mdk.i586.rpm
f3f793d3bd22fe535ec42bae82d005f3  8.0/SRPMS/imlib-1.9.13-2.3mdk.src.rpm

Mandrakelinux 8.0/PPC

 bdd699794efd03798ade44013e7dd81a  ppc/8.0/RPMS/imlib-1.9.13-2.3mdk.ppc.rpm
4244d7f2f5c5d201a8f2528fad06e19f  ppc/8.0/RPMS/imlib-cfgeditor-1.9.13-2.3mdk.ppc.rpm
444762d5d1e1efe4f04d7f3935c3f90f  ppc/8.0/RPMS/libimlib1-1.9.13-2.3mdk.ppc.rpm
d01d60692e89c6548921e5e45df24b45  ppc/8.0/RPMS/libimlib1-devel-1.9.13-2.3mdk.ppc.rpm
f3f793d3bd22fe535ec42bae82d005f3  ppc/8.0/SRPMS/imlib-1.9.13-2.3mdk.src.rpm

Mandrakelinux 8.1

 d6c94b82b7b1e58cb0563bb660fc1ea2  8.1/RPMS/imlib-1.9.13-2.2mdk.i586.rpm
b07e7add5625ab037b6280fe7bbc699f  8.1/RPMS/imlib-cfgeditor-1.9.13-2.2mdk.i586.rpm
14fd63429b7ec31cc5c9b11698999624  8.1/RPMS/libimlib1-1.9.13-2.2mdk.i586.rpm
077f49ab8ba83c7c05211a04426d43b3  8.1/RPMS/libimlib1-devel-1.9.13-2.2mdk.i586.rpm
28d2e4164472fea78ed47ccb9b50f9d2  8.1/SRPMS/imlib-1.9.13-2.2mdk.src.rpm

Mandrakelinux 8.1/IA64

 54161570f5b4ee991a31782405f580a1  ia64/8.1/RPMS/imlib-1.9.13-2.2mdk.ia64.rpm
bfe7a2b9eb4420f60cd8a8545e3ef34c  ia64/8.1/RPMS/imlib-cfgeditor-1.9.13-2.2mdk.ia64.rpm
64d932435e1ac3f53ec8adede7a96824  ia64/8.1/RPMS/libimlib1-1.9.13-2.2mdk.ia64.rpm
163d8b38a5a46094d5c903c5c2cd8590  ia64/8.1/RPMS/libimlib1-devel-1.9.13-2.2mdk.ia64.rpm
28d2e4164472fea78ed47ccb9b50f9d2  ia64/8.1/SRPMS/imlib-1.9.13-2.2mdk.src.rpm

Mandrakelinux 8.2

 144d8deeea93b0eb3e4566733093d8e8  8.2/RPMS/imlib-1.9.13-2.1mdk.i586.rpm
6f032201e345f1afadcf0c6485bdaeb9  8.2/RPMS/imlib-cfgeditor-1.9.13-2.1mdk.i586.rpm
49ca7d2fae68f8df49c23df9db50f71c  8.2/RPMS/libimlib1-1.9.13-2.1mdk.i586.rpm
08820637df4ac6747d925a031b82e226  8.2/RPMS/libimlib1-devel-1.9.13-2.1mdk.i586.rpm
74ae164faf005e3f0ee66d9361640b5b  8.2/SRPMS/imlib-1.9.13-2.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 3f5b3afe7447721b62cc9672ca4ce7ec  ppc/8.2/RPMS/imlib-1.9.13-2.1mdk.ppc.rpm
ac29822651c1a9be78456a683b7a6c2d  ppc/8.2/RPMS/imlib-cfgeditor-1.9.13-2.1mdk.ppc.rpm
b0e6e0e4740e527dba83fe8f455c4f29  ppc/8.2/RPMS/libimlib1-1.9.13-2.1mdk.ppc.rpm
ea3af5a8bf76b78be7fd9d54d0c49db7  ppc/8.2/RPMS/libimlib1-devel-1.9.13-2.1mdk.ppc.rpm
74ae164faf005e3f0ee66d9361640b5b  ppc/8.2/SRPMS/imlib-1.9.13-2.1mdk.src.rpm

Corporate Server 1.0.1

 fe82fcada2f3d71a562b0551594192ac  1.0.1/RPMS/imlib-1.9.13-2.5mdk.i586.rpm
a4aa27f231f94ea586c71f538af32f04  1.0.1/RPMS/imlib-cfgeditor-1.9.13-2.5mdk.i586.rpm
f195bf7954cd7efe2617fba434a8ed93  1.0.1/RPMS/imlib-devel-1.9.13-2.5mdk.i586.rpm
b052c14ed00cc28096a92f9070d3e096  1.0.1/SRPMS/imlib-1.9.13-2.5mdk.src.rpm

References

http://online.securityfocus.com/bid/4336
http://online.securityfocus.com/bid/4339

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer