Skip to navigation

Security Advisory imlib security update

Advisory: RHSA-2004:465-08
Type: Security Advisory
Severity: Important
Issued on: 2004-09-15
Last updated on: 2004-09-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0817

Details

An updated imlib package that fixes several heap overflows is now available.

Imlib is an image loading and rendering library.

Several heap overflow flaws were found in the imlib BMP image handler. An
attacker could create a carefully crafted BMP file in such a way that it
could cause an application linked with imlib to execute arbitrary code when
the file was opened by a victim. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue.

Users of imlib should update to this updated package which contains
backported patches and is not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
imlib-1.9.13-13.3.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 6b77190f47b54d9c4c8bfc59cb5c9a97
 
IA-32:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-devel-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: fb55305b96a608e4a59d734f0c933505
 
x86_64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: a541f53f7ae3b301598828d05014b46e
imlib-devel-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: ab80ef08fb5a847a729c8d69640c8366
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
imlib-1.9.13-4.2.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 70350a36d0e898640bf0370f74d26329
 
IA-32:
imlib-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 977d25ef2ed5d80a3d752bcc309dcea3
imlib-cfgeditor-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 4ca29312814b0c29e87acb6c1eba4f31
imlib-devel-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ab03d718bd43a82cd4fa77118915ca7b
 
IA-64:
imlib-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: ca8f753c817cbe0bf24ac0ac2b03bccc
imlib-cfgeditor-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 11060c4560ee42e3e9e0e482a88189c2
imlib-devel-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 11e6bd0ee4caca73cbc0ddc80bf1d793
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
imlib-1.9.13-13.3.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 6b77190f47b54d9c4c8bfc59cb5c9a97
 
IA-32:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-devel-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: fb55305b96a608e4a59d734f0c933505
 
IA-64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 9444828842659c3bec047cc18d2528ee
imlib-devel-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: c559153e239abff5269e41c30233ca05
 
PPC:
imlib-1.9.13-13.3.ppc.rpm
File outdated by:  RHSA-2004:651
    MD5: 3d5eae85598168b6e337a0689eb2d743
imlib-devel-1.9.13-13.3.ppc.rpm
File outdated by:  RHSA-2004:651
    MD5: c9bd4375d8e077fcc70a638804d16b65
 
s390:
imlib-1.9.13-13.3.s390.rpm
File outdated by:  RHSA-2004:651
    MD5: 17404e9fdddd26a89d81df23e3aae7db
imlib-devel-1.9.13-13.3.s390.rpm
File outdated by:  RHSA-2004:651
    MD5: 5a3c49f094187deb72b9c522fedd5724
 
s390x:
imlib-1.9.13-13.3.s390x.rpm
File outdated by:  RHSA-2004:651
    MD5: 81d3bbb3472454bd14c748c60c219d2b
imlib-devel-1.9.13-13.3.s390x.rpm
File outdated by:  RHSA-2004:651
    MD5: 7e6739f7b72993dadbc4a489898c83c1
 
x86_64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: a541f53f7ae3b301598828d05014b46e
imlib-devel-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: ab80ef08fb5a847a729c8d69640c8366
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
imlib-1.9.13-4.2.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 70350a36d0e898640bf0370f74d26329
 
IA-32:
imlib-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 977d25ef2ed5d80a3d752bcc309dcea3
imlib-cfgeditor-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 4ca29312814b0c29e87acb6c1eba4f31
imlib-devel-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ab03d718bd43a82cd4fa77118915ca7b
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
imlib-1.9.13-13.3.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 6b77190f47b54d9c4c8bfc59cb5c9a97
 
IA-32:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-devel-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: fb55305b96a608e4a59d734f0c933505
 
IA-64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 9444828842659c3bec047cc18d2528ee
imlib-devel-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: c559153e239abff5269e41c30233ca05
 
x86_64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: a541f53f7ae3b301598828d05014b46e
imlib-devel-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: ab80ef08fb5a847a729c8d69640c8366
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
imlib-1.9.13-4.2.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 70350a36d0e898640bf0370f74d26329
 
IA-32:
imlib-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 977d25ef2ed5d80a3d752bcc309dcea3
imlib-cfgeditor-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: 4ca29312814b0c29e87acb6c1eba4f31
imlib-devel-1.9.13-4.2.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ab03d718bd43a82cd4fa77118915ca7b
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
imlib-1.9.13-13.3.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 6b77190f47b54d9c4c8bfc59cb5c9a97
 
IA-32:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-devel-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: fb55305b96a608e4a59d734f0c933505
 
IA-64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 9444828842659c3bec047cc18d2528ee
imlib-devel-1.9.13-13.3.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: c559153e239abff5269e41c30233ca05
 
x86_64:
imlib-1.9.13-13.3.i386.rpm
File outdated by:  RHSA-2004:651
    MD5: ead45a05f882e533d8967caad278a3ff
imlib-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: a541f53f7ae3b301598828d05014b46e
imlib-devel-1.9.13-13.3.x86_64.rpm
File outdated by:  RHSA-2004:651
    MD5: ab80ef08fb5a847a729c8d69640c8366
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
imlib-1.9.13-4.2.src.rpm
File outdated by:  RHSA-2004:651
    MD5: 70350a36d0e898640bf0370f74d26329
 
IA-64:
imlib-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: ca8f753c817cbe0bf24ac0ac2b03bccc
imlib-cfgeditor-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 11060c4560ee42e3e9e0e482a88189c2
imlib-devel-1.9.13-4.2.ia64.rpm
File outdated by:  RHSA-2004:651
    MD5: 11e6bd0ee4caca73cbc0ddc80bf1d793
 

Bugs fixed (see bugzilla for more information)

130909 - CAN-2004-0817 heap overflow in BMP decoder


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/