---

Red Hat Security Advisory: imlib

From:    bugzilla@redhat.com
To:      redhat-watch-list@redhat.com
Subject: [RHSA-2002:048-06] New imlib packages available
Date:    Thu, 21 Mar 2002 12:10 -0500
Cc:      bugtraq@securityfocus.com, linux-security@redhat.com
---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory
Synopsis:          New imlib packages available
Advisory ID:       RHSA-2002:048-06
Issue date:        2002-03-15
Updated on:        2002-03-20
Product:           Red Hat Linux
Keywords:
Cross references:
Obsoletes:
---------------------------------------------------------------------
1. Topic:
Updated imlib packages are now available for Red Hat Linux 6.2, 7,
7.1 and 7.2 which fix potential problems loading untrusted images.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
3. Problem description:
Imlib versions prior to 1.9.13 would fall back to loading images
via the NetPBM package, which has various problems that make it
unsuitable for loading untrusted images. Imlib 1.9.13 also fixes
various problems in arguments passed to malloc().
These problems may allow attackers to construct images that,
when loaded by a viewer using Imlib, could cause crashes
or potentially the execution of arbitrary code.
Users are advised to upgrade to these errata packages, which
contain Imlib 1.9.13.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

6. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm

7. Verification:
MD5 sum                          Package Name
--------------------------------------------------------------------------
efe695fabc3235bc670bcae2ff38ee42 6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm
cd01f87566c98260043b5fda79ddc4a4 6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm
eb28bb74564799623b11418dc51fd616 6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm
092595ba0005f2f137e7645721f025d7 6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm
245645da1a6daab087dd5fa775dee2ac 6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm
54c9b2fa7dcfffc12efd84666052199b 6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm
b7fa1ae3e21a6870af79e5a7e5779426 6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm
37eb260b5a312fb61a1d7dc87b4dea5a 6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm
124cdb66bafb214992a0a17d5107c75f 6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm
7a68b5538945339ee0c2bb62edc08921 6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm
aa53c4ac8deff3f7f781dbdf0fa2209a 7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
68d11fd7e040e262ce82076ee5ae8cb1 7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
cb81069570184a01df51b095943993a5 7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
7262f770aea7c5bb8f50c32db2daed0b 7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
d3b37c36f62c5ce8daf53aa8a022da43 7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
0cb58fd46203b0cdbbb7cf1ecad8b630 7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
68262805bb14a4ab8541506ff5f0713a 7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
aa53c4ac8deff3f7f781dbdf0fa2209a 7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
68d11fd7e040e262ce82076ee5ae8cb1 7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
cb81069570184a01df51b095943993a5 7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
7262f770aea7c5bb8f50c32db2daed0b 7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
d3b37c36f62c5ce8daf53aa8a022da43 7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
0cb58fd46203b0cdbbb7cf1ecad8b630 7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
68262805bb14a4ab8541506ff5f0713a 7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
52c8bba3537de68a88353dbd940899ac 7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
dd022957a50802cfc1901a666a6c0198 7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
7971135340ab7fcd8ec2daa02c2ae6b7 7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
aa53c4ac8deff3f7f781dbdf0fa2209a 7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
d3b37c36f62c5ce8daf53aa8a022da43 7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
0cb58fd46203b0cdbbb7cf1ecad8b630 7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
68262805bb14a4ab8541506ff5f0713a 7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
52c8bba3537de68a88353dbd940899ac 7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
dd022957a50802cfc1901a666a6c0198 7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
7971135340ab7fcd8ec2daa02c2ae6b7 7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
    rpm --checksig  
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 
8. References:


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis