Ubuntu 6.10 USN-376-1 Moderate: Imlib2 Code Execution Risk Advisory
Nov 03, 2006
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
===========================================================
Ubuntu Security Notice USN-376-1 November 03, 2006
imlib2 vulnerabilities
CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libimlib2 1.2.0-2.2ubuntu2.1
Ubuntu 6.06 LTS:
libimlib2 1.2.1-2ubuntu0.1
Ubuntu 6.10:
libimlib2 1.2.1-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the
validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user
were tricked into viewing or processing a specially crafted image with
an application that uses imlib2, the flaws could be exploited to execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 5.10:
Source archives:
Size/MD5: 100796 c82218d8d766d6c07313616ec4cf2869
Size/MD5: 749 8077c827432795c90a5e5097574539e4
Size/MD5: 891164 dfc6d3cc270354af22ef9b5e3b312003
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 343188 a2c46b274c821dfa0f9ea479007a2260
Size/MD5: 206726 c5db59d4cbbc613fbe2a9033ea163231
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 300514 c69d47be87992d1c60b7cb3c97c99295
Size/MD5: 193200 2a07bef4498aec608729f855d629e792
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 341252 65f5260ccaa1ec702e7023c566468c6e
Size/MD5: 213304 1694fcb555e6ebd08e824ed4700353f8
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 320930 947d8ad96ed45db2a339f18e637dcf6f
Size/MD5: 197354 31eb4587fd3d1ed053249cdf69870b95
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 104822 b7b83481b45c6649393bf5f335b927e9
Size/MD5: 745 5984c54a0a0bb957119f22dfb1d4d76e
Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 352012 6061ed5e49df0b5a88ca1f8fee8ff1a7
Size/MD5: 214358 8d8d4f1ea638475cddb1f28c4d493cca
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 302338 3bbc57a2a6d29ad243f291fce03d04e5
Size/MD5: 193210 14b26ac483c07cc0840053e3b656e221
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 341726 f0679ab29b0123460f646470aff23017
Size/MD5: 212592 584c6ab6435c8ad94faaca0e0e75613c
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 317964 3bd6c317bc3c1c770a20ef6e164821ef
Size/MD5: 193948 9bb7f287b8493e4357b846fe0724b395
Updated packages for Ubuntu 6.10:
Source archives:
Size/MD5: 104898 2ab743c57b1b32afadc11c5dc0e55c25
Size/MD5: 745 11976cf02780a00e1e9bbd0857a45743
Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 354212 6a3fd86de721474e8da50f1ef11437cc
Size/MD5: 218382 cc08888dfedecbbc8d680663cc0b968f
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 318096 0718c201480b313f3ec220856068c6a8
Size/MD5: 202792 e196f939edc08781a90f9a04d9549026
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 345768 a9cbd9ef3f718230077ff949d2f0a22b
Size/MD5: 217928 0195e3b0bd2da4271e8dd87922a8bd39
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 324270 1e3f5a1195eec8b1f36d5f6b5d310ed9
Size/MD5: 198158 87863ac900cf6424dd7363a2e62bfa44
--F4+N/OgRSdC8YnqX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFS9KlH/9LqRcGPm0RAuMGAJ9e6/NwI3sd99U0q3vCR9o7Fj2QawCcDOs2
9lEds8R5dwJ01YdbkCxu4r8=Gabx
-----END PGP SIGNATURE-------F4+N/OgRSdC8YnqX--
--==============77117332=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--ubuntu-security-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--==============77117332==-- 
PREVIOUS
NEXT
Ubuntu 6.10 USN-376-1 Moderate: Imlib2 Code Execution Risk Advisory
ubuntu
November 3, 2006
M
Summary
Topics Covered
Update Instructions
References
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-376-1 November 03, 2006
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!