LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-4561 (imlib)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: imlib-1.9.15-6.fc7


Date:
    	      Fri, 28 Dec 2007 10:16:19 -0700


Message-ID:
    	      <200712281716.lBSHGOIJ022843@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4561
2007-12-28 16:46:28
--------------------------------------------------------------------------------

Name        : imlib
Product     : Fedora 7
Version     : 1.9.15
Release     : 6.fc7
URL         : []
Summary     : An image loading and rendering library for X11R6
Description :
Imlib is a display depth independent image loading and rendering library.
Imlib is designed to simplify and speed up the process of loading images and
obtaining X Window System drawables. Imlib provides many simple manipulation
routines which can be used for common operations.

The imlib package also contains the imlib_config program, which you can use to
configure the Imlib image loading and rendering library. Imlib_config can be
used to control how Imlib uses color and handles gamma corrections, etc.

Install imlib if you need an image loading and rendering library for X11R6, or
if you are installing GNOME.

--------------------------------------------------------------------------------
Update Information:

This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who
could get an imlib-using user to view a  specially-crafted BMP image could cause the user's CPU to
go into an infinite loop.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 18 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-6
- include patch to fix a DoS caused via a BMP image with a Bits Per Page (BPP)
  value of 0 (#426091, CVE-2007-3568); thanks to Peter Volkov at Gentoo for
  the heads-up
- remove URL tag; this legacy package has no active upstream source, and
  documentation for it is gradually disappearing from the Internet
* Wed Nov 28 2007 Adam Jackson <ajax@redhat.com> 1:1.9.15-5
- imlib-1.9.15-check-for-shm-pixmaps.patch: MIT-SHM pixmaps are optional,
  so check that they exist before using them. (#357241)
* Thu Aug  9 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-4
- re-clarify license as GNU Lesser General Public License v2 or later (LGPLv2+)
* Wed Aug  8 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-3
- redesign of enlightenment.org website removed imlib page, so URL changed
  to enlightenment.sourceforge.net where the original website lived (#251278)
- clarify license as GNU Lesser General Public License v2 or later (LGPL+)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #426091 - CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image
        https://bugzilla.redhat.com/show_bug.cgi?id=426091
--------------------------------------------------------------------------------
Updated packages:

6336ee4808204f2ae56a0618c3cb946706e24526 imlib-debuginfo-1.9.15-6.fc7.ppc64.rpm
ddb6df12a090ca795dba731178393951f20a9321 imlib-devel-1.9.15-6.fc7.ppc64.rpm
4a552dfdaf2086d127c1cf6db5cc46adec883f44 imlib-1.9.15-6.fc7.ppc64.rpm
21835c5207383131dcd69eac5d42f27f0f46d20f imlib-debuginfo-1.9.15-6.fc7.i386.rpm
cda384e95a121c73f6d766b8de00ec677ce3d9f1 imlib-devel-1.9.15-6.fc7.i386.rpm
c6f27d057f28948b9d898f8cda30008e0bbb1926 imlib-1.9.15-6.fc7.i386.rpm
3cf64319d9092e5aff514eac2f1f508c11aa1574 imlib-debuginfo-1.9.15-6.fc7.x86_64.rpm
44c4a61e57a10b41e45b6d361cf9f1912aed77aa imlib-devel-1.9.15-6.fc7.x86_64.rpm
895af98bdd04873650037bbd59e427797e712d8f imlib-1.9.15-6.fc7.x86_64.rpm
4259c89ddde6acd58f156070af40d8dcc3212904 imlib-debuginfo-1.9.15-6.fc7.ppc.rpm
99ab5c65a3cd142605152af77fb9d10f8db9b2ca imlib-devel-1.9.15-6.fc7.ppc.rpm
d8bc8651debe18e892c0db02df0d06622cbe9a17 imlib-1.9.15-6.fc7.ppc.rpm
cc202d54a58e464b0ce28f93665cabc31772b610 imlib-1.9.15-6.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update imlib' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds