-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:127 http://www.mandriva.com/security/ _______________________________________________________________________ Package : imlib2 Date : July 2, 2010 Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in imlib2: imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several heap and stack based buffer overflows - partly due to integer overflows. (CVE-2008-6079). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6079 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 44775a46ed2702b80cbf63e8c1ad6430 2008.0/i586/imlib2-data-1.4.0.003-2.3mdv2008.0.i586.rpm a6150d70c6b29b2e21378ca55dc6f35a 2008.0/i586/libimlib2_1-1.4.0.003-2.3mdv2008.0.i586.rpm 4c663e43d1b53c1e4e5ac32bffca0273 2008.0/i586/libimlib2_1-filters-1.4.0.003-2.3mdv2008.0.i586.rpm feba632aa64abc8c9a81e83414777d8b 2008.0/i586/libimlib2_1-loaders-1.4.0.003-2.3mdv2008.0.i586.rpm b0dee530993d519f416ccb38d9c79ef8 2008.0/i586/libimlib2-devel-1.4.0.003-2.3mdv2008.0.i586.rpm c24a678f524e7a75852054d9e1e01483 2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d7ef86c53237c09dbf7445a573a235bd 2008.0/x86_64/imlib2-data-1.4.0.003-2.3mdv2008.0.x86_64.rpm f710c17aa8151dd76a80e436a75843bc 2008.0/x86_64/lib64imlib2_1-1.4.0.003-2.3mdv2008.0.x86_64.rpm 7d92d382b2852e9313293a396ab15b37 2008.0/x86_64/lib64imlib2_1-filters-1.4.0.003-2.3mdv2008.0.x86_64.rpm f914ea7be880629917db47ac40700ff3 2008.0/x86_64/lib64imlib2_1-loaders-1.4.0.003-2.3mdv2008.0.x86_64.rpm 09ae18e587c716ae0d95676eb30c539b 2008.0/x86_64/lib64imlib2-devel-1.4.0.003-2.3mdv2008.0.x86_64.rpm c24a678f524e7a75852054d9e1e01483 2008.0/SRPMS/imlib2-1.4.0.003-2.3mdv2008.0.src.rpm Mandriva Linux 2009.0: e317f7bcc0b25932bd3125f3c16c90b9 2009.0/i586/imlib2-data-1.4.1.000-3.2mdv2009.0.i586.rpm efbc27572707b46bf2c680560b1bc349 2009.0/i586/libimlib2_1-1.4.1.000-3.2mdv2009.0.i586.rpm eb69a0467269d3e46789b6b2a5328b65 2009.0/i586/libimlib2_1-filters-1.4.1.000-3.2mdv2009.0.i586.rpm e66144b6c698235602b888f2a90ce22f 2009.0/i586/libimlib2_1-loaders-1.4.1.000-3.2mdv2009.0.i586.rpm c5f8f3b4dda137ec74f67997f76edec0 2009.0/i586/libimlib2-devel-1.4.1.000-3.2mdv2009.0.i586.rpm 51d6d49bae6bd35ee65ce8a3c7c70c25 2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 5e9f4c9af90adaac48130777ea0b784c 2009.0/x86_64/imlib2-data-1.4.1.000-3.2mdv2009.0.x86_64.rpm 458cc010adaf15fc83848a6d150efd57 2009.0/x86_64/lib64imlib2_1-1.4.1.000-3.2mdv2009.0.x86_64.rpm e65c3df3acbb740b50e96c6a40b9ce98 2009.0/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdv2009.0.x86_64.rpm 35be2e751aab4de9edd2db61e4647739 2009.0/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdv2009.0.x86_64.rpm bbe1ad62f52c79d83fb74ad11ea3840d 2009.0/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdv2009.0.x86_64.rpm 51d6d49bae6bd35ee65ce8a3c7c70c25 2009.0/SRPMS/imlib2-1.4.1.000-3.2mdv2009.0.src.rpm Corporate 4.0: 0d41f9cb78064f11e4f775e39be9e8ac corporate/4.0/i586/imlib2-data-1.2.1-1.6.20060mlcs4.i586.rpm 9ce4cde62732af818be24c6fc33d0279 corporate/4.0/i586/libimlib2_1-1.2.1-1.6.20060mlcs4.i586.rpm 378625e54b23230947fa8eb237bb8d38 corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.6.20060mlcs4.i586.rpm 70b27fef5d7a95aad000c2465ec468c7 corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.6.20060mlcs4.i586.rpm 2062cd95c0ee57f25ec0efc2f1e3a83e corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.6.20060mlcs4.i586.rpm 9b5952347360bd17d25050f8d7f5f7fd corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: a32feafa4926d0f71cf5664b60204dbe corporate/4.0/x86_64/imlib2-data-1.2.1-1.6.20060mlcs4.x86_64.rpm cf30082289356e0a2f45ab71bdb707ca corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.6.20060mlcs4.x86_64.rpm f4ead40dfa17c31b1d87ea0675092375 corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.6.20060mlcs4.x86_64.rpm 66f87a7e3b4098051fd052dfe16974fc corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.6.20060mlcs4.x86_64.rpm 4fb44a690f2db9180cebb87172a46439 corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.6.20060mlcs4.x86_64.rpm 9b5952347360bd17d25050f8d7f5f7fd corporate/4.0/SRPMS/imlib2-1.2.1-1.6.20060mlcs4.src.rpm Mandriva Enterprise Server 5: baf8c0a0ea8254304060455408961a42 mes5/i586/imlib2-data-1.4.1.000-3.2mdvmes5.1.i586.rpm 1df3ce2a3089561327d7164222d2f9c3 mes5/i586/libimlib2_1-1.4.1.000-3.2mdvmes5.1.i586.rpm 84e807dd66631fd93cc2fa68a63aa860 mes5/i586/libimlib2_1-filters-1.4.1.000-3.2mdvmes5.1.i586.rpm 65b8c13302b9ba82dfc932d5ee92d6c9 mes5/i586/libimlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.i586.rpm c0b5aacea05f8eee1a2ff3827892decf mes5/i586/libimlib2-devel-1.4.1.000-3.2mdvmes5.1.i586.rpm baff71f19c813011965e3f83d7efb866 mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 8e87ffe2e6a2280c9a4c60b1d280b9c7 mes5/x86_64/imlib2-data-1.4.1.000-3.2mdvmes5.1.x86_64.rpm e620c5fa18ae672eb89ae03fc36b06a0 mes5/x86_64/lib64imlib2_1-1.4.1.000-3.2mdvmes5.1.x86_64.rpm 3e80f2c8b451511c00278b0b761de8da mes5/x86_64/lib64imlib2_1-filters-1.4.1.000-3.2mdvmes5.1.x86_64.rpm 93011efa1553c3f90414bb92e6983641 mes5/x86_64/lib64imlib2_1-loaders-1.4.1.000-3.2mdvmes5.1.x86_64.rpm cf3fa26d2adb4eeb35ba92622d6d9165 mes5/x86_64/lib64imlib2-devel-1.4.1.000-3.2mdvmes5.1.x86_64.rpm baff71f19c813011965e3f83d7efb866 mes5/SRPMS/imlib2-1.4.1.000-3.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMLdwymqjQ0CJFipgRAkSIAKC9LeOFWIgsvDIEn9TQpgOVgHXEogCgnFA7 2+ZYhGX7QkxTpsjOMBU7WUU= =AEIO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/