[USN-697-1] Imlib2 vulnerability
Subject: [USN-697-1] Imlib2 vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -13.6
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.167
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-v6PMMMesb4pmaU5XvSBr"
Date: Mon, 22 Dec 2008 09:35:17 -0500
Message-Id: <1229956517.23276.7.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-v6PMMMesb4pmaU5XvSBr
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-697-1 December 22, 2008
imlib2 vulnerability
CVE-2008-2426
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libimlib2 1.2.1-2ubuntu0.4
Ubuntu 7.10:
libimlib2 1.3.0.0debian1-4ubuntu0.2
Ubuntu 8.04 LTS:
libimlib2 1.4.0-1ubuntu1.2
After a standard system upgrade you need to restart any applications that
use Imlib2 to effect the necessary changes.
Details follow:
It was discovered that Imlib2 did not correctly handle certain malformed XP=
M
and PNG images. If a user were tricked into opening a specially crafted ima=
ge
with an application that uses Imlib2, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.4.diff.gz
Size/MD5: 112004 40358c580aa8df51d351dd6e7f5a16c8
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubun=
tu0.4.dsc
Size/MD5: 753 5420a8a79b55140d8e24db8f2de00dd6
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.=
tar.gz
Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_amd64.deb
Size/MD5: 352146 b50aee75d96a48b69302db0b41ae17ad
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_amd64.deb
Size/MD5: 214740 b699d7ceafc603c4da9c42325732e076
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_i386.deb
Size/MD5: 302668 ebf21b1c1a22e4802a18c82f59de28e8
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_i386.deb
Size/MD5: 193408 34bfcc6c8dc0986f44e06ec5d7410665
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_powerpc.deb
Size/MD5: 342046 295d87aa13c311a74cd344c0f073af6d
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_powerpc.deb
Size/MD5: 212958 93c174a40fc7d88d48a70f5fdb09a3f5
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.=
1-2ubuntu0.4_sparc.deb
Size/MD5: 318588 e21dc5553e88054dfd9010cc898181f9
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2u=
buntu0.4_sparc.deb
Size/MD5: 194098 fbe1c22aad50c8258c140c67dd85894d
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.2.diff.gz
Size/MD5: 13769 09820004bae28d3057000445482ef609
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1-4ubuntu0.2.dsc
Size/MD5: 873 cf5b5d9869202da1a5aa29dbd57b31ab
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debi=
an1.orig.tar.gz
Size/MD5: 617750 7f389463afdb09310fa61e5036714bb3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_amd64.deb
Size/MD5: 365988 53ecdab9240acf9b71e9beb9903ec7fc
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_amd64.deb
Size/MD5: 214090 b379ee9c5d678cde9e6766df89695dba
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_i386.deb
Size/MD5: 334468 907b6b0b7f11895b1b32b0886d7a9343
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_i386.deb
Size/MD5: 205802 dc82a1e573a045e487e77dd8dae5fd65
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1=
-4ubuntu0.2_lpia.deb
Size/MD5: 341414 516b71217f39e0bc653d2862d1e1db19
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ub=
untu0.2_lpia.deb
Size/MD5: 209358 3cf0224915a3dd16199aafbb49e96c34
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_powerpc.deb
Size/MD5: 362620 634e0878891c1e6308950333718c1bd4
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_powerpc.deb
Size/MD5: 229886 b37e628289bf933f6cd8ecb4e8d6b3ac
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.=
0.0debian1-4ubuntu0.2_sparc.deb
Size/MD5: 338862 57c8a21576417e08d2b9b7c4e5ee8db1
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0d=
ebian1-4ubuntu0.2_sparc.deb
Size/MD5: 200926 1f96efa5649dd902157fd7e1ea358a7b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.2.diff.gz
Size/MD5: 56663 fb26ad4224322e4ede71f5d70a62638f
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0-1ubun=
tu1.2.dsc
Size/MD5: 843 e80fb6a9f642fd8a5c0d4b82b4a20429
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.4.0.orig.=
tar.gz
Size/MD5: 845017 1f7f497798e06085767d645b0673562a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.2_amd64.deb
Size/MD5: 344524 d023421c4725c4fadb076510ba28f0cb
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.2_amd64.deb
Size/MD5: 199838 4a7b97363d6af1862911a576703b760a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.4.=
0-1ubuntu1.2_i386.deb
Size/MD5: 309450 b9a5eeb6b5ba08edc7252b25b2df1811
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.4.0-1u=
buntu1.2_i386.deb
Size/MD5: 190318 290fda5b18c7dae98526f38a9b324595
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_lpia.deb
Size/MD5: 318168 6cfb7d6f677930908a2dfc4567b2ff7f
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_l=
pia.deb
Size/MD5: 194220 05f1faaa12d4094a2622cfa70dff086e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_powerpc.deb
Size/MD5: 336314 665ed6ae263c147a59d4f94a199b0395
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_p=
owerpc.deb
Size/MD5: 211732 d97ee45ecc1b5300b5a8e7e1e9608496
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.4.0-1ubuntu1=
.2_sparc.deb
Size/MD5: 314152 f14550d0965519dcc4d5b1c5bc435e64
http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.4.0-1ubuntu1.2_s=
parc.deb
Size/MD5: 181174 c48d4ebd678032ebfc55d19c72d613b5
--=-v6PMMMesb4pmaU5XvSBr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAklPpaIACgkQLMAs/0C4zNokHgCeOTel2+0KPWYlasO7OjSzIReW
kzAAn3J2oMUI3mc2aUfqY/vr+H9kBUZY
=XpP0
-----END PGP SIGNATURE-----
--=-v6PMMMesb4pmaU5XvSBr--