lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OUiY0-0003gB-Mg@titan.mandriva.com>
Date: Fri, 02 Jul 2010 17:53:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:127 ] imlib2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:127
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : imlib2
 Date    : July 2, 2010
 Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in imlib2:
 
 imlib2 before 1.4.2 allows context-dependent attackers to have
 an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,
 (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several
 heap and stack based buffer overflows - partly due to integer
 overflows. (CVE-2008-6079).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 44775a46ed2702b80cbf63e8c1ad6430  2008.0/i586/imlib2-data-1.4.0.003-2.3mdv2008.0.i586.rpm
 a6150d70c6b29b2e21378ca55dc6f35a  2008.0/i586/libimlib2_1-1.4.0.003-2.3mdv2008.0.i586.rpm
 4c663e43d1b53c1e4e5ac32bffca0273  2008.0/i586/libimlib2_1-filters-1.4.0.003-2.3mdv2008.0.i586.rpm
 feba632aa64abc8c9a81e83414777d8b  2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.3mdv2008.0.i586.rpm
 b0dee530993d519f416ccb38d9c79ef8  2008.0/i586/libimlib2-devel-1.4.0.003-2.3mdv2008.0.i586.rpm 
 c24a678f524e7a75852054d9e1e01483  2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d7ef86c53237c09dbf7445a573a235bd  2008.0/x86_64/imlib2-data-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 f710c17aa8151dd76a80e436a75843bc  2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 7d92d382b2852e9313293a396ab15b37  2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 f914ea7be880629917db47ac40700ff3  2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.3mdv2008.0.x86_64.rpm
 09ae18e587c716ae0d95676eb30c539b  2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.3mdv2008.0.x86_64.rpm 
 c24a678f524e7a75852054d9e1e01483  2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 e317f7bcc0b25932bd3125f3c16c90b9  2009.0/i586/imlib2-data-1.4.1.000-3.2mdv2009.0.i586.rpm
 efbc27572707b46bf2c680560b1bc349  2009.0/i586/libimlib2_1-1.4.1.000-3.2mdv2009.0.i586.rpm
 eb69a0467269d3e46789b6b2a5328b65  2009.0/i586/libimlib2_1-filters-1.4.1.000-3.2mdv2009.0.i586.rpm
 e66144b6c698235602b888f2a90ce22f  2009.0/i586/libimlib2_1-loaders-1.4.1.000-3.2mdv2009.0.i586.rpm
 c5f8f3b4dda137ec74f67997f76edec0  2009.0/i586/libimlib2-devel-1.4.1.000-3.2mdv2009.0.i586.rpm 
 51d6d49bae6bd35ee65ce8a3c7c70c25  2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5e9f4c9af90adaac48130777ea0b784c  2009.0/x86_64/imlib2-data-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 458cc010adaf15fc83848a6d150efd57  2009.0/x86_64/lib64imlib2_1-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 e65c3df3acbb740b50e96c6a40b9ce98  2009.0/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 35be2e751aab4de9edd2db61e4647739  2009.0/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdv2009.0.x86_64.rpm
 bbe1ad62f52c79d83fb74ad11ea3840d  2009.0/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdv2009.0.x86_64.rpm 
 51d6d49bae6bd35ee65ce8a3c7c70c25  2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm

 Corporate 4.0:
 0d41f9cb78064f11e4f775e39be9e8ac  corporate/4.0/i586/imlib2-data-1.2.1-1.6.20060mlcs4.i586.rpm
 9ce4cde62732af818be24c6fc33d0279  corporate/4.0/i586/libimlib2_1-1.2.1-1.6.20060mlcs4.i586.rpm
 378625e54b23230947fa8eb237bb8d38  corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.6.20060mlcs4.i586.rpm
 70b27fef5d7a95aad000c2465ec468c7  corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.6.20060mlcs4.i586.rpm
 2062cd95c0ee57f25ec0efc2f1e3a83e  corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.6.20060mlcs4.i586.rpm 
 9b5952347360bd17d25050f8d7f5f7fd  corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a32feafa4926d0f71cf5664b60204dbe  corporate/4.0/x86_64/imlib2-data-1.2.1-1.6.20060mlcs4.x86_64.rpm
 cf30082289356e0a2f45ab71bdb707ca  corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.6.20060mlcs4.x86_64.rpm
 f4ead40dfa17c31b1d87ea0675092375  corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.6.20060mlcs4.x86_64.rpm
 66f87a7e3b4098051fd052dfe16974fc  corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.6.20060mlcs4.x86_64.rpm
 4fb44a690f2db9180cebb87172a46439  corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.6.20060mlcs4.x86_64.rpm 
 9b5952347360bd17d25050f8d7f5f7fd  corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 baf8c0a0ea8254304060455408961a42  mes5/i586/imlib2-data-1.4.1.000-3.2mdvmes5.1.i586.rpm
 1df3ce2a3089561327d7164222d2f9c3  mes5/i586/libimlib2_1-1.4.1.000-3.2mdvmes5.1.i586.rpm
 84e807dd66631fd93cc2fa68a63aa860  mes5/i586/libimlib2_1-filters-1.4.1.000-3.2mdvmes5.1.i586.rpm
 65b8c13302b9ba82dfc932d5ee92d6c9  mes5/i586/libimlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.i586.rpm
 c0b5aacea05f8eee1a2ff3827892decf  mes5/i586/libimlib2-devel-1.4.1.000-3.2mdvmes5.1.i586.rpm 
 baff71f19c813011965e3f83d7efb866  mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8e87ffe2e6a2280c9a4c60b1d280b9c7  mes5/x86_64/imlib2-data-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 e620c5fa18ae672eb89ae03fc36b06a0  mes5/x86_64/lib64imlib2_1-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 3e80f2c8b451511c00278b0b761de8da  mes5/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 93011efa1553c3f90414bb92e6983641  mes5/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
 cf3fa26d2adb4eeb35ba92622d6d9165  mes5/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdvmes5.1.x86_64.rpm 
 baff71f19c813011965e3f83d7efb866  mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMLdwymqjQ0CJFipgRAkSIAKC9LeOFWIgsvDIEn9TQpgOVgHXEogCgnFA7
2+ZYhGX7QkxTpsjOMBU7WUU=
=AEIO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ