Home / vulnerabilities MDVSA-2008-123.txt
Posted on 26 June 2008
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:123
http://www.mandriva.com/security/
_______________________________________________________________________
Package : imlib2
Date : June 25, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Stefan Cornelius discovered two buffer overflows in Imlib's image
loaders for PNM and XPM images, which could possibly result in the
execution of arbitrary code (CVE-2008-2426).
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
1ecafd85391001ebb4d30209552309ba 2007.1/i586/imlib2-data-1.2.2-3.2mdv2007.1.i586.rpm
3737a0a9fd33471a724f6f8902dd9726 2007.1/i586/libimlib2_1-1.2.2-3.2mdv2007.1.i586.rpm
bdca73870489834a7237723734c2cfe9 2007.1/i586/libimlib2_1-devel-1.2.2-3.2mdv2007.1.i586.rpm
09a10fa2bfac9b0a4bc544e4b4a5c2c0 2007.1/i586/libimlib2_1-filters-1.2.2-3.2mdv2007.1.i586.rpm
cf47069a5a66673ab43d96ca45fe00a7 2007.1/i586/libimlib2_1-loaders-1.2.2-3.2mdv2007.1.i586.rpm
75afe69b0e922d72122bd3a4498bfe8f 2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
a849312fa506167d86addce88916b87a 2007.1/x86_64/imlib2-data-1.2.2-3.2mdv2007.1.x86_64.rpm
f479fa3a9822eda1ee711c64e4371295 2007.1/x86_64/lib64imlib2_1-1.2.2-3.2mdv2007.1.x86_64.rpm
8608807fe46db99a5812bc06e893e334 2007.1/x86_64/lib64imlib2_1-devel-1.2.2-3.2mdv2007.1.x86_64.rpm
188de9396d778da58af40db064d85589 2007.1/x86_64/lib64imlib2_1-filters-1.2.2-3.2mdv2007.1.x86_64.rpm
2e60dccd71bbd149859beaa786234616 2007.1/x86_64/lib64imlib2_1-loaders-1.2.2-3.2mdv2007.1.x86_64.rpm
75afe69b0e922d72122bd3a4498bfe8f 2007.1/SRPMS/imlib2-1.2.2-3.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
1214ee42f4076fec8704794bc767916e 2008.0/i586/imlib2-data-1.4.0.003-2.1mdv2008.0.i586.rpm
eb5319b2c8cb33a204332822e6349201 2008.0/i586/libimlib2_1-1.4.0.003-2.1mdv2008.0.i586.rpm
ea8dbec91f1a8299550f2ff4acb17980 2008.0/i586/libimlib2_1-filters-1.4.0.003-2.1mdv2008.0.i586.rpm
6362adf88ef3e4179f9a31b9acb20dcb 2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.1mdv2008.0.i586.rpm
116ac3cb141512cc78adb8a1f4c37ecb 2008.0/i586/libimlib2-devel-1.4.0.003-2.1mdv2008.0.i586.rpm
42f76cee20ca495e92f7ba5ca98408e8 2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f3ec35cf049082651ef9f4db223e830b 2008.0/x86_64/imlib2-data-1.4.0.003-2.1mdv2008.0.x86_64.rpm
dccec6f91c995c5ac32c0c6de00b2acc 2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.1mdv2008.0.x86_64.rpm
7fb7d920e314dcbfba83d0205c58e5a7 2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.1mdv2008.0.x86_64.rpm
4285b0a221052eabb0287873c615e6bc 2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.1mdv2008.0.x86_64.rpm
5b3650f57fc915e344cb53366c865de6 2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.1mdv2008.0.x86_64.rpm
42f76cee20ca495e92f7ba5ca98408e8 2008.0/SRPMS/imlib2-1.4.0.003-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
61630dec23098687773aa4fdec0da7de 2008.1/i586/imlib2-data-1.4.0.003-4.1mdv2008.1.i586.rpm
31eca31bf55a696bda613046687bb3c2 2008.1/i586/libimlib2_1-1.4.0.003-4.1mdv2008.1.i586.rpm
7292f56c20d9413cfd826e3f7d4ed04b 2008.1/i586/libimlib2_1-filters-1.4.0.003-4.1mdv2008.1.i586.rpm
5fce6ab5d5dca0077c0a86b3a3d73c33 2008.1/i586/libimlib2_1-loaders-1.4.0.003-4.1mdv2008.1.i586.rpm
85bda71fab55a242d68336f4267e0188 2008.1/i586/libimlib2-devel-1.4.0.003-4.1mdv2008.1.i586.rpm
8c34ee1b5d7ba25a4e38991212628a73 2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
f3dd712617045232ceecaa82a3177352 2008.1/x86_64/imlib2-data-1.4.0.003-4.1mdv2008.1.x86_64.rpm
b06834c0f22ccfc256681a48a93033a3 2008.1/x86_64/lib64imlib2_1-1.4.0.003-4.1mdv2008.1.x86_64.rpm
5ea2f28aab852d9f62693dcc5e8ecdd4 2008.1/x86_64/lib64imlib2_1-filters-1.4.0.003-4.1mdv2008.1.x86_64.rpm
b6e8fba14f5b8da8d54c167f5ea25da7 2008.1/x86_64/lib64imlib2_1-loaders-1.4.0.003-4.1mdv2008.1.x86_64.rpm
b04ebb76f8efac0d2a02f49d34443918 2008.1/x86_64/lib64imlib2-devel-1.4.0.003-4.1mdv2008.1.x86_64.rpm
8c34ee1b5d7ba25a4e38991212628a73 2008.1/SRPMS/imlib2-1.4.0.003-4.1mdv2008.1.src.rpm
Corporate 3.0:
22503a39dda4bfffe3c65232e7d87c93 corporate/3.0/i586/libimlib2_1-1.0.6-4.5.C30mdk.i586.rpm
a03ce61ccf1c8c5070a168c5349b358c corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.5.C30mdk.i586.rpm
58d70546c96b5a46ac8ca01f1ff3384e corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.5.C30mdk.i586.rpm
42916631379dd652af28865ac46d03b6 corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.5.C30mdk.i586.rpm
b494bd83d273dd46d71eca324bca5416 corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
1f3bd632cf8d35c6d39b246f1249579a corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.5.C30mdk.x86_64.rpm
2a9b0f77a8b889e06f779274e0008fc8 corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.5.C30mdk.x86_64.rpm
f7dbc8a2aa66932553ce5766f8bd7566 corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.5.C30mdk.x86_64.rpm
0fc7214ac8520db812f4fb3c7feb844e corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.5.C30mdk.x86_64.rpm
b494bd83d273dd46d71eca324bca5416 corporate/3.0/SRPMS/imlib2-1.0.6-4.5.C30mdk.src.rpm
Corporate 4.0:
71d4dd6004a7a8fdd021c9ee3e12833e corporate/4.0/i586/imlib2-data-1.2.1-1.4.20060mlcs4.i586.rpm
64ea155ea7d232ec0cd4ca0312d46d6b corporate/4.0/i586/libimlib2_1-1.2.1-1.4.20060mlcs4.i586.rpm
d32d8308dc1e1c255b3a0760347fb309 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.4.20060mlcs4.i586.rpm
68d0ad2024383f05cc1609fbba6fd2ad corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.4.20060mlcs4.i586.rpm
232ee295638c7403f493c39b5ce4813e corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.4.20060mlcs4.i586.rpm
dba76014532c7a9b1c8ba646324263ae corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0e36868fe671a6e97ed37b7e272abe06 corporate/4.0/x86_64/imlib2-data-1.2.1-1.4.20060mlcs4.x86_64.rpm
5037005d5d71e60e75d283cef7c8704e corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.4.20060mlcs4.x86_64.rpm
c822cf77f4cca4e4edd602d25db126ea corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.4.20060mlcs4.x86_64.rpm
a448734f54c6e97f287a441a711aa8f3 corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.4.20060mlcs4.x86_64.rpm
74d9ee28fc94bbc2d44162fc1d4efe33 corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.4.20060mlcs4.x86_64.rpm
dba76014532c7a9b1c8ba646324263ae corporate/4.0/SRPMS/imlib2-1.2.1-1.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIYmvvmqjQ0CJFipgRAupZAJ44Mn0CGl9nhfCba/LxlZ8rHG3NywCgxVz2
THkDcXYGQo9+HLuvSHEuCJg=
=yEaf
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/