• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities

Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

TurboLinux has released a security announcement and fixes to address these and other vulnerabilities. Please see the referenced announcement for further information regarding obtaining and applying appropriate updates.

Mandrake has released an advisory (MDKSA-2005:007) and updates to address these and other vulnerabilities. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo Linux has released advisory GLSA 200412-03 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/imlib-1.9.14-r3"
Please see the referenced advisory for further information.

RedHat Linux 7.3, and 9, as well as RedHat Enterprise Linux operating systems may have fixes available. Users of affected packages should contact their vendor for further information on obtaining fixes.

Red Hat has released advisory RHSA-2004:651-03 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

It is reported that patches originally used to create fixes for BIDs 11830 and 11837 are very likely the same. Users of affected packages should review both BIDs and apply all relevant fixes.

Debian has released advisory DSA 618-1 dealing with this and other issues. Please see the referenced advisory for more information.

Ubuntu Linux has released advisory USN-55-1 to address this, and other issues. Please see the referenced advisory for further information.


Imlib Imlib 1.9.13

• TurboLinux imlib-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imlib-1.9.13-10.i586.rpm


• TurboLinux imlib-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imlib-1.9.13-10.i586.rpm


• TurboLinux imlib-cfgeditor-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm


• TurboLinux imlib-cfgeditor-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imlib-cfgeditor-1.9.13-10.i586.rpm


• TurboLinux imlib-devel-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imlib-devel-1.9.13-10.i586.rpm


• TurboLinux imlib-devel-1.9.13-10.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imlib-devel-1.9.13-10.i586.rpm

Imlib Imlib 1.9.14

• Debian gdk-imlib-dev_1.9.14-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_alpha.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_arm.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_hppa.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_i386.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_ia64.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_m68k.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_mips.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_mipsel.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_powerpc.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_s390.deb


• Debian gdk-imlib-dev_1.9.14-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9 .14-2woody2_sparc.deb


• Debian gdk-imlib1_1.9.14-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_alpha.deb


• Debian gdk-imlib1_1.9.14-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_arm.deb


• Debian gdk-imlib1_1.9.14-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_hppa.deb


• Debian gdk-imlib1_1.9.14-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_i386.deb


• Debian gdk-imlib1_1.9.14-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_ia64.deb


• Debian gdk-imlib1_1.9.14-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_m68k.deb


• Debian gdk-imlib1_1.9.14-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_mips.deb


• Debian gdk-imlib1_1.9.14-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_mipsel.deb


• Debian gdk-imlib1_1.9.14-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_powerpc.deb


• Debian gdk-imlib1_1.9.14-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_s390.deb


• Debian gdk-imlib1_1.9.14-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14 -2woody2_sparc.deb


• Debian imlib-base_1.9.14-2woody2_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14 -2woody2_all.deb


• Debian imlib-dev_1.9.14-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_alpha.deb


• Debian imlib-dev_1.9.14-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_arm.deb


• Debian imlib-dev_1.9.14-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_hppa.deb


• Debian imlib-dev_1.9.14-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_i386.deb


• Debian imlib-dev_1.9.14-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_ia64.deb


• Debian imlib-dev_1.9.14-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_m68k.deb


• Debian imlib-dev_1.9.14-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_mips.deb


• Debian imlib-dev_1.9.14-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_mipsel.deb


• Debian imlib-dev_1.9.14-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_powerpc.deb


• Debian imlib-dev_1.9.14-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_s390.deb


• Debian imlib-dev_1.9.14-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14- 2woody2_sparc.deb


• Debian imlib-progs_1.9.14-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_hppa.deb


• Debian imlib-progs_1.9.14-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_i386.deb


• Debian imlib-progs_1.9.14-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_ia64.deb


• Debian imlib-progs_1.9.14-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_m68k.deb


• Debian imlib-progs_1.9.14-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_mips.deb


• Debian imlib-progs_1.9.14-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_mipsel.deb


• Debian imlib-progs_1.9.14-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_powerpc.deb


• Debian imlib-progs_1.9.14-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_s390.deb


• Debian imlib-progs_1.9.14-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.1 4-2woody2_sparc.deb


• Debian imlib1_1.9.14-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_alpha.deb


• Debian imlib1_1.9.14-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_hppa.deb


• Debian imlib1_1.9.14-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_i386.deb


• Debian imlib1_1.9.14-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_ia64.deb


• Debian imlib1_1.9.14-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_m68k.deb


• Debian imlib1_1.9.14-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_mips.deb


• Debian imlib1_1.9.14-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_mipsel.deb


• Debian imlib1_1.9.14-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_powerpc.deb


• Debian imlib1_1.9.14-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_s390.deb


• Debian imlib1_1.9.14-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wo ody2_sparc.deb


• Mandrake imlib-1.9.14-10.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-10.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-5.2.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-5.2.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-8.2.100mdk.amd64.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-8.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-8.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-1.9.14-8.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-10.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-10.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-5.2.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-5.2.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-8.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-8.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-8.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake imlib-cfgeditor-1.9.14-8.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-1.9.14-10.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-1.9.14-8.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-1.9.14-8.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-devel-1.9.14-10.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-devel-1.9.14-8.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64imlib1-devel-1.9.14-8.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-1.9.14-10.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-1.9.14-5.2.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-1.9.14-5.2.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-1.9.14-8.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-1.9.14-8.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-devel-1.9.14-10.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-devel-1.9.14-5.2.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-devel-1.9.14-5.2.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-devel-1.9.14-8.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libimlib1-devel-1.9.14-8.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• TurboLinux imlib-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imlib-1.9.14-9.i586.rpm


• TurboLinux imlib-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imlib-1.9.14-9.i586.rpm


• TurboLinux imlib-cfgeditor-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imlib-cfgeditor-1.9.14-9.i586.rpm


• TurboLinux imlib-debug-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imlib-debug-1.9.14-9.i586.rpm


• TurboLinux imlib-devel-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imlib-devel-1.9.14-9.i586.rpm


• TurboLinux imlib-devel-1.9.14-9.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imlib-devel-1.9.14-9.i586.rpm