[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041229124501.GA26897@box79162.elkhouse.de>
Date: Wed, 29 Dec 2004 13:45:01 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-53-1] imlib vulnerabilities
===========================================================
Ubuntu Security Notice USN-53-1 December 29, 2004
imlib+png2 vulnerabilities
CAN-2004-1025, CAN-2004-1026
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
imlib1
The problem can be corrected by upgrading the affected package to
version 1.9.14-16ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Pavel Kankovsky discovered several buffer overflows in imlib. If an
attacker tricked a user into loading a malicious image, he could
exploit this to execute arbitrary code in the context of the user
opening the image.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14-16ubuntu1.1.diff.gz
Size/MD5: 155048 6a726a3301c17b80645f762a49ec79dd
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14-16ubuntu1.1.dsc
Size/MD5: 858 6df6a07c640ed10a9861ef51d2f9941b
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14.orig.tar.gz
Size/MD5: 748591 1fa54011e4e1db532d7eadae3ced6a8c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib-base_1.9.14-16ubuntu1.1_all.deb
Size/MD5: 119788 820ec745edf123e562fef6a529fe0066
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_amd64.deb
Size/MD5: 74044 9498a476c75668bb290b78ff0f10499d
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_amd64.deb
Size/MD5: 88028 026f6c8a3332c143114055c802fd6238
http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_amd64.deb
Size/MD5: 262676 d2cfb05ccb80f7ee0c3421d6b32bcefa
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_amd64.deb
Size/MD5: 83350 ee5d6556f221ec6d7fbc8ef3831637cd
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_amd64.deb
Size/MD5: 78326 b264e46bb7b1a5b0105f1e05b55e3ede
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_i386.deb
Size/MD5: 66702 9a6380723513e8b97e47d889f4bc77a4
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_i386.deb
Size/MD5: 84630 b1fd13c9a41c7f969fff277be01eb670
http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_i386.deb
Size/MD5: 261126 2505f74604fd9d9ad11584c693e58a51
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_i386.deb
Size/MD5: 77486 df24663c46e87bf32f88bfa566375c9a
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_i386.deb
Size/MD5: 75350 669d2d23c323b646f52a9e16cd204ef2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_powerpc.deb
Size/MD5: 78980 68891cd661c8aac691f2af056a095de7
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_powerpc.deb
Size/MD5: 98918 f17e42a070e505924d505dcc72a50494
http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_powerpc.deb
Size/MD5: 262648 7251f284c6cdd9776f32ca4c7df17758
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_powerpc.deb
Size/MD5: 89266 aabebd44262b402f3fd5f3f8aa4d75e2
http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_powerpc.deb
Size/MD5: 80628 81b6945a2089885797ec25ccd19db7fe
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists