The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-697-1] Imlib2 vulnerability


<< Previous INDEX Search src / Print Next >>
Subject: [USN-697-1] Imlib2 vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -13.6
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.167
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-v6PMMMesb4pmaU5XvSBr"
Date: Mon, 22 Dec 2008 09:35:17 -0500
Message-Id: <1229956517.23276.7.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-v6PMMMesb4pmaU5XvSBr
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-697-1          December 22, 2008
imlib2 vulnerability
CVE-2008-2426
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libimlib2                       1.2.1-2ubuntu0.4

Ubuntu 7.10:
  libimlib2                       1.3.0.0debian1-4ubuntu0.2

Ubuntu 8.04 LTS:
  libimlib2                       1.4.0-1ubuntu1.2

After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.

Details follow:

It was discovered that Imlib2 did not correctly handle certain malformed XP=
M
and PNG images. If a user were tricked into opening a specially crafted ima=
ge
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.4.diff.gz
      Size/MD5:   112004 40358c580aa8df51d351dd6e7f5a16c8
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.4.dsc
      Size/MD5:      753 5420a8a79b55140d8e24db8f2de00dd6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.=
tar.gz
      Size/MD5:   911360 deb3c9713339fe9ca964e100cce42cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_amd64.deb
      Size/MD5:   352146 b50aee75d96a48b69302db0b41ae17ad
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_amd64.deb
      Size/MD5:   214740 b699d7ceafc603c4da9c42325732e076

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_i386.deb
      Size/MD5:   302668 ebf21b1c1a22e4802a18c82f59de28e8
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_i386.deb
      Size/MD5:   193408 34bfcc6c8dc0986f44e06ec5d7410665

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_powerpc.deb
      Size/MD5:   342046 295d87aa13c311a74cd344c0f073af6d
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_powerpc.deb
      Size/MD5:   212958 93c174a40fc7d88d48a70f5fdb09a3f5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_sparc.deb
      Size/MD5:   318588 e21dc5553e88054dfd9010cc898181f9
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_sparc.deb
      Size/MD5:   194098 fbe1c22aad50c8258c140c67dd85894d

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.2.diff.gz
      Size/MD5:    13769 09820004bae28d3057000445482ef609
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.2.dsc
      Size/MD5:      873 cf5b5d9869202da1a5aa29dbd57b31ab
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1.orig.tar.gz
      Size/MD5:   617750 7f389463afdb09310fa61e5036714bb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_amd64.deb
      Size/MD5:   365988 53ecdab9240acf9b71e9beb9903ec7fc
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_amd64.deb
      Size/MD5:   214090 b379ee9c5d678cde9e6766df89695dba

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_i386.deb
      Size/MD5:   334468 907b6b0b7f11895b1b32b0886d7a9343
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_i386.deb
      Size/MD5:   205802 dc82a1e573a045e487e77dd8dae5fd65

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1=
-4ubuntu0.2_lpia.deb
      Size/MD5:   341414 516b71217f39e0bc653d2862d1e1db19
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ub=
untu0.2_lpia.deb
      Size/MD5:   209358 3cf0224915a3dd16199aafbb49e96c34

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_powerpc.deb
      Size/MD5:   362620 634e0878891c1e6308950333718c1bd4
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_powerpc.deb
      Size/MD5:   229886 b37e628289bf933f6cd8ecb4e8d6b3ac

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_sparc.deb
      Size/MD5:   338862 57c8a21576417e08d2b9b7c4e5ee8db1
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_sparc.deb
      Size/MD5:   200926 1f96efa5649dd902157fd7e1ea358a7b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.2.diff.gz
      Size/MD5:    56663 fb26ad4224322e4ede71f5d70a62638f
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.2.dsc
      Size/MD5:      843 e80fb6a9f642fd8a5c0d4b82b4a20429
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.=
tar.gz
      Size/MD5:   845017 1f7f497798e06085767d645b0673562a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.2_amd64.deb
      Size/MD5:   344524 d023421c4725c4fadb076510ba28f0cb
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.2_amd64.deb
      Size/MD5:   199838 4a7b97363d6af1862911a576703b760a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.2_i386.deb
      Size/MD5:   309450 b9a5eeb6b5ba08edc7252b25b2df1811
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.2_i386.deb
      Size/MD5:   190318 290fda5b18c7dae98526f38a9b324595

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_lpia.deb
      Size/MD5:   318168 6cfb7d6f677930908a2dfc4567b2ff7f
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_l=
pia.deb
      Size/MD5:   194220 05f1faaa12d4094a2622cfa70dff086e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_powerpc.deb
      Size/MD5:   336314 665ed6ae263c147a59d4f94a199b0395
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_p=
owerpc.deb
      Size/MD5:   211732 d97ee45ecc1b5300b5a8e7e1e9608496

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_sparc.deb
      Size/MD5:   314152 f14550d0965519dcc4d5b1c5bc435e64
    http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_s=
parc.deb
      Size/MD5:   181174 c48d4ebd678032ebfc55d19c72d613b5



--=-v6PMMMesb4pmaU5XvSBr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAklPpaIACgkQLMAs/0C4zNokHgCeOTel2+0KPWYlasO7OjSzIReW
kzAAn3J2oMUI3mc2aUfqY/vr+H9kBUZY
=XpP0
-----END PGP SIGNATURE-----

--=-v6PMMMesb4pmaU5XvSBr--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру