lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041229124501.GA26897@box79162.elkhouse.de>
Date: Wed, 29 Dec 2004 13:45:01 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-53-1] imlib vulnerabilities

===========================================================
Ubuntu Security Notice USN-53-1		  December 29, 2004
imlib+png2 vulnerabilities
CAN-2004-1025, CAN-2004-1026
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

imlib1

The problem can be corrected by upgrading the affected package to
version 1.9.14-16ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Pavel Kankovsky discovered several buffer overflows in imlib. If an
attacker tricked a user into loading a malicious image, he could
exploit this to execute arbitrary code in the context of the user
opening the image.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14-16ubuntu1.1.diff.gz
      Size/MD5:   155048 6a726a3301c17b80645f762a49ec79dd
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14-16ubuntu1.1.dsc
      Size/MD5:      858 6df6a07c640ed10a9861ef51d2f9941b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib+png2_1.9.14.orig.tar.gz
      Size/MD5:   748591 1fa54011e4e1db532d7eadae3ced6a8c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib-base_1.9.14-16ubuntu1.1_all.deb
      Size/MD5:   119788 820ec745edf123e562fef6a529fe0066

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_amd64.deb
      Size/MD5:    74044 9498a476c75668bb290b78ff0f10499d
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_amd64.deb
      Size/MD5:    88028 026f6c8a3332c143114055c802fd6238
    http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_amd64.deb
      Size/MD5:   262676 d2cfb05ccb80f7ee0c3421d6b32bcefa
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_amd64.deb
      Size/MD5:    83350 ee5d6556f221ec6d7fbc8ef3831637cd
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_amd64.deb
      Size/MD5:    78326 b264e46bb7b1a5b0105f1e05b55e3ede

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_i386.deb
      Size/MD5:    66702 9a6380723513e8b97e47d889f4bc77a4
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_i386.deb
      Size/MD5:    84630 b1fd13c9a41c7f969fff277be01eb670
    http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_i386.deb
      Size/MD5:   261126 2505f74604fd9d9ad11584c693e58a51
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_i386.deb
      Size/MD5:    77486 df24663c46e87bf32f88bfa566375c9a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_i386.deb
      Size/MD5:    75350 669d2d23c323b646f52a9e16cd204ef2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1-dev_1.9.14-16ubuntu1.1_powerpc.deb
      Size/MD5:    78980 68891cd661c8aac691f2af056a095de7
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/gdk-imlib1_1.9.14-16ubuntu1.1_powerpc.deb
      Size/MD5:    98918 f17e42a070e505924d505dcc72a50494
    http://security.ubuntu.com/ubuntu/pool/universe/i/imlib+png2/imlib-progs_1.9.14-16ubuntu1.1_powerpc.deb
      Size/MD5:   262648 7251f284c6cdd9776f32ca4c7df17758
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1-dev_1.9.14-16ubuntu1.1_powerpc.deb
      Size/MD5:    89266 aabebd44262b402f3fd5f3f8aa4d75e2
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib+png2/imlib1_1.9.14-16ubuntu1.1_powerpc.deb
      Size/MD5:    80628 81b6945a2089885797ec25ccd19db7fe

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ