--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152923 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152923 2006-03-28 --------------------------------------------------------------------- Name : xloadimage Versions : rh73: xloadimage-4.1-21.2.legacy Versions : rh9: xloadimage-4.1-27.2.legacy Versions : fc1: xloadimage-4.1-29.2.legacy Versions : fc2: xloadimage-4.1-34.FC2.2.legacy Summary : An X Window System based image viewer. Description : The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). --------------------------------------------------------------------- Update Information: A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available. The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). A flaw was discovered in xloadimage where filenames were not properly quoted when calling the gunzip command. An attacker could create a file with a carefully crafted filename so that it would execute arbitrary commands if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0638 to this issue. A flaw was discovered in xloadimage via which an attacker can construct a NIFF image with a very long embedded image title. This image can cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-3178 to this issue. All users of xloadimage should upgrade to this erratum package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1-21.2.legacy - Added missing XFree86-devel BuildPrereq * Thu Mar 16 2006 Donald Maner <donjr@xxxxxxxxx> 4.1-21.1.legacy - Patches for CVE-2005-0638 and CVE-2005-3178 (#152923) rh9: * Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1-27.2.legacy - Added missing XFree86-devel to BuildPrereq * Thu Mar 16 2006 Donald Maner <donjr@xxxxxxxxx> 4.1-27.1.legacy - Patches for CVE-2005-0638 and CVE-2005-3178 (#152923) fc1: * Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx]> 4.1-29.2.legacy - Added missing XFree86-devel to BuildPrereq * Thu Mar 16 2006 Donald Maner <donjr@xxxxxxxxx> 4.1-29.1.legacy - Patches for CVE-2005-0638 and CVE-2005-3178 (#152923) fc2: * Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1-34.FC2.2.legacy - Added missing libjpeg-devel to BuildPrereq - Fix release tag * Fri Mar 17 2006 Donald Maner <donjr@xxxxxxxxx> 4.1-34.1.legacy - Patch for CVE-2005-3178 (#152923) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 88326ff1a0753287240180322b36f8174686e0cc redhat/7.3/updates-testing/i386/xloadimage-4.1-21.2.legacy.i386.rpm 663b64ed039000824bacd3475e807c29c835f388 redhat/7.3/updates-testing/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm rh9: 7fef8d73737dfacb3d56f203bf31f3c8e2014925 redhat/9/updates-testing/i386/xloadimage-4.1-27.2.legacy.i386.rpm 2b4223a41ab2127ee3b173e0803635f3c441bb4f redhat/9/updates-testing/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm fc1: c24c7a2ae4d703b00a3f84623cae24775674d5d7 fedora/1/updates-testing/i386/xloadimage-4.1-29.2.legacy.i386.rpm ec2c5a9b5049aeca3cd4d12e7b84c650fec1c295 fedora/1/updates-testing/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm fc2: 2910727dcd74a462a2f137746592e53ba5fcdfac fedora/2/updates-testing/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm 924f5e4ffc9ff7190dc1808def838e57377f5fd6 fedora/2/updates-testing/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
