- Issued:
- 2004-12-23
- Updated:
- 2004-12-23
RHSA-2004:651 - Security Advisory
Synopsis
imlib security update
Type/Severity
Security Advisory: Moderate
Topic
Updated imlib packages that fix several integer and buffer overflows are
now available.
[Updated Dec 22, 2004]
Added multilib packages to the Itanium, PPC, AMD64/Intel EM64T, and IBM
eServer zSeries architectures for Red Hat Enterprise Linux version 3.
Description
The imlib packages contain an image loading and rendering library.
Pavel Kankovsky discovered several heap overflow flaws that were found in
the imlib image handler. An attacker could create a carefully crafted image
file in such a way that it could cause an application linked with imlib to
execute arbitrary code when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1025 to this issue.
Additionally, Pavel discovered several integer overflow flaws that were
found in the imlib image handler. An attacker could create a carefully
crafted image file in such a way that it could cause an application linked
with imlib to execute arbitrary code or crash when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1026 to this issue.
Users of imlib should update to these updated packages, which contain
backported patches and are not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 138516 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.