223965 CVE-2008-2426 2008-05-28 15:22 0000 media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426) 2008-06-08 20:52:09 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/30401/ B2 [glsa] P2 normal --- 1 vorlon@gentoo.org security@gentoo.org arm@gentoo.org sh@gentoo.org vapier@gentoo.org vorlon@gentoo.org 2008-05-28 15:22:26 0000 This bug is marked confidential, do not disclose any information or commit anything until the bug has been made public. Secunia Research reports a vulnerability in imlib2 (CVE-2008-2426). Preliminary disclosure date is 2008-06-11. The following is an excerpt from the vulnerability report, more details are available: [...] Credit: Stefan Cornelius, Secunia Research [...] -- Details -- 1) There is a boundary error within the "load()" function in src/modules/loaders/loader_pnm.c when reading the header of an PNM image file, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PNM image with an application using the imlib2 library. [...] Successful exploitation allows the execution of arbitrary code. 2) There is a boundary error within the "load()" function in src/modules/loader_xpm.c when processing an XPM image file, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM image with an application using the imlib2 library. [...] vorlon@gentoo.org 2008-05-28 15:25:06 0000 upstream has been contacted by secunia btw vorlon@gentoo.org 2008-05-29 15:00:50 0000 public via $URL patch is supposed to be in CVS according to that advisory thoger@redhat.com 2008-05-30 09:36:22 0000 Patches from upstream CVS: https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4 HTH vapier@gentoo.org 2008-05-31 05:42:43 0000 ive added 1.4.0-r1 and imlib2-1.4.1.000-r1 to the tree ... while both should be fine for stable, i imagine people would be more comfortable with the former rbu@gentoo.org 2008-05-31 09:11:44 0000 That was a straight-to-stable bump for 1.4.0-r1 ;-) So going directly to [glsa] vapier@gentoo.org 2008-05-31 10:51:31 0000 imlib2-1.4.0-r1 isnt in stable ... rbu@gentoo.org 2008-05-31 23:34:06 0000 (In reply to comment #6) > imlib2-1.4.0-r1 isnt in stable ... You are right. In that case, it seems there is a bug in adjutrix, because it actually outputs the version as stable: ... 1.4.0-r1 | + + + + + + + + + + + ~ | ... grep KEYWORDS proves you right: imlib2-1.4.0-r1.ebuild:KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" rbu@gentoo.org 2008-05-31 23:34:51 0000 Arches, please test and mark stable: =media-libs/imlib2-1.4.0-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" fauli@gentoo.org 2008-06-01 08:45:34 0000 x86 stable corsair@gentoo.org 2008-06-01 10:54:27 0000 ppc64 stable jer@gentoo.org 2008-06-02 04:14:00 0000 Stable for HPPA. armin76@gentoo.org 2008-06-02 10:24:08 0000 alpha/ia64/sparc stable beandog@gentoo.org 2008-06-03 14:20:05 0000 amd64 stable dertobi123@gentoo.org 2008-06-05 18:06:53 0000 ppc stable pva@gentoo.org 2008-06-06 07:52:26 0000 Fixed in release snapshot. keytoaster@gentoo.org 2008-06-06 17:05:54 0000 GLSA request filed. keytoaster@gentoo.org 2008-06-08 20:52:09 0000 GLSA 200806-03