Skip to navigation

Security Advisory xloadimage security update

Advisory: RHSA-2005:802-4
Type: Security Advisory
Severity: Low
Issued on: 2005-10-18
Last updated on: 2005-10-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-3178

Details

A new xloadimage package that fixes bugs in handling malformed tiff and
pbm/pnm/ppm images, and in handling metacharacters in file names is now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The xloadimage utility displays images in an X Window System window, loads
images into the root window, or writes images into a file. Xloadimage
supports many image types (including GIF, TIFF, JPEG, XPM, and XBM).

A flaw was discovered in xloadimage via which an attacker can construct a
NIFF image with a very long embedded image title. This image can cause a
buffer overflow. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-3178 to this issue.

All users of xloadimage should upgrade to this erratum package, which
contains backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
xloadimage-4.1-36.RHEL3.src.rpm     MD5: 895a319259026ab6e0055da88ff36ec4
 
IA-32:
xloadimage-4.1-36.RHEL3.i386.rpm     MD5: 1583103f2ffc69b306d7132e5efb07c7
 
x86_64:
xloadimage-4.1-36.RHEL3.x86_64.rpm     MD5: 0e83a7874cdde13a33c02316310b7a17
 
Red Hat Desktop (v. 4)

SRPMS:
xloadimage-4.1-36.RHEL4.src.rpm     MD5: 5b5f66c4ef8c5da3034be168c1a6059f
 
IA-32:
xloadimage-4.1-36.RHEL4.i386.rpm     MD5: a51440101c1cd09a0756b80ec693f315
 
x86_64:
xloadimage-4.1-36.RHEL4.x86_64.rpm     MD5: 915879a24a47ffb2f19f272ee7fdc698
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
xloadimage-4.1-36.RHEL2.1.i386.rpm     MD5: 033bde30356036eb2bb3a18f045e908c
 
IA-64:
xloadimage-4.1-36.RHEL2.1.ia64.rpm     MD5: 24959bb056e6f8647c133790b785528d
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
xloadimage-4.1-36.RHEL3.src.rpm     MD5: 895a319259026ab6e0055da88ff36ec4
 
IA-32:
xloadimage-4.1-36.RHEL3.i386.rpm     MD5: 1583103f2ffc69b306d7132e5efb07c7
 
IA-64:
xloadimage-4.1-36.RHEL3.ia64.rpm     MD5: ca43a806311d82f8bbb8cc6c4b29d17b
 
PPC:
xloadimage-4.1-36.RHEL3.ppc.rpm     MD5: d217140299cc54a63b8bc726c4d377f5
 
s390:
xloadimage-4.1-36.RHEL3.s390.rpm     MD5: eddf36c9504ab03c885820e30708bce7
 
s390x:
xloadimage-4.1-36.RHEL3.s390x.rpm     MD5: e1809c5d715113f0ec8459281048f719
 
x86_64:
xloadimage-4.1-36.RHEL3.x86_64.rpm     MD5: 0e83a7874cdde13a33c02316310b7a17
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
xloadimage-4.1-36.RHEL4.src.rpm     MD5: 5b5f66c4ef8c5da3034be168c1a6059f
 
IA-32:
xloadimage-4.1-36.RHEL4.i386.rpm     MD5: a51440101c1cd09a0756b80ec693f315
 
IA-64:
xloadimage-4.1-36.RHEL4.ia64.rpm     MD5: b344364d5f9ff3e8f417c17ab88b2f20
 
PPC:
xloadimage-4.1-36.RHEL4.ppc.rpm     MD5: 5a4203df880864a802d937fbb0e226d7
 
s390:
xloadimage-4.1-36.RHEL4.s390.rpm     MD5: 7c41b2aaa82fb17d621795b4c17bfb32
 
s390x:
xloadimage-4.1-36.RHEL4.s390x.rpm     MD5: 25b3b931c2ce4f79d88981e7c81040f8
 
x86_64:
xloadimage-4.1-36.RHEL4.x86_64.rpm     MD5: 915879a24a47ffb2f19f272ee7fdc698
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
xloadimage-4.1-36.RHEL2.1.i386.rpm     MD5: 033bde30356036eb2bb3a18f045e908c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
xloadimage-4.1-36.RHEL3.src.rpm     MD5: 895a319259026ab6e0055da88ff36ec4
 
IA-32:
xloadimage-4.1-36.RHEL3.i386.rpm     MD5: 1583103f2ffc69b306d7132e5efb07c7
 
IA-64:
xloadimage-4.1-36.RHEL3.ia64.rpm     MD5: ca43a806311d82f8bbb8cc6c4b29d17b
 
x86_64:
xloadimage-4.1-36.RHEL3.x86_64.rpm     MD5: 0e83a7874cdde13a33c02316310b7a17
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
xloadimage-4.1-36.RHEL4.src.rpm     MD5: 5b5f66c4ef8c5da3034be168c1a6059f
 
IA-32:
xloadimage-4.1-36.RHEL4.i386.rpm     MD5: a51440101c1cd09a0756b80ec693f315
 
IA-64:
xloadimage-4.1-36.RHEL4.ia64.rpm     MD5: b344364d5f9ff3e8f417c17ab88b2f20
 
x86_64:
xloadimage-4.1-36.RHEL4.x86_64.rpm     MD5: 915879a24a47ffb2f19f272ee7fdc698
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
xloadimage-4.1-36.RHEL2.1.i386.rpm     MD5: 033bde30356036eb2bb3a18f045e908c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
xloadimage-4.1-36.RHEL3.src.rpm     MD5: 895a319259026ab6e0055da88ff36ec4
 
IA-32:
xloadimage-4.1-36.RHEL3.i386.rpm     MD5: 1583103f2ffc69b306d7132e5efb07c7
 
IA-64:
xloadimage-4.1-36.RHEL3.ia64.rpm     MD5: ca43a806311d82f8bbb8cc6c4b29d17b
 
x86_64:
xloadimage-4.1-36.RHEL3.x86_64.rpm     MD5: 0e83a7874cdde13a33c02316310b7a17
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
xloadimage-4.1-36.RHEL4.src.rpm     MD5: 5b5f66c4ef8c5da3034be168c1a6059f
 
IA-32:
xloadimage-4.1-36.RHEL4.i386.rpm     MD5: a51440101c1cd09a0756b80ec693f315
 
IA-64:
xloadimage-4.1-36.RHEL4.ia64.rpm     MD5: b344364d5f9ff3e8f417c17ab88b2f20
 
x86_64:
xloadimage-4.1-36.RHEL4.x86_64.rpm     MD5: 915879a24a47ffb2f19f272ee7fdc698
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
xloadimage-4.1-36.RHEL2.1.ia64.rpm     MD5: 24959bb056e6f8647c133790b785528d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

170150 - CAN-2005-3178 xloadimage NIFF buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/