--------------------------------------------------------------------------Debian Security Advisory DSA 628-1                     security@debian.org
https://www.debian.org/security/                             Martin Schulze
January 6th, 2005                       https://www.debian.org/security/faq
--------------------------------------------------------------------------Package        : imlib2
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1026

Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib and imlib2, imaging libraries for
X11.  An attacker could create a carefully crafted image file in such
a way that it could cause an application linked with imlib or imlib2
to execute arbitrary code when the file was opened by a victim.  The
Common Vulnerabilities and Exposures project identifies the following
problems:

CAN-2004-1025

    Multiple heap-based buffer overflows.  No such code is present in
    imlib2.

CAN-2004-1026

    Multiple integer overflows in the imlib library.

For the stable distribution (woody) these problems have been fixed in
version 1.0.5-2woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your imlib2 packages.


Upgrade Instructions
--------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------  Source archives:

          Size/MD5 checksum:      733 6f6e8508b5b630a86f9efcfecde7def4
          Size/MD5 checksum:    24428 a564f25fde0c5b0cabcc09d5b5159535
          Size/MD5 checksum:   688261 3b1a80c95ff2a4cfb3bce49e27d94461

  Alpha architecture:

          Size/MD5 checksum:   191216 5fb5991f4fb1239e5f1cd0c1a7d969bf
          Size/MD5 checksum:   483026 cdf1447ba093954a4d99bec1d04aecb9

  ARM architecture:

          Size/MD5 checksum:   165194 2c7d609e7f2777a118be441b7379ec49
          Size/MD5 checksum:   440948 601854f35385592e7c3daeda7c6e946b

  Intel IA-32 architecture:

          Size/MD5 checksum:   149446 51b598088378311845699e97e480f88d
          Size/MD5 checksum:   403528 ffbb69fee4cf35317c63813e86153173

  Intel IA-64 architecture:

          Size/MD5 checksum:   246832 aefd120663f3d66136a295fb2834ebc4
          Size/MD5 checksum:   508434 06f35a685680b023cd403c35b7ae423f

  HP Precision architecture:

          Size/MD5 checksum:   193598 f5d1aa5591f46bf7cc0a4991ebf17b57
          Size/MD5 checksum:   467452 1692700274cf6db934c3e8eada86e0ca

  Motorola 680x0 architecture:

          Size/MD5 checksum:   149362 b7b490352539282cb496fe0033f1510c
          Size/MD5 checksum:   402692 2d2848f5df47b51e6731e63d2e3f4a61

  Big endian MIPS architecture:

          Size/MD5 checksum:   158132 8fa35f404b87dc55a85b9f864c60dd3b
          Size/MD5 checksum:   447340 d7260c65edee790294ca5abe78ed8ea9

  Little endian MIPS architecture:

          Size/MD5 checksum:   157308 ca665733cf4f1bba438d4e8c1dc2b2d3
          Size/MD5 checksum:   439724 910d1d3f6d92c33229046a07780e52d1

  PowerPC architecture:

          Size/MD5 checksum:   168694 cd8efd37e1b4c99790676b7859f7d655
          Size/MD5 checksum:   443648 f0cd41775ea1e80875e4109662408e52

  IBM S/390 architecture:

          Size/MD5 checksum:   169030 8200d4599577df133a9a944786e958e7
          Size/MD5 checksum:   421472 f7fc3deb38b061fb5e6bd1f448dea617

  Sun Sparc architecture:

          Size/MD5 checksum:   166290 96777c27912c44e1ca40089cca0a5453
          Size/MD5 checksum:   434848 edc14a5c15cab67eaa1b7cf50ae28450


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and https://www.debian.org/distrib/packages

Debian: imlib2 arbitrary code execution fix

January 6, 2005
Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11

Summary


Multiple heap-based buffer overflows. No such code is present in
imlib2.

CAN-2004-1026

Multiple integer overflows in the imlib library.

For the stable distribution (woody) these problems have been fixed in
version 1.0.5-2woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your imlib2 packages.


Upgrade Instructions
--------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
-------------------------------- Source archives:

Size/MD5 checksum: 733 6f6e8508b5b630a86f9efcfecde7def4
Si...

Read the Full Advisory

Severity
--------------------------------------------------------------------------Package : imlib2
CVE ID : CAN-2004-1026

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved