View Full Version : USN-683-1: Imlib2 vulnerability

December 2nd, 2008, 05:40 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-683-1 December 02, 2008 imlib2 vulnerability CVE-2008-5187 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libimlib2 1.2.1-2ubuntu0.3 Ubuntu 7.10: libimlib2 Ubuntu 8.04 LTS: libimlib2 1.4.0-1ubuntu1.1 Ubuntu 8.10: libimlib2 1.4.0-1.1ubuntu1.1 After a standard system upgrade you need to restart any applications that use Imlib2 to effect the necessary changes. Details follow: It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

More... (http://www.ubuntu.com/usn/USN-683-1)