![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:015 - imlib Date: Sat, 18 May 2002 18:37:25 +0100 (BST) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: imlib Summary: Untrusted images can cause crashes and run arbitrary code Date: 2002-05-18 ID: ERISA-2002:015 ========================================================================= Problem description: Versions of imlib prior to 1.9.13 used the NetPBM package in fall-back situations, which had several problems associated with it making it unsafe for handling untrusted images. These problems make it possible for attackers to create image files such that when loaded via software which uses Imlib, could crash the program or potentially allow arbitrary code to be executed. Updated since ERISA-2002:011 (2002-03-27) The previous update fixed the above problems but leaked file descriptors. This would cause some applications (notably Enlightenment) to lock up. This issue is fixed in this release. The older update packages have been pulled from the FTP site. ------------------------------------------------------------------------- Updated packages: 236a9dbdd65a7fe3f4cd0a9822d3e9df imlib-1.9.13-3.src.rpm 76f6076c467cf29630b4630df84a88d7 imlib-1.9.13-3.i386.rpm 1eac1daddda407054714ee86d11c93dd imlib-cfgeditor-1.9.13-3.i386.rpm c73cc1bb35c55543ecef799e1b9a113e imlib-devel-1.9.13-3.i386.rpm ------------------------------------------------------------------------- References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0168 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.