-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:198 http://www.mandriva.com/security/ _______________________________________________________________________ Package : imlib2 Date : November 6, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 61a92ac496821d914751fe183b099263 2006.0/i586/imlib2-data-1.2.1-1.2.20060mdk.i586.rpm a0a74f3117aa9702068aae1c6e1f0215 2006.0/i586/libimlib2_1-1.2.1-1.2.20060mdk.i586.rpm 971783221a16e7afbd9b6142aab4de35 2006.0/i586/libimlib2_1-devel-1.2.1-1.2.20060mdk.i586.rpm 41b4415dfb63f51b6f5f980ef58f685f 2006.0/i586/libimlib2_1-filters-1.2.1-1.2.20060mdk.i586.rpm 69ad32ff42eeef614c23bb419a0eaf3e 2006.0/i586/libimlib2_1-loaders-1.2.1-1.2.20060mdk.i586.rpm 1188a1e19ae5d8563ae2a325d3ea987f 2006.0/SRPMS/imlib2-1.2.1-1.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 5a4980871ffe61c3882c41533c13b97a 2006.0/x86_64/imlib2-data-1.2.1-1.2.20060mdk.x86_64.rpm c4531cab09bd2e5d6653df5969f7981c 2006.0/x86_64/lib64imlib2_1-1.2.1-1.2.20060mdk.x86_64.rpm d7531e7c9c3620fa35b05d5415a9676b 2006.0/x86_64/lib64imlib2_1-devel-1.2.1-1.2.20060mdk.x86_64.rpm ff216ddb7de205c49faf18b9e435821c 2006.0/x86_64/lib64imlib2_1-filters-1.2.1-1.2.20060mdk.x86_64.rpm e669ec08c9fce8a583e28f29b28d9e66 2006.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.2.20060mdk.x86_64.rpm 1188a1e19ae5d8563ae2a325d3ea987f 2006.0/SRPMS/imlib2-1.2.1-1.2.20060mdk.src.rpm Mandriva Linux 2007.0: adf7ed6fccaddac90171085ece7daf20 2007.0/i586/imlib2-data-1.2.2-3.1mdv2007.0.i586.rpm b03291bafed20868ba340925ff9ecef2 2007.0/i586/libimlib2_1-1.2.2-3.1mdv2007.0.i586.rpm 4cfd43e98f2866b5d57750f4f6c45663 2007.0/i586/libimlib2_1-devel-1.2.2-3.1mdv2007.0.i586.rpm 99231eaa46f95b43fbef8be44ee36193 2007.0/i586/libimlib2_1-filters-1.2.2-3.1mdv2007.0.i586.rpm 5ff7de44c82d49ebf5be654bf0effe50 2007.0/i586/libimlib2_1-loaders-1.2.2-3.1mdv2007.0.i586.rpm 99ad9ff6aaddce3d73bc8a47d2bb73ea 2007.0/SRPMS/imlib2-1.2.2-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 604bf6917fd4413a204695fb65c15110 2007.0/x86_64/imlib2-data-1.2.2-3.1mdv2007.0.x86_64.rpm b3f8bb8fc561b4d0d48fb6b7640a3b84 2007.0/x86_64/lib64imlib2_1-1.2.2-3.1mdv2007.0.x86_64.rpm af12fa122091d2ccdafdd21416df3309 2007.0/x86_64/lib64imlib2_1-devel-1.2.2-3.1mdv2007.0.x86_64.rpm 85e4911818f812c2ddc99d3cf62f3df0 2007.0/x86_64/lib64imlib2_1-filters-1.2.2-3.1mdv2007.0.x86_64.rpm 0ed6d6cfe90315ca12405027f8031958 2007.0/x86_64/lib64imlib2_1-loaders-1.2.2-3.1mdv2007.0.x86_64.rpm 99ad9ff6aaddce3d73bc8a47d2bb73ea 2007.0/SRPMS/imlib2-1.2.2-3.1mdv2007.0.src.rpm Corporate 3.0: 610276f332b6ce30ea2ada19b80bdb1f corporate/3.0/i586/libimlib2_1-1.0.6-4.3.C30mdk.i586.rpm ce31f301a4cec25ba6a86732d6600805 corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.3.C30mdk.i586.rpm f178557deeda2fa53f08481985aeee99 corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.3.C30mdk.i586.rpm b9165cc9a103e80e13cd4835c5874a54 corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.3.C30mdk.i586.rpm 4b5f84a49162012ca7cee030566c0461 corporate/3.0/SRPMS/imlib2-1.0.6-4.3.C30mdk.src.rpm Corporate 3.0/X86_64: a37ad5a95f5a3519e2f3090b71f9de99 corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.3.C30mdk.x86_64.rpm 148ab2ef27ed87405a29b0a394827887 corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.3.C30mdk.x86_64.rpm ef6ffbe6ea2ec16d714a6a4261e9bce6 corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.3.C30mdk.x86_64.rpm 9a7d3ee335ba971731ef1230927fad88 corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.3.C30mdk.x86_64.rpm 4b5f84a49162012ca7cee030566c0461 corporate/3.0/SRPMS/imlib2-1.0.6-4.3.C30mdk.src.rpm Corporate 4.0: dd7675dc08d6ed462d9f9fee4450815e corporate/4.0/i586/imlib2-data-1.2.1-1.2.20060mlcs4.i586.rpm 8285e3db5134485c0cfacbcebfa21389 corporate/4.0/i586/libimlib2_1-1.2.1-1.2.20060mlcs4.i586.rpm 2baef0ec63ad09924239a67e9d5baf35 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.2.20060mlcs4.i586.rpm a30ffb7bcdaba5cec2d7cd1723c71a1a corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.2.20060mlcs4.i586.rpm b4ec86646ebf5aa73311ad7aeb2117c2 corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.2.20060mlcs4.i586.rpm f324a900203b4ba24b4e098f2cd15f69 corporate/4.0/SRPMS/imlib2-1.2.1-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: a7f9c11f9cf129e153877dd7a9456b3e corporate/4.0/x86_64/imlib2-data-1.2.1-1.2.20060mlcs4.x86_64.rpm aa3126674dc6a3570de937e94bc51943 corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.2.20060mlcs4.x86_64.rpm 187f51f0f84ba40258da7646992a38df corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.2.20060mlcs4.x86_64.rpm 7e8303c8b70fcc89e1c88e5d3fb61233 corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.2.20060mlcs4.x86_64.rpm c888c645504811b52b240d473ad4e23f corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.2.20060mlcs4.x86_64.rpm f324a900203b4ba24b4e098f2cd15f69 corporate/4.0/SRPMS/imlib2-1.2.1-1.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFT8UQmqjQ0CJFipgRAj8YAJ4zYoGmi8C8O1p7BBodV15DZENY1wCg3fC5 MQoP0SzIZIBRYkDM41xyPEs= =qOQe -----END PGP SIGNATURE-----
