__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Updated imlib Packages Fix Security Vulnerabilities [RHSA-2004:651-03] December 13, 2004 17:00 GMT Number P-052 [REVISED 20 Dec 2004] [REVISED 29 Dec 2004] [REVISED 06 Jan 2005] ______________________________________________________________________________ PROBLEM: There are several integer and buffer overflows in imlib packages. PLATFORM: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v. 2.1) & (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 2 Debian GNU/Linux 3.0 woody DAMAGE: An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A attacker could execute arbitrary code with ASSESSMENT: the permissions of the user running the application linked with imlib. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-052.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2004-651.html ADDITIONAL LINK: SGI Advanced Linux Environment 3 Security Update #20 Number 20041203-01-U ftp://patches.sgi.com/support/free/security/advisories/ 20041203-01-U.asc Debian Security Advisory DSA 618-1 http://www.debian.org/security/2004/dsa-618 Debian Security Advisory DSA 628-1 http://www.debian.org/security/2004/dsa-628 CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-1025 CAN-2004-1026 ______________________________________________________________________________ REVISION HISTORY: 12/20/04 - added link to SGI Security Advisory Number 20041203-01-U that provides updated SGI ProPack 3 Service Pack 2 RPMs for the SGI Altix family of systems. 12/29/04 - (1) Updated Red Hat Security Advisory RHSA-2004:651-03 to reflect changes made on 12/22/2004. Multilib packages were added to the Itanium, PPC, AMD64/Intel EM64T, and IBM eServer zSeries architectures for Red Hat Enterprise Linux version 3. (2) Added link to Debian Security Advisory DSA 618-1 that provides updated packages addressing this vulnerability. 01/06/05 - added link to Debian Security Advisory DSA-628 that provides updated packages addressing the vulnerabilities noted in this bulletin. [***** Start RHSA-2004:651-03 *****] Updated imlib packages fix security vulnerabilities Advisory: RHSA-2004:651-11 Last updated on: 2004-12-23 Affected Products: Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CAN-2004-1025 CAN-2004-1026 back Security Advisory Details: Updated imlib packages that fix several integer and buffer overflows are now available. [Updated Dec 22, 2004] Added multilib packages to the Itanium, PPC, AMD64/Intel EM64T, and IBM eServer zSeries architectures for Red Hat Enterprise Linux version 3. The imlib packages contain an image loading and rendering library. Pavel Kankovsky discovered several heap overflow flaws that were found in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1025 to this issue. Additionally, Pavel discovered several integer overflow flaws that were found in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1026 to this issue. Users of imlib should update to these updated packages, which contain backported patches and are not vulnerable to this issue. Updated packages: Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-13.4.src.rpm eedcdc9bc78a0736a6db342fb7e064aa IA-32: imlib-1.9.13-13.4.i386.rpm 72fad28d75c5beff7140dbe63f33e0b8 imlib-devel-1.9.13-13.4.i386.rpm 286302f2e3965d419772b800436e23cc x86_64: imlib-1.9.13-13.4.x86_64.rpm 207c7bd9f6f3790c8c39a4cd5be65e3d imlib-devel-1.9.13-13.4.x86_64.rpm 3d2517a397c7e91399e9fe1364740503 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-4.3.src.rpm 0a3c30ebe7c7bf1144a5d87762d5b691 IA-32: imlib-1.9.13-4.3.i386.rpm a2efcd78207a9773eb0bd31293aa7b24 imlib-cfgeditor-1.9.13-4.3.i386.rpm f05e36c23fcfdc326d1734aaf50fa33c imlib-devel-1.9.13-4.3.i386.rpm ee58781e3e6820560b55b03554a7eab2 IA-64: imlib-1.9.13-4.3.ia64.rpm d6d1ce616e19fbbec8cf3b2f06527a2c imlib-cfgeditor-1.9.13-4.3.ia64.rpm 79a9a717343e73a44efa4198fd8f3856 imlib-devel-1.9.13-4.3.ia64.rpm 0c87e24aba22c5ebceb6f9f409ba091c Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-13.4.src.rpm eedcdc9bc78a0736a6db342fb7e064aa IA-32: imlib-1.9.13-13.4.i386.rpm 72fad28d75c5beff7140dbe63f33e0b8 imlib-devel-1.9.13-13.4.i386.rpm 286302f2e3965d419772b800436e23cc IA-64: imlib-1.9.13-13.4.ia64.rpm 03d29e218ff542afbea20c1b1332c1ae imlib-devel-1.9.13-13.4.ia64.rpm f1a6d86e5bfb55d0efa3c48cdb6e5e60 PPC: imlib-1.9.13-13.4.ppc.rpm 31e11d994855fe92c394929384ec9b45 imlib-devel-1.9.13-13.4.ppc.rpm 90c3a55b2256f0900e2612ec97059151 s390: imlib-1.9.13-13.4.s390.rpm d51f954de49bafd895a65894e1b808e8 imlib-devel-1.9.13-13.4.s390.rpm bb4c9944ea49a8c3d865ce2bf7ea4037 s390x: imlib-1.9.13-13.4.s390x.rpm e932b3c7a39871a5c95db3392fe72c65 imlib-devel-1.9.13-13.4.s390x.rpm 6aae3cebfbdba66a864d6c8e73f76cdb x86_64: imlib-1.9.13-13.4.x86_64.rpm 207c7bd9f6f3790c8c39a4cd5be65e3d imlib-devel-1.9.13-13.4.x86_64.rpm 3d2517a397c7e91399e9fe1364740503 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-4.3.src.rpm 0a3c30ebe7c7bf1144a5d87762d5b691 IA-32: imlib-1.9.13-4.3.i386.rpm a2efcd78207a9773eb0bd31293aa7b24 imlib-cfgeditor-1.9.13-4.3.i386.rpm f05e36c23fcfdc326d1734aaf50fa33c imlib-devel-1.9.13-4.3.i386.rpm ee58781e3e6820560b55b03554a7eab2 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-13.4.src.rpm eedcdc9bc78a0736a6db342fb7e064aa IA-32: imlib-1.9.13-13.4.i386.rpm 72fad28d75c5beff7140dbe63f33e0b8 imlib-devel-1.9.13-13.4.i386.rpm 286302f2e3965d419772b800436e23cc IA-64: imlib-1.9.13-13.4.ia64.rpm 03d29e218ff542afbea20c1b1332c1ae imlib-devel-1.9.13-13.4.ia64.rpm f1a6d86e5bfb55d0efa3c48cdb6e5e60 x86_64: imlib-1.9.13-13.4.x86_64.rpm 207c7bd9f6f3790c8c39a4cd5be65e3d imlib-devel-1.9.13-13.4.x86_64.rpm 3d2517a397c7e91399e9fe1364740503 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-4.3.src.rpm 0a3c30ebe7c7bf1144a5d87762d5b691 IA-32: imlib-1.9.13-4.3.i386.rpm a2efcd78207a9773eb0bd31293aa7b24 imlib-cfgeditor-1.9.13-4.3.i386.rpm f05e36c23fcfdc326d1734aaf50fa33c imlib-devel-1.9.13-4.3.i386.rpm ee58781e3e6820560b55b03554a7eab2 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-13.4.src.rpm eedcdc9bc78a0736a6db342fb7e064aa IA-32: imlib-1.9.13-13.4.i386.rpm 72fad28d75c5beff7140dbe63f33e0b8 imlib-devel-1.9.13-13.4.i386.rpm 286302f2e3965d419772b800436e23cc IA-64: imlib-1.9.13-13.4.ia64.rpm 03d29e218ff542afbea20c1b1332c1ae imlib-devel-1.9.13-13.4.ia64.rpm f1a6d86e5bfb55d0efa3c48cdb6e5e60 x86_64: imlib-1.9.13-13.4.x86_64.rpm 207c7bd9f6f3790c8c39a4cd5be65e3d imlib-devel-1.9.13-13.4.x86_64.rpm 3d2517a397c7e91399e9fe1364740503 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: imlib-1.9.13-4.3.src.rpm 0a3c30ebe7c7bf1144a5d87762d5b691 IA-64: imlib-1.9.13-4.3.ia64.rpm d6d1ce616e19fbbec8cf3b2f06527a2c imlib-cfgeditor-1.9.13-4.3.ia64.rpm 79a9a717343e73a44efa4198fd8f3856 imlib-devel-1.9.13-4.3.ia64.rpm 0c87e24aba22c5ebceb6f9f409ba091c (The unlinked packages above are only available from the Red Hat Network) Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Bugs fixed: (see bugzilla for more information) 138516 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 -------------------------------------------------------------------------------- The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/solutions/security/news/publickey/#key You can verify each package and see who signed it with the following command: rpm --checksig -v filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum filename The Red Hat security contact is security@redhat.com. More contact details at http://www.redhat.com/solutions/security/news/contact.html [***** End RHSA-2004:651-03 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-042: Sudo Missing Input Santising P-043: "cyrus-imapd" Buffer Overflow P-044: Samba - Arbitrary File Access Vulnerability P-045: Sun Security Vulnerability in Ping(1M)P-046: Microsoft Cumulative Security Update for Internet Explorer (889293) P-046: Microsoft Cumulative Security Update for Internet Explorer P-047: Red Hat Updated Kernel Packages P-048: HP Ignite-UX Vulnerability P-049: Apple Security Update 2004-12-02 P-050: "in.rwhod" Daemon Vulnerability P-051: SMB Password Disclosure