Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.
Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems making it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Users are advised to upgrade to these errata packages, which contain Imlib 1.9.13. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2002-0167, CAN-2002-0168 to these issues. [update May 16 2002] The previous release of this errata fixed the aforementioned security problems but had a file descriptor leak and a bug which would cause some applications (such as the Enlightenment window manager) to hang. These updated packages fix these issues.