Articles / Debian: New imlib packages …

Debian: New imlib packages fix arbitrary code execution

Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. Fixed packages are available from
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 618-1                                        Martin Schulze
December 24th, 2004           
- --------------------------------------------------------------------------

Package        : imlib
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CAN-2004-1025 CAN-2004-1026
BugTraq ID     : 11830
Debian Bug     : 284925

Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib, an imaging library for X and X11.
An attacker could create a carefully crafted image file in such a way
that it could cause an application linked with imlib to execute
arbitrary code when the file was opened by a victim.  The Common
Vulnerabilities and Exposures project identifies the following


    Multiple heap-based buffer overflows.


    Multiple integer overflows.

For the stable distribution (woody) these problems have been fixed in
version 1.9.14-2woody2.

For the unstable distribution (sid) these problems have been fixed in
version 1.9.14-17.1.

We recommend that you upgrade your imlib packages immediately.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      805 6b89c44e7635494ab6309f31e8977a71
      Size/MD5 checksum:   273298 66b9b193f65f0f552a3c7475504b4aa3
      Size/MD5 checksum:   748591 1fa54011e4e1db532d7eadae3ced6a8c

  Architecture independent components:
      Size/MD5 checksum:   114710 04c82fdad40b4c81ca6145015d1ca9e7

  Alpha architecture:
      Size/MD5 checksum:   119716 e6b3de272b4ccded198ca1c7a8cbe9c7
      Size/MD5 checksum:    97146 afa40cb2097baab7293694292a163373
      Size/MD5 checksum:   117364 43f345f06377fefe9a5976a3d571876c
      Size/MD5 checksum:   262202 2baf347e73e7833f340b72d250709b2f
      Size/MD5 checksum:    97202 af8d9bcb83596b124cc7148b4b42a612

  ARM architecture:
      Size/MD5 checksum:    94088 97cab67730bda9ca0a83ff1e8fd646c7
      Size/MD5 checksum:    75402 db81fe94e6b35c3baa2505f533f6aa01
      Size/MD5 checksum:    94136 d6d974eb4fb709141cd8482b45756a74
      Size/MD5 checksum:   258262 da89d3962a56d4d37bcb4084e5ae4176
      Size/MD5 checksum:    76330 b1f75f5cc08f4175b72ba932c7b34210

  Intel IA-32 architecture:
      Size/MD5 checksum:    77884 c24a0ebb06c178eb4d473c20433b7389
      Size/MD5 checksum:    69338 b284172f465ac35e7fdf44bea07504e8
      Size/MD5 checksum:    76452 acaaca70c492ee827d678743dd990d61
      Size/MD5 checksum:   258354 790ada2bfc6205c0cd43459ae95fb127
      Size/MD5 checksum:    69730 05f8b9bbab5f9008599f2fa37caaed2c

  Intel IA-64 architecture:
      Size/MD5 checksum:   129024 a059b5c1e0411f389c2fd39e594f5b5a
      Size/MD5 checksum:   116312 9eb937b6c56c0237487b2bf2e84eed4f
      Size/MD5 checksum:   129156 c726f93cf1456230e99ac2c03783080f
      Size/MD5 checksum:   266510 87aee70d85386bd2c29ee89b76360c75
      Size/MD5 checksum:   119094 026ac0e934b06183ee32f46cb70dbe76

  HP Precision architecture:
      Size/MD5 checksum:   105152 1cdbb634730781005e656d4a6f45afe4
      Size/MD5 checksum:    92194 902a728a355b9090c76083e49240111c
      Size/MD5 checksum:   103532 e86528e832c62b21b90e4d1a15c5821f
      Size/MD5 checksum:   261002 f39d5a52457a8a348d7881a649450fe3
      Size/MD5 checksum:    91622 efec147e4b6fb0bfb0d6510359dcd6a3

  Motorola 680x0 architecture:
      Size/MD5 checksum:    72004 3cb969b4018031188492c6bc448705dc
      Size/MD5 checksum:    64146 8bbbf2e8b4f7c31aa4e302dffe35ad71
      Size/MD5 checksum:    69820 8d7d31a6c3a44f7a3dcb5c0e17fc7bca
      Size/MD5 checksum:   257372 52888389b545dc1e3cce3b899a65a2d4
      Size/MD5 checksum:    64660 86ed5f17d0a2ab99c8775619b451cb17

  Big endian MIPS architecture:
      Size/MD5 checksum:    95756 615f2919772c3278475db2a123e10365
      Size/MD5 checksum:    75404 04fc84337f3cc79da350e63e54c0bd39
      Size/MD5 checksum:    92638 fc95257f5614e0ca9000083d0863e23e
      Size/MD5 checksum:   257934 43d3ab6970888d80aca888a90fc3b9dc
      Size/MD5 checksum:    75948 45b966a81a0bc4fdad17776491eebfbb

  Little endian MIPS architecture:
      Size/MD5 checksum:    95806 5d8184b2fa877b5140df8cd4f05bc629
      Size/MD5 checksum:    75478 54248fbb3244f95da8bd1a5e0dcc64c2
      Size/MD5 checksum:    92688 ba0e8f951706a1642ab2994a11113a0c
      Size/MD5 checksum:   257834 99d601494d76618f8974b05ba3f21401
      Size/MD5 checksum:    75884 856fed2b0af1665d36a7ac76dc4516a4

  PowerPC architecture:
      Size/MD5 checksum:    94166 ce1b5d6adc54b226054a2fbd83b2a86d
      Size/MD5 checksum:    76854 ba841bf89a7af734b741a33a591cab8f
      Size/MD5 checksum:    90276 23d95df53d747a550721960c673e8d9f
      Size/MD5 checksum:   258522 4619a569bcb42a6ff4e691a9a73b4298
      Size/MD5 checksum:    75432 1f72571029157018583561cd829f47b1

  IBM S/390 architecture:
      Size/MD5 checksum:    83314 ba3c9382fe7b468b74e36f8cd4eece90
      Size/MD5 checksum:    78052 2eb2a4951c05bedbe5e131b8f6ecc3eb
      Size/MD5 checksum:    84168 9de33add121dc1d258389522c0456544
      Size/MD5 checksum:   258680 909968f199ff27b6f6a51712043925d9
      Size/MD5 checksum:    78622 9eb679c1377078e6065f8f0183388a70

  Sun Sparc architecture:
      Size/MD5 checksum:    88778 d37e329386b3b5c9514fb9619175e75f
      Size/MD5 checksum:    76534 23476af1594709264a14e72a301bd747
      Size/MD5 checksum:    85812 74c633ae47eab66ee3402b9b3f8329b5
      Size/MD5 checksum:   258760 87f9a03a2528ff6dce1008ad9a7e1392
      Size/MD5 checksum:    76790 db539c8ee1aff2573c2e54bb525468fc

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

Version: GnuPG v1.2.5 (GNU/Linux)


Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.


Project Spotlight


An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.