[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OUiY0-0003gB-Mg@titan.mandriva.com>
Date: Fri, 02 Jul 2010 17:53:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:127 ] imlib2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:127
http://www.mandriva.com/security/
_______________________________________________________________________
Package : imlib2
Date : July 2, 2010
Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in imlib2:
imlib2 before 1.4.2 allows context-dependent attackers to have
an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,
(4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several
heap and stack based buffer overflows - partly due to integer
overflows. (CVE-2008-6079).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
44775a46ed2702b80cbf63e8c1ad6430 2008.0/i586/imlib2-data-1.4.0.003-2.3mdv2008.0.i586.rpm
a6150d70c6b29b2e21378ca55dc6f35a 2008.0/i586/libimlib2_1-1.4.0.003-2.3mdv2008.0.i586.rpm
4c663e43d1b53c1e4e5ac32bffca0273 2008.0/i586/libimlib2_1-filters-1.4.0.003-2.3mdv2008.0.i586.rpm
feba632aa64abc8c9a81e83414777d8b 2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.3mdv2008.0.i586.rpm
b0dee530993d519f416ccb38d9c79ef8 2008.0/i586/libimlib2-devel-1.4.0.003-2.3mdv2008.0.i586.rpm
c24a678f524e7a75852054d9e1e01483 2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d7ef86c53237c09dbf7445a573a235bd 2008.0/x86_64/imlib2-data-1.4.0.003-2.3mdv2008.0.x86_64.rpm
f710c17aa8151dd76a80e436a75843bc 2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.3mdv2008.0.x86_64.rpm
7d92d382b2852e9313293a396ab15b37 2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.3mdv2008.0.x86_64.rpm
f914ea7be880629917db47ac40700ff3 2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.3mdv2008.0.x86_64.rpm
09ae18e587c716ae0d95676eb30c539b 2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.3mdv2008.0.x86_64.rpm
c24a678f524e7a75852054d9e1e01483 2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm
Mandriva Linux 2009.0:
e317f7bcc0b25932bd3125f3c16c90b9 2009.0/i586/imlib2-data-1.4.1.000-3.2mdv2009.0.i586.rpm
efbc27572707b46bf2c680560b1bc349 2009.0/i586/libimlib2_1-1.4.1.000-3.2mdv2009.0.i586.rpm
eb69a0467269d3e46789b6b2a5328b65 2009.0/i586/libimlib2_1-filters-1.4.1.000-3.2mdv2009.0.i586.rpm
e66144b6c698235602b888f2a90ce22f 2009.0/i586/libimlib2_1-loaders-1.4.1.000-3.2mdv2009.0.i586.rpm
c5f8f3b4dda137ec74f67997f76edec0 2009.0/i586/libimlib2-devel-1.4.1.000-3.2mdv2009.0.i586.rpm
51d6d49bae6bd35ee65ce8a3c7c70c25 2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
5e9f4c9af90adaac48130777ea0b784c 2009.0/x86_64/imlib2-data-1.4.1.000-3.2mdv2009.0.x86_64.rpm
458cc010adaf15fc83848a6d150efd57 2009.0/x86_64/lib64imlib2_1-1.4.1.000-3.2mdv2009.0.x86_64.rpm
e65c3df3acbb740b50e96c6a40b9ce98 2009.0/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdv2009.0.x86_64.rpm
35be2e751aab4de9edd2db61e4647739 2009.0/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdv2009.0.x86_64.rpm
bbe1ad62f52c79d83fb74ad11ea3840d 2009.0/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdv2009.0.x86_64.rpm
51d6d49bae6bd35ee65ce8a3c7c70c25 2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm
Corporate 4.0:
0d41f9cb78064f11e4f775e39be9e8ac corporate/4.0/i586/imlib2-data-1.2.1-1.6.20060mlcs4.i586.rpm
9ce4cde62732af818be24c6fc33d0279 corporate/4.0/i586/libimlib2_1-1.2.1-1.6.20060mlcs4.i586.rpm
378625e54b23230947fa8eb237bb8d38 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.6.20060mlcs4.i586.rpm
70b27fef5d7a95aad000c2465ec468c7 corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.6.20060mlcs4.i586.rpm
2062cd95c0ee57f25ec0efc2f1e3a83e corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.6.20060mlcs4.i586.rpm
9b5952347360bd17d25050f8d7f5f7fd corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a32feafa4926d0f71cf5664b60204dbe corporate/4.0/x86_64/imlib2-data-1.2.1-1.6.20060mlcs4.x86_64.rpm
cf30082289356e0a2f45ab71bdb707ca corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.6.20060mlcs4.x86_64.rpm
f4ead40dfa17c31b1d87ea0675092375 corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.6.20060mlcs4.x86_64.rpm
66f87a7e3b4098051fd052dfe16974fc corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.6.20060mlcs4.x86_64.rpm
4fb44a690f2db9180cebb87172a46439 corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.6.20060mlcs4.x86_64.rpm
9b5952347360bd17d25050f8d7f5f7fd corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
baf8c0a0ea8254304060455408961a42 mes5/i586/imlib2-data-1.4.1.000-3.2mdvmes5.1.i586.rpm
1df3ce2a3089561327d7164222d2f9c3 mes5/i586/libimlib2_1-1.4.1.000-3.2mdvmes5.1.i586.rpm
84e807dd66631fd93cc2fa68a63aa860 mes5/i586/libimlib2_1-filters-1.4.1.000-3.2mdvmes5.1.i586.rpm
65b8c13302b9ba82dfc932d5ee92d6c9 mes5/i586/libimlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.i586.rpm
c0b5aacea05f8eee1a2ff3827892decf mes5/i586/libimlib2-devel-1.4.1.000-3.2mdvmes5.1.i586.rpm
baff71f19c813011965e3f83d7efb866 mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
8e87ffe2e6a2280c9a4c60b1d280b9c7 mes5/x86_64/imlib2-data-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
e620c5fa18ae672eb89ae03fc36b06a0 mes5/x86_64/lib64imlib2_1-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
3e80f2c8b451511c00278b0b761de8da mes5/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
93011efa1553c3f90414bb92e6983641 mes5/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
cf3fa26d2adb4eeb35ba92622d6d9165 mes5/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdvmes5.1.x86_64.rpm
baff71f19c813011965e3f83d7efb866 mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMLdwymqjQ0CJFipgRAkSIAKC9LeOFWIgsvDIEn9TQpgOVgHXEogCgnFA7
2+ZYhGX7QkxTpsjOMBU7WUU=
=AEIO
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists