Fedora Core 2: 2004-301 Critical: imlib Heap Overflow Threat

Imlib is a display depth independent image loading and rendering

library. Imlib is designed to simplify and speed up the process of

loading images and obtaining X Window System drawables. Imlib

provides many simple manipulation routines which can be used for

common operations.

Install imlib if you need an image loading and rendering library for

X11R6, or if you are installing GNOME. You may also want to install

the imlib-cfgeditor package, which will help you configure Imlib.

Several heap overflow vulnerabilities have been found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue.

Users of imlib should update to this updated package which contains backported patches and is not vulnerable to these issues. * Thu Sep 09 2004 Matthias Clasen <mclasen@redhat.com>

- security fixes

This update can be downloaded from:

c6ed83101974d8283a4013a80e356c08 SRPMS/imlib-1.9.13-19.src.rpm 9f6952bd21d1157b4c10dde7f87b8a3d x86_64/imlib-1.9.13-19.x86_64.rpm e70a8c0dec245aea672da1f1608e1e33 x86_64/imlib-devel-1.9.13-19.x86_64.rpm 64aa17fe9a0ea4efa9d48020212274c9 x86_64/imlib-cfgeditor-1.9.13-19.x86_64.rpm 48ef8b28ae79d1c7c82974e7f6b77e86 x86_64/debug/imlib-debuginfo-1.9.13-19.x86_64.rpm d...