-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: imlib
Advisory ID: MDKSA-2002:028
Date: April 25th, 2002
Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1
________________________________________________________________________
Problem Description:
Previous versions of imlib, prior to 1.9.13, would fall back to the
NetPBM library which is not suitable for loading untrusted images due
to various problem in it's code. The new imlib also fixes some
problems with arguments passed to malloc(). These problems could allow
attackers to construct images that could cause crashes or, potentially,
the execution of arbitrary code when said images are loaded by a viewer
that uses imlib.
Thanks to Alan Cox and Al Viro for discovering the problems.
________________________________________________________________________
References:
http://online.securityfocus.com/bid/4336
http://online.securityfocus.com/bid/4339
________________________________________________________________________
Updated Packages:
Linux-Mandrake 7.1:
fe82fcada2f3d71a562b0551594192ac 7.1/RPMS/imlib-1.9.13-2.5mdk.i586.rpm
a4aa27f231f94ea586c71f538af32f04 7.1/RPMS/imlib-cfgeditor-1.9.13-2.5mdk.i586.rpm
f195bf7954cd7efe2617fba434a8ed93 7.1/RPMS/imlib-devel-1.9.13-2.5mdk.i586.rpm
b052c14ed00cc28096a92f9070d3e096 7.1/SRPMS/imlib-1.9.13-2.5mdk.src.rpm
Linux-Mandrake 7.2:
4e7046816f14ea82116bbc1afb9b59e2 7.2/RPMS/imlib-1.9.13-2.4mdk.i586.rpm
376d6333b6ec112499240c8d0f13fb36 7.2/RPMS/imlib-cfgeditor-1.9.13-2.4mdk.i586.rpm
3535da52444176f3cb3f1ef42bce8d72 7.2/RPMS/imlib-devel-1.9.13-2.4mdk.i586.rpm
858f5bd0f2612c370b89aa35b22845f0 7.2/SRPMS/imlib-1.9.13-2.4mdk.src.rpm
Mandrake Linux 8.0:
6214439510523b121714230529ddcc99 8.0/RPMS/imlib-1.9.13-2.3mdk.i586.rpm
4435d0efbcf6f7284b865c11c2a085f0 8.0/RPMS/imlib-cfgeditor-1.9.13-2.3mdk.i586.rpm
c62d8f27629120f6ee63890fb50382f9 8.0/RPMS/libimlib1-1.9.13-2.3mdk.i586.rpm
1de239cf58fa591b2fbf41464162b911 8.0/RPMS/libimlib1-devel-1.9.13-2.3mdk.i586.rpm
f3f793d3bd22fe535ec42bae82d005f3 8.0/SRPMS/imlib-1.9.13-2.3mdk.src.rpm
Mandrake Linux 8.0/ppc:
bdd699794efd03798ade44013e7dd81a ppc/8.0/RPMS/imlib-1.9.13-2.3mdk.ppc.rpm
4244d7f2f5c5d201a8f2528fad06e19f ppc/8.0/RPMS/imlib-cfgeditor-1.9.13-2.3mdk.ppc.rpm
444762d5d1e1efe4f04d7f3935c3f90f ppc/8.0/RPMS/libimlib1-1.9.13-2.3mdk.ppc.rpm
d01d60692e89c6548921e5e45df24b45 ppc/8.0/RPMS/libimlib1-devel-1.9.13-2.3mdk.ppc.rpm
f3f793d3bd22fe535ec42bae82d005f3 ppc/8.0/SRPMS/imlib-1.9.13-2.3mdk.src.rpm
Mandrake Linux 8.1:
d6c94b82b7b1e58cb0563bb660fc1ea2 8.1/RPMS/imlib-1.9.13-2.2mdk.i586.rpm
b07e7add5625ab037b6280fe7bbc699f 8.1/RPMS/imlib-cfgeditor-1.9.13-2.2mdk.i586.rpm
14fd63429b7ec31cc5c9b11698999624 8.1/RPMS/libimlib1-1.9.13-2.2mdk.i586.rpm
077f49ab8ba83c7c05211a04426d43b3 8.1/RPMS/libimlib1-devel-1.9.13-2.2mdk.i586.rpm
28d2e4164472fea78ed47ccb9b50f9d2 8.1/SRPMS/imlib-1.9.13-2.2mdk.src.rpm
Mandrake Linux 8.1/ia64:
54161570f5b4ee991a31782405f580a1 ia64/8.1/RPMS/imlib-1.9.13-2.2mdk.ia64.rpm
bfe7a2b9eb4420f60cd8a8545e3ef34c ia64/8.1/RPMS/imlib-cfgeditor-1.9.13-2.2mdk.ia64.rpm
64d932435e1ac3f53ec8adede7a96824 ia64/8.1/RPMS/libimlib1-1.9.13-2.2mdk.ia64.rpm
163d8b38a5a46094d5c903c5c2cd8590 ia64/8.1/RPMS/libimlib1-devel-1.9.13-2.2mdk.ia64.rpm
28d2e4164472fea78ed47ccb9b50f9d2 ia64/8.1/SRPMS/imlib-1.9.13-2.2mdk.src.rpm
Mandrake Linux 8.2:
144d8deeea93b0eb3e4566733093d8e8 8.2/RPMS/imlib-1.9.13-2.1mdk.i586.rpm
6f032201e345f1afadcf0c6485bdaeb9 8.2/RPMS/imlib-cfgeditor-1.9.13-2.1mdk.i586.rpm
49ca7d2fae68f8df49c23df9db50f71c 8.2/RPMS/libimlib1-1.9.13-2.1mdk.i586.rpm
08820637df4ac6747d925a031b82e226 8.2/RPMS/libimlib1-devel-1.9.13-2.1mdk.i586.rpm
74ae164faf005e3f0ee66d9361640b5b 8.2/SRPMS/imlib-1.9.13-2.1mdk.src.rpm
Mandrake Linux 8.2/ppc:
3f5b3afe7447721b62cc9672ca4ce7ec ppc/8.2/RPMS/imlib-1.9.13-2.1mdk.ppc.rpm
ac29822651c1a9be78456a683b7a6c2d ppc/8.2/RPMS/imlib-cfgeditor-1.9.13-2.1mdk.ppc.rpm
b0e6e0e4740e527dba83fe8f455c4f29 ppc/8.2/RPMS/libimlib1-1.9.13-2.1mdk.ppc.rpm
ea3af5a8bf76b78be7fd9d54d0c49db7 ppc/8.2/RPMS/libimlib1-devel-1.9.13-2.1mdk.ppc.rpm
74ae164faf005e3f0ee66d9361640b5b ppc/8.2/SRPMS/imlib-1.9.13-2.1mdk.src.rpm
Corporate Server 1.0.1:
fe82fcada2f3d71a562b0551594192ac 1.0.1/RPMS/imlib-1.9.13-2.5mdk.i586.rpm
a4aa27f231f94ea586c71f538af32f04 1.0.1/RPMS/imlib-cfgeditor-1.9.13-2.5mdk.i586.rpm
f195bf7954cd7efe2617fba434a8ed93 1.0.1/RPMS/imlib-devel-1.9.13-2.5mdk.i586.rpm
b052c14ed00cc28096a92f9070d3e096 1.0.1/SRPMS/imlib-1.9.13-2.5mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig <filename>
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:
https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security@linux-mandrake.com
________________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8yIJNmqjQ0CJFipgRAgSrAJ47oRGNOYuCLj0ushwJ/ugRfnG6AgCfZaEK
tVQVZDfpnRdMD4de9MMxoBE=
=CtWm
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 21:50:51 PDT