[Full-disclosure] [ MDKSA-2006:198-1 ] - Updated imlib2 packages fix several vulnerabilities




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:198-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : imlib2
Date : November 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2
graphics library.

The load() function of several of the Imlib2 image loaders does not
check the width and height of an image before allocating memory. As a
result, a carefully crafted image file can trigger a segfault when an
application using Imlib2 attempts to view the image. (CVE-2006-4806)

The tga loader fails to bounds check input data to make sure the input
data doesn't load outside the memory mapped region. (CVE-2006-4807)

The RLE decoding loops of the load() function in the tga loader does
not check that the count byte of an RLE packet doesn't cause a heap
overflow of the pixel buffer. (CVE-2006-4808)

The load() function of the pnm loader writes arbitrary length user data
into a fixed size stack allocated buffer buf[] without bounds checking.
(CVE-2006-4809) Updated packages have been patched to correct these
issues.

Update:

An error in the preivous patchset may affect JPEG image handling for
certain valid images. This new update corrects this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
4cd544b96a2bcaed32012a3636628b32 2006.0/i586/imlib2-data-1.2.1-1.3.20060mdk.i586.rpm
da17344a1e28fdfd4be087e9ec092a0c 2006.0/i586/libimlib2_1-1.2.1-1.3.20060mdk.i586.rpm
f15225db7b1b03b814d263a42a304aad 2006.0/i586/libimlib2_1-devel-1.2.1-1.3.20060mdk.i586.rpm
fa7f076f50636badeee3bfb7965675ab 2006.0/i586/libimlib2_1-filters-1.2.1-1.3.20060mdk.i586.rpm
c0d54a209a44785ae720c5a4426dbd64 2006.0/i586/libimlib2_1-loaders-1.2.1-1.3.20060mdk.i586.rpm
6ebb0fd9da5156686618d43f2188c8ef 2006.0/SRPMS/imlib2-1.2.1-1.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
1be1988c5aea7a22770c5d39675a321b 2006.0/x86_64/imlib2-data-1.2.1-1.3.20060mdk.x86_64.rpm
fb2293ecdf47bda1e4d1ce67c9539442 2006.0/x86_64/lib64imlib2_1-1.2.1-1.3.20060mdk.x86_64.rpm
4d8beff4cb21b5e6003c46774ce04cd3 2006.0/x86_64/lib64imlib2_1-devel-1.2.1-1.3.20060mdk.x86_64.rpm
95ec706c26a480effa71ee7458f0523a 2006.0/x86_64/lib64imlib2_1-filters-1.2.1-1.3.20060mdk.x86_64.rpm
4f412783aef1934e0e8f7b2523b67b19 2006.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.3.20060mdk.x86_64.rpm
6ebb0fd9da5156686618d43f2188c8ef 2006.0/SRPMS/imlib2-1.2.1-1.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
e5e136bb1d119892a4a2a4c87e9b3903 2007.0/i586/imlib2-data-1.2.2-3.2mdv2007.0.i586.rpm
f0c1a6296bc04c896a37a432b9d2ee31 2007.0/i586/libimlib2_1-1.2.2-3.2mdv2007.0.i586.rpm
edb6a88f3e8a9a268ebc2395919f2b78 2007.0/i586/libimlib2_1-devel-1.2.2-3.2mdv2007.0.i586.rpm
676be1d6f7d78da826dea6be8535c11e 2007.0/i586/libimlib2_1-filters-1.2.2-3.2mdv2007.0.i586.rpm
0a9bb4cd967f3286c90c65bd20c35e8a 2007.0/i586/libimlib2_1-loaders-1.2.2-3.2mdv2007.0.i586.rpm
ce6b02c1d58cc7a6c7be69c0a84fba82 2007.0/SRPMS/imlib2-1.2.2-3.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
26e871cf8a946029fdc8a87d8d8fc16d 2007.0/x86_64/imlib2-data-1.2.2-3.2mdv2007.0.x86_64.rpm
6bde1a406b60edb87c1b57adbd04b36e 2007.0/x86_64/lib64imlib2_1-1.2.2-3.2mdv2007.0.x86_64.rpm
c032f45d676b806b57d7b7496b7ba41c 2007.0/x86_64/lib64imlib2_1-devel-1.2.2-3.2mdv2007.0.x86_64.rpm
e485af5e82b804ffec13ef705a02c2e8 2007.0/x86_64/lib64imlib2_1-filters-1.2.2-3.2mdv2007.0.x86_64.rpm
4a143c2997b57f00a27bc6c7ecce1e06 2007.0/x86_64/lib64imlib2_1-loaders-1.2.2-3.2mdv2007.0.x86_64.rpm
ce6b02c1d58cc7a6c7be69c0a84fba82 2007.0/SRPMS/imlib2-1.2.2-3.2mdv2007.0.src.rpm

Corporate 3.0:
ef3cd741c034592c271bfffa31b5fd89 corporate/3.0/i586/libimlib2_1-1.0.6-4.4.C30mdk.i586.rpm
c808de39609104891a3302b587b2898f corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.4.C30mdk.i586.rpm
2cc5b0560275b6917d90fe8f014b466d corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.4.C30mdk.i586.rpm
01b3b38db8e92c34167c2fa6ffe647bc corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.4.C30mdk.i586.rpm
a14e20f0fae8209d5d82d1fb3e28a82d corporate/3.0/SRPMS/imlib2-1.0.6-4.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
a3a3ddac9e0364367134c2981007c96b corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.4.C30mdk.x86_64.rpm
511b57c0bfd6e4e8fcfd1a4f64ce28d4 corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.4.C30mdk.x86_64.rpm
1393decfcd932de1e65123d5e76395fb corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.4.C30mdk.x86_64.rpm
b9e803f9ad9c34c1d25e48c9bbf06120 corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.4.C30mdk.x86_64.rpm
a14e20f0fae8209d5d82d1fb3e28a82d corporate/3.0/SRPMS/imlib2-1.0.6-4.4.C30mdk.src.rpm

Corporate 4.0:
855099dbe15e10e0a9717921a1627976 corporate/4.0/i586/imlib2-data-1.2.1-1.3.20060mlcs4.i586.rpm
e53b851d8cd7d68193f566c30e71c329 corporate/4.0/i586/libimlib2_1-1.2.1-1.3.20060mlcs4.i586.rpm
f04d6e820a44f73d97982ff0c191dd74 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.3.20060mlcs4.i586.rpm
b978c2cad3d02cd65bdc564992071557 corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.3.20060mlcs4.i586.rpm
b1eb762b86e4fad4290da6d5ee4573aa corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.3.20060mlcs4.i586.rpm
7703412328a1508cec0a61661f373c1b corporate/4.0/SRPMS/imlib2-1.2.1-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
ccec9056b57574dd17bb56b4b1423567 corporate/4.0/x86_64/imlib2-data-1.2.1-1.3.20060mlcs4.x86_64.rpm
884dad892370cdbd3e693cbb0ee6cb2d corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.3.20060mlcs4.x86_64.rpm
6832b40e2e31f6244caff8818ee3d91c corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.3.20060mlcs4.x86_64.rpm
1bce9e9f26e43af8625e83cb15792747 corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.3.20060mlcs4.x86_64.rpm
57bf86f98c4595cd269723559de2bb9e corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.3.20060mlcs4.x86_64.rpm
7703412328a1508cec0a61661f373c1b corporate/4.0/SRPMS/imlib2-1.2.1-1.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFUR6bmqjQ0CJFipgRAtp7AKDF4s3BY9qiPof2ePjFMwheJFCdsgCghARe
V0zoNe+7aaMEQfcN0WFLJ8g=
=1wJ4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/