USN-55-1: imlib2 vulnerabilities
Posted on: 01/06/2005 03:55 PM

An imlib2 security update has been released for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-55-1 January 06, 2005
imlib2 vulnerabilities
CAN-2004-1025, CAN-2004-1026
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libimlib2

The problem can be corrected by upgrading the affected package to version 1.1.0-12ubuntu2.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Pavel Kankovsky discovered several buffer overflows in imlib which were fixed in USN-53-1. It was found that imlib2 was vulnerable to similar issues.

If an attacker tricked a user into loading a malicious XPM or BMP image, he could exploit this to execute arbitrary code in the context of the user opening the image.

These vulnerabilities might also lead to privilege escalation if a privileged server process is using this library; for example, a PHP script on the web server which does automatic image processing might use the php-imlib package, in which case a remote attacker could possibly execute arbitrary code with the web server's privileges.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.1.0-12ubuntu2.1.diff.gz
Size/MD5: 519125 3ece0e406b95e41d4c9399b5def6adf4
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.1.0-12ubuntu2.1.dsc
Size/MD5: 707 4ce1ffa67516fe7b9bb5974aebd7cd0a
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.1.0.orig.tar.gz
Size/MD5: 814851 1589ebb054da76734fe08ae570460034

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.1.0-12ubuntu2.1_amd64.deb
Size/MD5: 608490 298b73e1ca6d67fd67a5f1c46f4c2b17
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.1.0-12ubuntu2.1_amd64.deb
Size/MD5: 189040 202f3d45cbdf0051d7a4b4c3a883445e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.1.0-12ubuntu2.1_i386.deb
Size/MD5: 570136 3d49a87c30e254897b759ca45894d95a
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.1.0-12ubuntu2.1_i386.deb
Size/MD5: 176266 56ffca0de995818e951b554f05dc561e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.1.0-12ubuntu2.1_powerpc.deb
Size/MD5: 669892 f8e61e9ef1b7df0d215553ad5ff51def
http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.1.0-12ubuntu2.1_powerpc.deb
Size/MD5: 196958 354f393c057b2188303763dce03c474e


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_55_1_imlib2_vulnerabilities.html)