lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1KBaMW-0002oI-U9@titan.mandriva.com>
Date: Wed, 25 Jun 2008 13:09:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:123 ] - Updated imlib2 packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:123
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : imlib2
 Date    : June 25, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stefan Cornelius discovered two buffer overflows in Imlib's image
 loaders for PNM and XPM images, which could possibly result in the
 execution of arbitrary code (CVE-2008-2426).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 1ecafd85391001ebb4d30209552309ba  2007.1/i586/imlib2-data-1.2.2-3.2mdv2007.1.i586.rpm
 3737a0a9fd33471a724f6f8902dd9726  2007.1/i586/libimlib2_1-1.2.2-3.2mdv2007.1.i586.rpm
 bdca73870489834a7237723734c2cfe9  2007.1/i586/libimlib2_1-devel-1.2.2-3.2mdv2007.1.i586.rpm
 09a10fa2bfac9b0a4bc544e4b4a5c2c0  2007.1/i586/libimlib2_1-filters-1.2.2-3.2mdv2007.1.i586.rpm
 cf47069a5a66673ab43d96ca45fe00a7  2007.1/i586/libimlib2_1-loaders-1.2.2-3.2mdv2007.1.i586.rpm 
 75afe69b0e922d72122bd3a4498bfe8f  2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 a849312fa506167d86addce88916b87a  2007.1/x86_64/imlib2-data-1.2.2-3.2mdv2007.1.x86_64.rpm
 f479fa3a9822eda1ee711c64e4371295  2007.1/x86_64/lib64imlib2_1-1.2.2-3.2mdv2007.1.x86_64.rpm
 8608807fe46db99a5812bc06e893e334  2007.1/x86_64/lib64imlib2_1-devel-1.2.2-3.2mdv2007.1.x86_64.rpm
 188de9396d778da58af40db064d85589  2007.1/x86_64/lib64imlib2_1-filters-1.2.2-3.2mdv2007.1.x86_64.rpm
 2e60dccd71bbd149859beaa786234616  2007.1/x86_64/lib64imlib2_1-loaders-1.2.2-3.2mdv2007.1.x86_64.rpm 
 75afe69b0e922d72122bd3a4498bfe8f  2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1214ee42f4076fec8704794bc767916e  2008.0/i586/imlib2-data-1.4.0.003-2.1mdv2008.0.i586.rpm
 eb5319b2c8cb33a204332822e6349201  2008.0/i586/libimlib2_1-1.4.0.003-2.1mdv2008.0.i586.rpm
 ea8dbec91f1a8299550f2ff4acb17980  2008.0/i586/libimlib2_1-filters-1.4.0.003-2.1mdv2008.0.i586.rpm
 6362adf88ef3e4179f9a31b9acb20dcb  2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.1mdv2008.0.i586.rpm
 116ac3cb141512cc78adb8a1f4c37ecb  2008.0/i586/libimlib2-devel-1.4.0.003-2.1mdv2008.0.i586.rpm 
 42f76cee20ca495e92f7ba5ca98408e8  2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f3ec35cf049082651ef9f4db223e830b  2008.0/x86_64/imlib2-data-1.4.0.003-2.1mdv2008.0.x86_64.rpm
 dccec6f91c995c5ac32c0c6de00b2acc  2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.1mdv2008.0.x86_64.rpm
 7fb7d920e314dcbfba83d0205c58e5a7  2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.1mdv2008.0.x86_64.rpm
 4285b0a221052eabb0287873c615e6bc  2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.1mdv2008.0.x86_64.rpm
 5b3650f57fc915e344cb53366c865de6  2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.1mdv2008.0.x86_64.rpm 
 42f76cee20ca495e92f7ba5ca98408e8  2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 61630dec23098687773aa4fdec0da7de  2008.1/i586/imlib2-data-1.4.0.003-4.1mdv2008.1.i586.rpm
 31eca31bf55a696bda613046687bb3c2  2008.1/i586/libimlib2_1-1.4.0.003-4.1mdv2008.1.i586.rpm
 7292f56c20d9413cfd826e3f7d4ed04b  2008.1/i586/libimlib2_1-filters-1.4.0.003-4.1mdv2008.1.i586.rpm
 5fce6ab5d5dca0077c0a86b3a3d73c33  2008.1/i586/libimlib2_1-loaders-1.4.0.003-4.1mdv2008.1.i586.rpm
 85bda71fab55a242d68336f4267e0188  2008.1/i586/libimlib2-devel-1.4.0.003-4.1mdv2008.1.i586.rpm 
 8c34ee1b5d7ba25a4e38991212628a73  2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 f3dd712617045232ceecaa82a3177352  2008.1/x86_64/imlib2-data-1.4.0.003-4.1mdv2008.1.x86_64.rpm
 b06834c0f22ccfc256681a48a93033a3  2008.1/x86_64/lib64imlib2_1-1.4.0.003-4.1mdv2008.1.x86_64.rpm
 5ea2f28aab852d9f62693dcc5e8ecdd4  2008.1/x86_64/lib64imlib2_1-filters-1.4.0.003-4.1mdv2008.1.x86_64.rpm
 b6e8fba14f5b8da8d54c167f5ea25da7  2008.1/x86_64/lib64imlib2_1-loaders-1.4.0.003-4.1mdv2008.1.x86_64.rpm
 b04ebb76f8efac0d2a02f49d34443918  2008.1/x86_64/lib64imlib2-devel-1.4.0.003-4.1mdv2008.1.x86_64.rpm 
 8c34ee1b5d7ba25a4e38991212628a73  2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm

 Corporate 3.0:
 22503a39dda4bfffe3c65232e7d87c93  corporate/3.0/i586/libimlib2_1-1.0.6-4.5.C30mdk.i586.rpm
 a03ce61ccf1c8c5070a168c5349b358c  corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.5.C30mdk.i586.rpm
 58d70546c96b5a46ac8ca01f1ff3384e  corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.5.C30mdk.i586.rpm
 42916631379dd652af28865ac46d03b6  corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.5.C30mdk.i586.rpm 
 b494bd83d273dd46d71eca324bca5416  corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1f3bd632cf8d35c6d39b246f1249579a  corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.5.C30mdk.x86_64.rpm
 2a9b0f77a8b889e06f779274e0008fc8  corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.5.C30mdk.x86_64.rpm
 f7dbc8a2aa66932553ce5766f8bd7566  corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.5.C30mdk.x86_64.rpm
 0fc7214ac8520db812f4fb3c7feb844e  corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.5.C30mdk.x86_64.rpm 
 b494bd83d273dd46d71eca324bca5416  corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm

 Corporate 4.0:
 71d4dd6004a7a8fdd021c9ee3e12833e  corporate/4.0/i586/imlib2-data-1.2.1-1.4.20060mlcs4.i586.rpm
 64ea155ea7d232ec0cd4ca0312d46d6b  corporate/4.0/i586/libimlib2_1-1.2.1-1.4.20060mlcs4.i586.rpm
 d32d8308dc1e1c255b3a0760347fb309  corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.4.20060mlcs4.i586.rpm
 68d0ad2024383f05cc1609fbba6fd2ad  corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.4.20060mlcs4.i586.rpm
 232ee295638c7403f493c39b5ce4813e  corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.4.20060mlcs4.i586.rpm 
 dba76014532c7a9b1c8ba646324263ae  corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0e36868fe671a6e97ed37b7e272abe06  corporate/4.0/x86_64/imlib2-data-1.2.1-1.4.20060mlcs4.x86_64.rpm
 5037005d5d71e60e75d283cef7c8704e  corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.4.20060mlcs4.x86_64.rpm
 c822cf77f4cca4e4edd602d25db126ea  corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.4.20060mlcs4.x86_64.rpm
 a448734f54c6e97f287a441a711aa8f3  corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.4.20060mlcs4.x86_64.rpm
 74d9ee28fc94bbc2d44162fc1d4efe33  corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.4.20060mlcs4.x86_64.rpm 
 dba76014532c7a9b1c8ba646324263ae  corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIYmvvmqjQ0CJFipgRAupZAJ44Mn0CGl9nhfCba/LxlZ8rHG3NywCgxVz2
THkDcXYGQo9+HLuvSHEuCJg=
=yEaf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ