O-215: "imlib" and "imlib2" Packages Vulnerability Privacy and Legal Notice

CIAC INFORMATION BULLETIN

O-215: "imlib" and "imlib2" Packages Vulnerability

[Red Hat Advisory RHSA-2004:465-08]

September 15, 2004 21:00 GMT
[REVISED 16 Sep 2004]
[REVISED 20 Sep 2004]
[REVISED 22 Sep 2004]
[REVISD 26 Oct 2005]
PROBLEM: A vulnerability exists in the imlib and imlib2 packages. These are image loading and rendering libraries.
PLATFORM: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
Debian GNU/Linux 3.0 (woody)
SOFTWARE: Sun Java Desktop System (JDS) 2003
Sun Java Desktop System (JDS) Release 2
DAMAGE: An attacker could create a carefully crafted BMP file such that it could cause an application linked with imlib to execute arbitrary code when the file is opened.
SOLUTION: Install the updated packages.
VULNERABILITY
ASSESSMENT:		 The risk is HIGH. A remote intruder could get root access if they can convince users to open a bmp file and the user is logged on as root. This is only a problem if you use imlib to render images. Imlib is installed by default in Red Hat 9.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-215.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2004-465.html
  ADDITIONAL LINKS: Debian Security Advisory DSA-548-2 (imlib)
http://www.debian.org/security/2004/dsa-548
Debian Security Advisory DSA-552-1 (imlib2)
http://www.debian.org/security/2004/dsa-552
Sun Alert ID: 57645
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=security
  CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0817 
REVISION HISTORY:
09/16/04 - added a link to Debian Security Advisory DSA-548-1 that provides 
             updated packages for "imlib".
09/20/04 - added a link to Sun's Alert ID#: 57645.
09/22/04 - changed title of bulletin to add the "imlib2" package
09/22/04 - added a link to Debian Security Advisory DSA-552-1 that provides 
             updated packages for "imlib2".
10/26/05 - revised to modify the link to Debian Security Advisory DSA-548-2 
           for "imlib2" vulnerabilities. See Additional Links section for link 
           to this advisory.
		   
		 
			 
[***** Start Red Hat Advisory RHSA-2004:465-08 *****]

Updated imlib package fixes security vulnerability

Advisory: RHSA-2004:465-08 
Last updated on: 2004-09-15 

Affected Products: Red Hat Desktop (v. 3)
                   Red Hat Enterprise Linux AS (v. 2.1)
                   Red Hat Enterprise Linux AS (v. 3)
                   Red Hat Enterprise Linux ES (v. 2.1)
                   Red Hat Enterprise Linux ES (v. 3)
                   Red Hat Enterprise Linux WS (v. 2.1)
                   Red Hat Enterprise Linux WS (v. 3)
                   Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

CVEs (cve.mitre.org): CAN-2004-0817
 


   Security Advisory 


Details:

An updated imlib package that fixes several heap overflows is now available.

Imlib is an image loading and rendering library.

Several heap overflow flaws were found in the imlib BMP image handler. An
attacker could create a carefully crafted BMP file in such a way that it
could cause an application linked with imlib to execute arbitrary code when
the file was opened by a victim. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue.

Users of imlib should update to this updated package which contains
backported patches and is not vulnerable to this issue.



Updated packages:

Red Hat Desktop (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
imlib-1.9.13-13.3.x86_64.rpm          a541f53f7ae3b301598828d05014b46e 
imlib-devel-1.9.13-13.3.x86_64.rpm    ab80ef08fb5a847a729c8d69640c8366 
  
SRPMS: 
imlib-1.9.13-13.3.src.rpm              6b77190f47b54d9c4c8bfc59cb5c9a97 
  
i386: 
imlib-1.9.13-13.3.i386.rpm             ead45a05f882e533d8967caad278a3ff 
imlib-devel-1.9.13-13.3.i386.rpm       fb55305b96a608e4a59d734f0c933505 
  
Red Hat Enterprise Linux AS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
imlib-1.9.13-4.2.src.rpm                70350a36d0e898640bf0370f74d26329 
  
i386: 
imlib-1.9.13-4.2.i386.rpm               977d25ef2ed5d80a3d752bcc309dcea3 
imlib-cfgeditor-1.9.13-4.2.i386.rpm     4ca29312814b0c29e87acb6c1eba4f31 
imlib-devel-1.9.13-4.2.i386.rpm         ab03d718bd43a82cd4fa77118915ca7b 
  
ia64: 
imlib-1.9.13-4.2.ia64.rpm               ca8f753c817cbe0bf24ac0ac2b03bccc 
imlib-cfgeditor-1.9.13-4.2.ia64.rpm     11060c4560ee42e3e9e0e482a88189c2 
imlib-devel-1.9.13-4.2.ia64.rpm         11e6bd0ee4caca73cbc0ddc80bf1d793 
  
Red Hat Enterprise Linux AS (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
imlib-1.9.13-13.3.x86_64.rpm           a541f53f7ae3b301598828d05014b46e 
imlib-devel-1.9.13-13.3.x86_64.rpm     ab80ef08fb5a847a729c8d69640c8366 
  
SRPMS: 
imlib-1.9.13-13.3.src.rpm            6b77190f47b54d9c4c8bfc59cb5c9a97 
  
i386: 
imlib-1.9.13-13.3.i386.rpm           ead45a05f882e533d8967caad278a3ff 
imlib-devel-1.9.13-13.3.i386.rpm     fb55305b96a608e4a59d734f0c933505 
  
ia64: 
imlib-1.9.13-13.3.ia64.rpm            9444828842659c3bec047cc18d2528ee 
imlib-devel-1.9.13-13.3.ia64.rpm      c559153e239abff5269e41c30233ca05 
  
ppc: 
imlib-1.9.13-13.3.ppc.rpm             3d5eae85598168b6e337a0689eb2d743 
imlib-devel-1.9.13-13.3.ppc.rpm       c9bd4375d8e077fcc70a638804d16b65 
  
s390: 
imlib-1.9.13-13.3.s390.rpm            17404e9fdddd26a89d81df23e3aae7db 
imlib-devel-1.9.13-13.3.s390.rpm      5a3c49f094187deb72b9c522fedd5724 
  
s390x: 
imlib-1.9.13-13.3.s390x.rpm           81d3bbb3472454bd14c748c60c219d2b 
imlib-devel-1.9.13-13.3.s390x.rpm     7e6739f7b72993dadbc4a489898c83c1 
  
Red Hat Enterprise Linux ES (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
imlib-1.9.13-4.2.src.rpm                70350a36d0e898640bf0370f74d26329 
  
i386: 
imlib-1.9.13-4.2.i386.rpm               977d25ef2ed5d80a3d752bcc309dcea3 
imlib-cfgeditor-1.9.13-4.2.i386.rpm     4ca29312814b0c29e87acb6c1eba4f31 
imlib-devel-1.9.13-4.2.i386.rpm         ab03d718bd43a82cd4fa77118915ca7b 
  
Red Hat Enterprise Linux ES (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
imlib-1.9.13-13.3.x86_64.rpm           a541f53f7ae3b301598828d05014b46e 
imlib-devel-1.9.13-13.3.x86_64.rpm     ab80ef08fb5a847a729c8d69640c8366 
  
SRPMS: 
imlib-1.9.13-13.3.src.rpm               6b77190f47b54d9c4c8bfc59cb5c9a97 
  
i386: 
imlib-1.9.13-13.3.i386.rpm              ead45a05f882e533d8967caad278a3ff 
imlib-devel-1.9.13-13.3.i386.rpm        fb55305b96a608e4a59d734f0c933505 
  
ia64: 
imlib-1.9.13-13.3.ia64.rpm              9444828842659c3bec047cc18d2528ee 
imlib-devel-1.9.13-13.3.ia64.rpm        c559153e239abff5269e41c30233ca05 
  
Red Hat Enterprise Linux WS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
imlib-1.9.13-4.2.src.rpm                70350a36d0e898640bf0370f74d26329 
  
i386: 
imlib-1.9.13-4.2.i386.rpm               977d25ef2ed5d80a3d752bcc309dcea3 
imlib-cfgeditor-1.9.13-4.2.i386.rpm     4ca29312814b0c29e87acb6c1eba4f31 
imlib-devel-1.9.13-4.2.i386.rpm         ab03d718bd43a82cd4fa77118915ca7b 
  
Red Hat Enterprise Linux WS (v. 3) 

--------------------------------------------------------------------------------
 
AMD64: 
imlib-1.9.13-13.3.x86_64.rpm              a541f53f7ae3b301598828d05014b46e 
imlib-devel-1.9.13-13.3.x86_64.rpm        ab80ef08fb5a847a729c8d69640c8366 
  
SRPMS: 
imlib-1.9.13-13.3.src.rpm                 6b77190f47b54d9c4c8bfc59cb5c9a97 
  
i386: 
imlib-1.9.13-13.3.i386.rpm                ead45a05f882e533d8967caad278a3ff 
imlib-devel-1.9.13-13.3.i386.rpm          fb55305b96a608e4a59d734f0c933505 
  
ia64: 
imlib-1.9.13-13.3.ia64.rpm                9444828842659c3bec047cc18d2528ee 
imlib-devel-1.9.13-13.3.ia64.rpm          c559153e239abff5269e41c30233ca05 
  
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

--------------------------------------------------------------------------------
 
SRPMS: 
imlib-1.9.13-4.2.src.rpm                     70350a36d0e898640bf0370f74d26329 
  
ia64: 
imlib-1.9.13-4.2.ia64.rpm                    ca8f753c817cbe0bf24ac0ac2b03bccc 
imlib-cfgeditor-1.9.13-4.2.ia64.rpm          11060c4560ee42e3e9e0e482a88189c2 
imlib-devel-1.9.13-4.2.ia64.rpm              11e6bd0ee4caca73cbc0ddc80bf1d793 
  
(The unlinked packages above are only available from the Red Hat Network)
 

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/



Bugs fixed:  (see bugzilla for more information)

130909 - CAN-2004-0817 heap overflow in BMP decoder



References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817
http://bugzilla.gnome.org/show_bug.cgi?id=151034 

 
 

[***** End Red Hat Advisory RHSA-2004:465-08 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]