[Frugalware-security] [ FSA-44 ] imlib2

voroskoi noreply at frugalware.org
Tue Nov 14 20:09:23 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-44

Date: 2006-11-14
Package: imlib2
Vulnerable versions: <= 1.2.2-1
Unaffected versions: >= 1.2.2-2siwenna1
Related bugreport: http://bugs.frugalware.org/task/1425
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809

Description
===========

Some vulnerabilities have been reported in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
The vulnerabilities are caused due to unspecified errors within the processing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted image file with an application using imlib2.

Updated Packages
================

Check if you have imlib2 installed:

	# pacman -Q imlib2

If found, then you should upgrade to the latest version:

	# pacman -Sy imlib2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFWhRjZ7NElSD1VhkRAlbtAJ9FpVK7qf4Xs4RbHwa4rZHByTwLQQCdFQCj
89qE1aRbJSEaTsS8ZLBxkOg=
=6VWa
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list