[Security Announce] [ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities

news · June 25, 2008

This is a multi-part message in MIME format...

------------=_1214421064-11275-6677

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:123

http://www.mandriva.com/security/

_______________________________________________________________________

Package : imlib2

Date : June 25, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

Problem Description:

Stefan Cornelius discovered two buffer overflows in Imlib's image

loaders for PNM and XPM images, which could possibly result in the

execution of arbitrary code (CVE-2008-2426).

The updated packages have been patched to prevent this issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

1ecafd85391001ebb4d30209552309ba 2007.1/i586/imlib2-data-1.2.2-3.2mdv2007.1.i586.rpm

3737a0a9fd33471a724f6f8902dd9726 2007.1/i586/libimlib2_1-1.2.2-3.2mdv2007.1.i586.rpm

bdca73870489834a7237723734c2cfe9 2007.1/i586/libimlib2_1-devel-1.2.2-3.2mdv2007.1.i586.rpm

09a10fa2bfac9b0a4bc544e4b4a5c2c0 2007.1/i586/libimlib2_1-filters-1.2.2-3.2mdv2007.1.i586.rpm

cf47069a5a66673ab43d96ca45fe00a7 2007.1/i586/libimlib2_1-loaders-1.2.2-3.2mdv2007.1.i586.rpm

75afe69b0e922d72122bd3a4498bfe8f 2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

a849312fa506167d86addce88916b87a 2007.1/x86_64/imlib2-data-1.2.2-3.2mdv2007.1.x86_64.rpm

f479fa3a9822eda1ee711c64e4371295 2007.1/x86_64/lib64imlib2_1-1.2.2-3.2mdv2007.1.x86_64.rpm

8608807fe46db99a5812bc06e893e334 2007.1/x86_64/lib64imlib2_1-devel-1.2.2-3.2mdv2007.1.x86_64.rpm

188de9396d778da58af40db064d85589 2007.1/x86_64/lib64imlib2_1-filters-1.2.2-3.2mdv2007.1.x86_64.rpm

2e60dccd71bbd149859beaa786234616 2007.1/x86_64/lib64imlib2_1-loaders-1.2.2-3.2mdv2007.1.x86_64.rpm

75afe69b0e922d72122bd3a4498bfe8f 2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:

1214ee42f4076fec8704794bc767916e 2008.0/i586/imlib2-data-1.4.0.003-2.1mdv2008.0.i586.rpm

eb5319b2c8cb33a204332822e6349201 2008.0/i586/libimlib2_1-1.4.0.003-2.1mdv2008.0.i586.rpm

ea8dbec91f1a8299550f2ff4acb17980 2008.0/i586/libimlib2_1-filters-1.4.0.003-2.1mdv2008.0.i586.rpm

6362adf88ef3e4179f9a31b9acb20dcb 2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.1mdv2008.0.i586.rpm

116ac3cb141512cc78adb8a1f4c37ecb 2008.0/i586/libimlib2-devel-1.4.0.003-2.1mdv2008.0.i586.rpm

42f76cee20ca495e92f7ba5ca98408e8 2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

f3ec35cf049082651ef9f4db223e830b 2008.0/x86_64/imlib2-data-1.4.0.003-2.1mdv2008.0.x86_64.rpm

dccec6f91c995c5ac32c0c6de00b2acc 2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.1mdv2008.0.x86_64.rpm

7fb7d920e314dcbfba83d0205c58e5a7 2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.1mdv2008.0.x86_64.rpm

4285b0a221052eabb0287873c615e6bc 2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.1mdv2008.0.x86_64.rpm

5b3650f57fc915e344cb53366c865de6 2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.1mdv2008.0.x86_64.rpm

42f76cee20ca495e92f7ba5ca98408e8 2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:

61630dec23098687773aa4fdec0da7de 2008.1/i586/imlib2-data-1.4.0.003-4.1mdv2008.1.i586.rpm

31eca31bf55a696bda613046687bb3c2 2008.1/i586/libimlib2_1-1.4.0.003-4.1mdv2008.1.i586.rpm

7292f56c20d9413cfd826e3f7d4ed04b 2008.1/i586/libimlib2_1-filters-1.4.0.003-4.1mdv2008.1.i586.rpm

5fce6ab5d5dca0077c0a86b3a3d73c33 2008.1/i586/libimlib2_1-loaders-1.4.0.003-4.1mdv2008.1.i586.rpm

85bda71fab55a242d68336f4267e0188 2008.1/i586/libimlib2-devel-1.4.0.003-4.1mdv2008.1.i586.rpm

8c34ee1b5d7ba25a4e38991212628a73 2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:

f3dd712617045232ceecaa82a3177352 2008.1/x86_64/imlib2-data-1.4.0.003-4.1mdv2008.1.x86_64.rpm

b06834c0f22ccfc256681a48a93033a3 2008.1/x86_64/lib64imlib2_1-1.4.0.003-4.1mdv2008.1.x86_64.rpm

5ea2f28aab852d9f62693dcc5e8ecdd4 2008.1/x86_64/lib64imlib2_1-filters-1.4.0.003-4.1mdv2008.1.x86_64.rpm

b6e8fba14f5b8da8d54c167f5ea25da7 2008.1/x86_64/lib64imlib2_1-loaders-1.4.0.003-4.1mdv2008.1.x86_64.rpm

b04ebb76f8efac0d2a02f49d34443918 2008.1/x86_64/lib64imlib2-devel-1.4.0.003-4.1mdv2008.1.x86_64.rpm

8c34ee1b5d7ba25a4e38991212628a73 2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm

Corporate 3.0:

22503a39dda4bfffe3c65232e7d87c93 corporate/3.0/i586/libimlib2_1-1.0.6-4.5.C30mdk.i586.rpm

a03ce61ccf1c8c5070a168c5349b358c corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.5.C30mdk.i586.rpm

58d70546c96b5a46ac8ca01f1ff3384e corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.5.C30mdk.i586.rpm

42916631379dd652af28865ac46d03b6 corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.5.C30mdk.i586.rpm

b494bd83d273dd46d71eca324bca5416 corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm

Corporate 3.0/X86_64:

1f3bd632cf8d35c6d39b246f1249579a corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.5.C30mdk.x86_64.rpm

2a9b0f77a8b889e06f779274e0008fc8 corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.5.C30mdk.x86_64.rpm

f7dbc8a2aa66932553ce5766f8bd7566 corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.5.C30mdk.x86_64.rpm

0fc7214ac8520db812f4fb3c7feb844e corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.5.C30mdk.x86_64.rpm

b494bd83d273dd46d71eca324bca5416 corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm

Corporate 4.0:

71d4dd6004a7a8fdd021c9ee3e12833e corporate/4.0/i586/imlib2-data-1.2.1-1.4.20060mlcs4.i586.rpm

64ea155ea7d232ec0cd4ca0312d46d6b corporate/4.0/i586/libimlib2_1-1.2.1-1.4.20060mlcs4.i586.rpm

d32d8308dc1e1c255b3a0760347fb309 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.4.20060mlcs4.i586.rpm

68d0ad2024383f05cc1609fbba6fd2ad corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.4.20060mlcs4.i586.rpm

232ee295638c7403f493c39b5ce4813e corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.4.20060mlcs4.i586.rpm

dba76014532c7a9b1c8ba646324263ae corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

0e36868fe671a6e97ed37b7e272abe06 corporate/4.0/x86_64/imlib2-data-1.2.1-1.4.20060mlcs4.x86_64.rpm

5037005d5d71e60e75d283cef7c8704e corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.4.20060mlcs4.x86_64.rpm

c822cf77f4cca4e4edd602d25db126ea corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.4.20060mlcs4.x86_64.rpm

a448734f54c6e97f287a441a711aa8f3 corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.4.20060mlcs4.x86_64.rpm

74d9ee28fc94bbc2d44162fc1d4efe33 corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.4.20060mlcs4.x86_64.rpm

dba76014532c7a9b1c8ba646324263ae corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIYmvvmqjQ0CJFipgRAupZAJ44Mn0CGl9nhfCba/LxlZ8rHG3NywCgxVz2

THkDcXYGQo9+HLuvSHEuCJg=

=yEaf

-----END PGP SIGNATURE-----

------------=_1214421064-11275-6677

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1214421064-11275-6677--

Sign In

[Security Announce] [ MDVSA-2008:123 ] - Updated imlib2 packages fix vulnerabilities

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity