![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:011 - imlib Date: Wed, 27 Mar 2002 20:46:31 +0000 (GMT) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: imlib Summary: Untrusted images can cause crashes and run arbitrary code Date: 2002-03-27 ID: ERISA-2002:011 ========================================================================= Problem description: Versions of imlib prior to 1.9.13 used the NetPBM package in fall-back situations, which had several problems associated with it making it unsafe for handling untrusted images. These problems make it possible for attackers to create image files such that when loaded via software which uses Imlib, could crash the program or potentially allow arbitrary code to be executed. ------------------------------------------------------------------------- Updated packages: c2486f6afb7686a26f83f3035843555f imlib-1.9.13-2.src.rpm 6e324dd23cd8a47b37de01a00eec18eb imlib-1.9.13-2.i386.rpm add0e3e58320ae6324f387601957f49d imlib-cfgeditor-1.9.13-2.i386.rpm a3a41d71d1b17da2e2085f6e31b248b1 imlib-devel-1.9.13-2.i386.rpm ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.