Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in imlib2
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in imlib2
ID: MDVSA-2009:019
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Mo, 19. Januar 2009, 20:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
Applikationen: Imlib2

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1232392815-14940-7632


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:019
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : imlib2
 Date    : January 19, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered in the load function of the XPM
 loader for imlib2, which allows attackers to cause a denial of service
 (crash) and possibly execute arbitrary code via a crafted XPM file
 (CVE-2008-5187).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 3975f58ff8fce94aa40bf8d8cf0a255f 
 2008.0/i586/imlib2-data-1.4.0.003-2.2mdv2008.0.i586.rpm
 d829550f7cf95c3a397005456c3143ff 
 2008.0/i586/libimlib2_1-1.4.0.003-2.2mdv2008.0.i586.rpm
 d133e0d8f3edd471385b767cb11c8c5e 
 2008.0/i586/libimlib2_1-filters-1.4.0.003-2.2mdv2008.0.i586.rpm
 2b04aea43e28db2df9a7ec867d2e3492 
 2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.2mdv2008.0.i586.rpm
 d3a2ef874cc00f10d0760533c339875f 
 2008.0/i586/libimlib2-devel-1.4.0.003-2.2mdv2008.0.i586.rpm 
 771b35d79d7e5edbae2510dce1abdca4 
 2008.0/SRPMS/imlib2-1.4.0.003-2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 1520726d812731296ade0e29fd06eb34 
 2008.0/x86_64/imlib2-data-1.4.0.003-2.2mdv2008.0.x86_64.rpm
 3d65b4a7c77b2299296773515ecb0c49 
 2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.2mdv2008.0.x86_64.rpm
 a1a6a4a7698e7f1ed6fbe3ff9408d51c 
 2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.2mdv2008.0.x86_64.rpm
 a0962c67b52936197fd40b77d14066fb 
 2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.2mdv2008.0.x86_64.rpm
 e3cbfabfabc5a70c3977e3a6fabd66f5 
 2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.2mdv2008.0.x86_64.rpm 
 771b35d79d7e5edbae2510dce1abdca4 
 2008.0/SRPMS/imlib2-1.4.0.003-2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 735082b709add31d1e373396438faad7 
 2008.1/i586/imlib2-data-1.4.0.003-4.2mdv2008.1.i586.rpm
 7b3aa4d9ce0642adc563f147576ce91b 
 2008.1/i586/libimlib2_1-1.4.0.003-4.2mdv2008.1.i586.rpm
 590d952cf20928993426f0fe49fd05fa 
 2008.1/i586/libimlib2_1-filters-1.4.0.003-4.2mdv2008.1.i586.rpm
 44cca9af3070737357fbcba84173f687 
 2008.1/i586/libimlib2_1-loaders-1.4.0.003-4.2mdv2008.1.i586.rpm
 d055c99f84d6fb6ee322760ef10c67a3 
 2008.1/i586/libimlib2-devel-1.4.0.003-4.2mdv2008.1.i586.rpm 
 c4b1911fe8310383a4fbf13482c8d056 
 2008.1/SRPMS/imlib2-1.4.0.003-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 2177df77cb0d8bf2128015573f20085f 
 2008.1/x86_64/imlib2-data-1.4.0.003-4.2mdv2008.1.x86_64.rpm
 2143a1a1d5877324d9009f3e3b7151be 
 2008.1/x86_64/lib64imlib2_1-1.4.0.003-4.2mdv2008.1.x86_64.rpm
 2ba331e1050b5aa4809efcffa3255d86 
 2008.1/x86_64/lib64imlib2_1-filters-1.4.0.003-4.2mdv2008.1.x86_64.rpm
 484fdcf438cb76fb6d861233b3a42566 
 2008.1/x86_64/lib64imlib2_1-loaders-1.4.0.003-4.2mdv2008.1.x86_64.rpm
 272d107bcb919ea9d4819a544b5409b7 
 2008.1/x86_64/lib64imlib2-devel-1.4.0.003-4.2mdv2008.1.x86_64.rpm 
 c4b1911fe8310383a4fbf13482c8d056 
 2008.1/SRPMS/imlib2-1.4.0.003-4.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 c79464c67a5c42353c0d4953f9868d0f 
 2009.0/i586/imlib2-data-1.4.1.000-3.1mdv2009.0.i586.rpm
 ade93e05cf19971d81658330c7b9aebb 
 2009.0/i586/libimlib2_1-1.4.1.000-3.1mdv2009.0.i586.rpm
 ce3040c09dc96e1b991dd40afceab8a1 
 2009.0/i586/libimlib2_1-filters-1.4.1.000-3.1mdv2009.0.i586.rpm
 1a52924a9e417ccda81b73c9c674445b 
 2009.0/i586/libimlib2_1-loaders-1.4.1.000-3.1mdv2009.0.i586.rpm
 451c0284cf1721989e0f2b20baec9fb2 
 2009.0/i586/libimlib2-devel-1.4.1.000-3.1mdv2009.0.i586.rpm 
 341549290c474349cf56d39cac61afd0 
 2009.0/SRPMS/imlib2-1.4.1.000-3.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0792cb35837ed4270c156a0b312690b3 
 2009.0/x86_64/imlib2-data-1.4.1.000-3.1mdv2009.0.x86_64.rpm
 acf486851d1d62dc25bae7e9927c1de9 
 2009.0/x86_64/lib64imlib2_1-1.4.1.000-3.1mdv2009.0.x86_64.rpm
 abf26cf4a822299b65ba85f087d11ec4 
 2009.0/x86_64/lib64imlib2_1-filters-1.4.1.000-3.1mdv2009.0.x86_64.rpm
 696e610fcef13d4e24a95ff40bc025ad 
 2009.0/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.1mdv2009.0.x86_64.rpm
 db3e27035eed5db7e69f4a4a63e5d2b1 
 2009.0/x86_64/lib64imlib2-devel-1.4.1.000-3.1mdv2009.0.x86_64.rpm 
 341549290c474349cf56d39cac61afd0 
 2009.0/SRPMS/imlib2-1.4.1.000-3.1mdv2009.0.src.rpm

 Corporate 3.0:
 eafa20c6b5234a9ba290b6a198d76436 
 corporate/3.0/i586/libimlib2_1-1.0.6-4.6.C30mdk.i586.rpm
 2c215fd34d61d7e75e54bc1526a8e3f8 
 corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.6.C30mdk.i586.rpm
 69c8d2c3785c03b241efdc0cb2544d77 
 corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.6.C30mdk.i586.rpm
 aefe0c2b637e08a862c311fe850911f0 
 corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.6.C30mdk.i586.rpm 
 821d40adec7cdc46b7a2b01bcb63dff7 
 corporate/3.0/SRPMS/imlib2-1.0.6-4.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 88a6915df6aa9435de4875c41aef22d5 
 corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.6.C30mdk.x86_64.rpm
 c6f625747f251b8bbf047e1a6899f3be 
 corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.6.C30mdk.x86_64.rpm
 dc7284d898e3c8b5ec918bce395a1768 
 corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.6.C30mdk.x86_64.rpm
 ba0fff3e075019d1736d7e847042bab9 
 corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.6.C30mdk.x86_64.rpm 
 821d40adec7cdc46b7a2b01bcb63dff7 
 corporate/3.0/SRPMS/imlib2-1.0.6-4.6.C30mdk.src.rpm

 Corporate 4.0:
 f8b5c648132e443708fffd827990f2ca 
 corporate/4.0/i586/imlib2-data-1.2.1-1.5.20060mlcs4.i586.rpm
 2464f12d3f39c5b5e4ff40d49abe62ab 
 corporate/4.0/i586/libimlib2_1-1.2.1-1.5.20060mlcs4.i586.rpm
 e90a39ce4023d37b6a9998a896faa5bb 
 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.5.20060mlcs4.i586.rpm
 771fdaae35e2a65e873e6ac348ab596a 
 corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.5.20060mlcs4.i586.rpm
 6af3421b931428b99650d92607231cc4 
 corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.5.20060mlcs4.i586.rpm 
 0f59519e49dfe6f0d639fbddf1930727 
 corporate/4.0/SRPMS/imlib2-1.2.1-1.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3f59425f7e24fb943b71b71f9363fcc3 
 corporate/4.0/x86_64/imlib2-data-1.2.1-1.5.20060mlcs4.x86_64.rpm
 3625a61358183508df2267eaa21bf0e6 
 corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.5.20060mlcs4.x86_64.rpm
 f558cc3c676b8c5bd99d867ae804751a 
 corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.5.20060mlcs4.x86_64.rpm
 97e91aa3e494e58cd9ae4acf95f6c122 
 corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.5.20060mlcs4.x86_64.rpm
 40c612551957db32916f100f2eff89c7 
 corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.5.20060mlcs4.x86_64.rpm 
 0f59519e49dfe6f0d639fbddf1930727 
 corporate/4.0/SRPMS/imlib2-1.2.1-1.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJdKVrmqjQ0CJFipgRAvD6AJ4mGmCOz96/YgTUgWHxHWah2PNUnQCeP7m9
zwuIMDfm/1ry4kmZimzG3vk=
=Mz2f
-----END PGP SIGNATURE-----


------------=_1232392815-14940-7632
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1232392815-14940-7632--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung