Rapid7 Vulnerability & Exploit Database

RHSA-2002:048: New imlib packages available

Back to Search

RHSA-2002:048: New imlib packages available

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/22/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.

Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems making it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Users are advised to upgrade to these errata packages, which contain Imlib 1.9.13. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2002-0167, CAN-2002-0168 to these issues. [update May 16 2002] The previous release of this errata fixed the aforementioned security problems but had a file descriptor leak and a bug which would cause some applications (such as the Enlightenment window manager) to hang. These updated packages fix these issues.

Solution(s)

  • redhat-upgrade-imlib
  • redhat-upgrade-imlib-cfgeditor
  • redhat-upgrade-imlib-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;