Debian Security Advisory
DSA-552-1 imlib2 -- unsanitised input
- Date Reported:
- 22 Sep 2004
- Affected Packages:
- imlib2
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 271375.
In Mitre's CVE dictionary: CVE-2004-0802. - More information:
-
Marcus Meissner discovered a heap overflow error in imlib2, an imaging library for X and X11 and the successor of imlib, that may be utilised by an attacker to execute arbitrary code on the victims machine.
For the stable distribution (woody) this problem has been fixed in version 1.0.5-2woody1.
For the unstable distribution (sid) this problem has been fixed in version 1.1.0-12.4.
We recommend that you upgrade your imlib2 packages.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.dsc
- http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.diff.gz
- http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_alpha.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_arm.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_i386.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_ia64.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_hppa.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_m68k.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mips.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_s390.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_sparc.deb
- http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.