[USN-683-1] Imlib2 vulnerability
Subject: [USN-683-1] Imlib2 vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: "[email protected]" <bugtraq@securityfocus.com.>,
[email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -12.4
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.159
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-hEcjMUhJXPxbeMfFKsG9"
Date: Tue, 02 Dec 2008 11:24:02 -0500
Message-Id: <1228235042.8552.1.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-hEcjMUhJXPxbeMfFKsG9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-683-1 December 02, 2008
imlib2 vulnerability
CVE-2008-5187
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libimlib2 1.2.1-2ubuntu0.3
Ubuntu 7.10:
libimlib2 1.3.0.0debian1-4ubuntu0.1
Ubuntu 8.04 LTS:
libimlib2 1.4.0-1ubuntu1.1
Ubuntu 8.10:
libimlib2 1.4.0-1.1ubuntu1.1
After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.
Details follow:
It was discovered that Imlib2 did not correctly handle certain malformed
XPM images. If a user were tricked into opening a specially crafted image
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.3.diff.gz
Size/MD5: 111655 1db5e38ae075ba7879e2379de336fa60
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.3.dsc
Size/MD5: 753 d207af283f3356525dd8bf1863b18dde
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.=
tar.gz
Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.3_amd64.deb
Size/MD5: 352032 ca8a615db5f3fe5f9d9e7be5bc6e5251
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.3_amd64.deb
Size/MD5: 214630 575972ea6305a67fb7dba4a9767bd738
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.3_i386.deb
Size/MD5: 302506 558d3ca8288047f906d0abe64cacff0a
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.3_i386.deb
Size/MD5: 193346 8814a94983cb3dc69c8751f8ffb0c0a7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.3_powerpc.deb
Size/MD5: 341950 42cd29c55636cf54b595d40a1d8da334
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.3_powerpc.deb
Size/MD5: 212852 aebcc16c8a0f26d97ff9b8853bc96344
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.3_sparc.deb
Size/MD5: 318490 f96156937b2ac3fddfef13feab5c317b
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.3_sparc.deb
Size/MD5: 194030 74b17b7473671d6bce17168e3a93892e
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.1.diff.gz
Size/MD5: 13311 8aace634a15651f892a707288bb06d80
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.1.dsc
Size/MD5: 873 b0131ffc8e50111ef870a805d74b5603
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1.orig.tar.gz
Size/MD5: 617750 7f389463afdb09310fa61e5036714bb3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.1_amd64.deb
Size/MD5: 365864 03137784605c2957899f2e3ea98c7abb
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.1_amd64.deb
Size/MD5: 213966 04d1d6d16c95ef15d400b69f946ef465
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.1_i386.deb
Size/MD5: 334386 8964c1cf0d89fce685e45c275fe9b398
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.1_i386.deb
Size/MD5: 205672 7eda0e69c39446878a3604fcfa2bd100
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1=
-4ubuntu0.1_lpia.deb
Size/MD5: 341396 c566cf2c1190d50307518180ecbaf1f8
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ub=
untu0.1_lpia.deb
Size/MD5: 209212 cbdccce66f76e6811562e07c69b00001
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.1_powerpc.deb
Size/MD5: 362434 7174f6ee1792aa3e93f90ec6cf6bd05b
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.1_powerpc.deb
Size/MD5: 229776 a5bfce5092d800574750491de6f24f71
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.1_sparc.deb
Size/MD5: 338858 a727f8fe8ee40579070f519ffe850ea6
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.1_sparc.deb
Size/MD5: 200882 6cb8819fdc9d1782627c516510aec328
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.1.diff.gz
Size/MD5: 56206 26e4031ba0fcdb20ab253d387503c4f3
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.1.dsc
Size/MD5: 843 8801c85496cc40b02fd9c8c8e7a5ecf4
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.=
tar.gz
Size/MD5: 845017 1f7f497798e06085767d645b0673562a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.1_amd64.deb
Size/MD5: 344406 c04c37389fb2d858d0b564ec88ffaf28
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.1_amd64.deb
Size/MD5: 199718 5c231fd28f7c89db183623a76136058b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.1_i386.deb
Size/MD5: 309666 4268bead6afda98818eddf883709ce2b
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.1_i386.deb
Size/MD5: 190212 3e60cdf97e47607e3fc821af96c1fbb1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.1_lpia.deb
Size/MD5: 318240 5846ac281ac72f03a22a391e21476c37
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_l=
pia.deb
Size/MD5: 194098 413867c3a222937d5d90ee0ff4e9af61
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.1_powerpc.deb
Size/MD5: 336314 e0028411b4af81155c1982ff337d42ee
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_p=
owerpc.deb
Size/MD5: 211612 2df6e5a5df87ca1d3a95d7918ff01a65
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.1_sparc.deb
Size/MD5: 314234 67fccb39c18bcb39a773b0eb5e2fe9e1
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.1_s=
parc.deb
Size/MD5: 181098 3bf535ce2f3d9385e61b271426e45c37
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ub=
untu1.1.diff.gz
Size/MD5: 56403 70e219ec859f25bdf7ac45f07faa2afe
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1.1ub=
untu1.1.dsc
Size/MD5: 1246 4e61ec19bae78ef99c632a398a4dd081
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.=
tar.gz
Size/MD5: 845017 1f7f497798e06085767d645b0673562a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1.1ubuntu1.1_amd64.deb
Size/MD5: 357022 ea21a9132b0654c39c05866edec72dd8
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.=
1ubuntu1.1_amd64.deb
Size/MD5: 206042 a8648520afe8a53116613df55736712b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1.1ubuntu1.1_i386.deb
Size/MD5: 319786 487eced921c7baa6be606961f6020dd0
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1.=
1ubuntu1.1_i386.deb
Size/MD5: 196246 4015b74d4e91e1720bdcc6d537de3bc2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubunt=
u1.1_lpia.deb
Size/MD5: 324676 827319f43ba42952929ee373b4659d91
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1=
_lpia.deb
Size/MD5: 197582 ac1494911ce7181bf413933b0d10c1b0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubunt=
u1.1_powerpc.deb
Size/MD5: 348320 5c8fac9d47df022aabaed60ec895caee
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1=
_powerpc.deb
Size/MD5: 219940 5d8a707d8a1278d90c1d39e5da9fa3f1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1.1ubunt=
u1.1_sparc.deb
Size/MD5: 321206 89fb42e14d2e5f4edb2edfd290e544f2
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1.1ubuntu1.1=
_sparc.deb
Size/MD5: 185468 96423e069f49158142bf1b5d8627e5b4
--=-hEcjMUhJXPxbeMfFKsG9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkk1YR8ACgkQLMAs/0C4zNpdHwCgvjEPDhTaU3CYq1oUdFFQJzlz
Q8IAn2RipAPZ8p2KJZFxYGyC90asRZpf
=WlM8
-----END PGP SIGNATURE-----
--=-hEcjMUhJXPxbeMfFKsG9--