Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Two Madrake Security Advisories: 1. MDKSA-2005:007 - imlib 2. MDKSA-2005:006 - hylafax

January 2005

Two Madrake Security Advisories: 1. MDKSA-2005:007 - imlib 2. MDKSA-2005:006 - hylafax

ID: 00038
Ref: 34/2005
Date: 18 January 2005:14:55:12
Version: 1
Title: Two Madrake Security Advisories: 1. MDKSA-2005:007 - imlib 2. MDKSA-2005:006 - hylafax
Abstract:
Vendors affected: Mandrake
Operating systems affected: Mandrake
Applications affected: Mandrake
Title
=====

Two Madrake Security Advisories:

1. MDKSA-2005:007 - imlib

2. MDKSA-2005:006 - hylafax


Detail
======

1. Pavel Kankovsky discovered several heap overflow flaw in the imlib
image handler. An attacker could create a carefully crafted image file
in such a way that it could cause an application linked with imlib to
execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib.
These could allow an attacker, creating a carefully crafted image file,
to cause an application linked with imlib to execute arbitrary code or
crash (CAN-2004-1026).


2. Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax. A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.





1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: imlib
Advisory ID: MDKSA-2005:007
Date: January 12th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

Pavel Kankovsky discovered several heap overflow flaw in the imlib
image handler. An attacker could create a carefully crafted image file
in such a way that it could cause an application linked with imlib to
execute arbitrary code when the file was opened by a user (CAN-2004-1025).

As well, Pavel also discovered several integer overflows in imlib.
These could allow an attacker, creating a carefully crafted image file,
to cause an application linked with imlib to execute arbitrary code or
crash (CAN-2004-1026).

The updated packages have been patched to prevent these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
bd7bbc47dfdf26b04d510c6b030b3cac 10.0/RPMS/imlib-1.9.14-8.2.100mdk.i586.rpm
f204804429ead96fa2f90f5b8a531571 10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.i586.rpm
ac82e42545e886d3e1362d0af8834d71 10.0/RPMS/libimlib1-1.9.14-8.2.100mdk.i586.rpm
0d824361bc7b789a4b244be0be5b20ef 10.0/RPMS/libimlib1-devel-1.9.14-8.2.100mdk.i586.rpm
7d6cb872bed064d54dba0d631eb9b673 10.0/RPMS/libimlib2_1-1.0.6-4.2.100mdk.i586.rpm
71ab28571ee2bbff24c7396881e7d51e 10.0/RPMS/libimlib2_1-devel-1.0.6-4.2.100mdk.i586.rpm
ecc8bda60ab924afe42f4eb5834bf42c 10.0/RPMS/libimlib2_1-filters-1.0.6-4.2.100mdk.i586.rpm
f2946cf510224a452cc928f5546ff1f0 10.0/RPMS/libimlib2_1-loaders-1.0.6-4.2.100mdk.i586.rpm
9382c1d6bce0884340042fa9e525fd08 10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
7698695bd2daa38fba1612c1e91a5b3a 10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
3e37213ffc4b149e26e5e6a88912ecae amd64/10.0/RPMS/imlib-1.9.14-8.2.100mdk.amd64.rpm
b14f75972c2ab469b800e7b6cdc90c55 amd64/10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.amd64.rpm
bca21d96eab3e80d6be9d4b5628b0690 amd64/10.0/RPMS/lib64imlib1-1.9.14-8.2.100mdk.amd64.rpm
59a9d02a3108a833b42b43b84efd6aa3 amd64/10.0/RPMS/lib64imlib1-devel-1.9.14-8.2.100mdk.amd64.rpm
d14d300215f734dc6eafb63c78957399 amd64/10.0/RPMS/lib64imlib2_1-1.0.6-4.2.100mdk.amd64.rpm
46656504ac97b356c559134b718ad65b amd64/10.0/RPMS/lib64imlib2_1-devel-1.0.6-4.2.100mdk.amd64.rpm
6f2bbe8bef5bd694a6b062f0dfa50667 amd64/10.0/RPMS/lib64imlib2_1-filters-1.0.6-4.2.100mdk.amd64.rpm
98279179853713a4ff3e328275d39c9f amd64/10.0/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.100mdk.amd64.rpm
9382c1d6bce0884340042fa9e525fd08 amd64/10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
7698695bd2daa38fba1612c1e91a5b3a amd64/10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

Mandrakelinux 10.1:
b804394b67f0b9bb15c1a2704f20b8fd 10.1/RPMS/imlib-1.9.14-10.1.101mdk.i586.rpm
5dbd8093bb1c95dcf04d1e3cafee8379 10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.i586.rpm
74fe1d864ceaf4b1f9915dbc65fc837d 10.1/RPMS/libimlib1-1.9.14-10.1.101mdk.i586.rpm
c0392b410caf1fe46414cc4ce5d5c502 10.1/RPMS/libimlib1-devel-1.9.14-10.1.101mdk.i586.rpm
e16941d022d2b244f58c538d096f9197 10.1/RPMS/libimlib2_1-1.1.0-4.1.101mdk.i586.rpm
2ad468fc89027a25fccf0b2264ab3846 10.1/RPMS/libimlib2_1-devel-1.1.0-4.1.101mdk.i586.rpm
a98356b5cc103684758a82779b16d9b3 10.1/RPMS/libimlib2_1-filters-1.1.0-4.1.101mdk.i586.rpm
801a3eb303cc342880166557697479c6 10.1/RPMS/libimlib2_1-loaders-1.1.0-4.1.101mdk.i586.rpm
e6bd5e4f0bc5978fb3a8d26ae5c5dd72 10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
f096122ff3f7446a973f82569ce6d19b 10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
42e81c0bad99a2a9eff7fff43b38de2f x86_64/10.1/RPMS/imlib-1.9.14-10.1.101mdk.x86_64.rpm
35b869d568d1b0cce730ef4f3c5d2f71 x86_64/10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.x86_64.rpm
ddf5381735f1ed8ed482d179a9c42de1 x86_64/10.1/RPMS/lib64imlib1-1.9.14-10.1.101mdk.x86_64.rpm
583fdf2bf60cc87927db70af044238ff x86_64/10.1/RPMS/lib64imlib1-devel-1.9.14-10.1.101mdk.x86_64.rpm
99011882872248e9c9aef49eb78fe683 x86_64/10.1/RPMS/lib64imlib2_1-1.1.0-4.1.101mdk.x86_64.rpm
aa42db65e9630f21240c147ca4922127 x86_64/10.1/RPMS/lib64imlib2_1-devel-1.1.0-4.1.101mdk.x86_64.rpm
320cf06b9011f6825604d9592df0d5d7 x86_64/10.1/RPMS/lib64imlib2_1-filters-1.1.0-4.1.101mdk.x86_64.rpm
010da67dacee54bf6cde18d2324ff96a x86_64/10.1/RPMS/lib64imlib2_1-loaders-1.1.0-4.1.101mdk.x86_64.rpm
e6bd5e4f0bc5978fb3a8d26ae5c5dd72 x86_64/10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
f096122ff3f7446a973f82569ce6d19b x86_64/10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

Corporate Server 2.1:
ab41a6e06b2c394050ddeb285f621695 corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.i586.rpm
9d05176150bdf59ceecf40241a1631f5 corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.i586.rpm
52b5c874ee7e144d85039aa49682ad3f corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.i586.rpm
e260cdadcdf523def0d4b66115b8320a corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.i586.rpm
1c12ac001c73155f2e923816da7047c0 corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.i586.rpm
70a4a84f76bbb393df69b4ab117cdbb6 corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.i586.rpm
264d82ddd09ebf4c1ae1fdb88e794f40 corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.i586.rpm
a847cb7487e25a62748b7ee266984a0e corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.i586.rpm
ca39e30856216675d571f9f9f9a2b4be corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
e7e6f332b38fd76ec211fbbc46212a50 corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
fa90e46be3192cbab1a1444624ca40a5 x86_64/corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.x86_64.rpm
9c5aef1f71673548fcdc9b3206941837 x86_64/corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.x86_64.rpm
15d184b211666b7276e0a1300b669649 x86_64/corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.x86_64.rpm
cf09dfd10b3cbf2685e4c6584eddee9e x86_64/corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.x86_64.rpm
0f23c5a1360a652e38f7c01311b4a79e x86_64/corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.x86_64.rpm
ab887e8c51e6576b2669cc9221573e2e x86_64/corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.x86_64.rpm
8f53044bc07b6426b425fc9593f893fb x86_64/corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.x86_64.rpm
cb4f6b69b23b18b10412e85446339597 x86_64/corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.x86_64.rpm
ca39e30856216675d571f9f9f9a2b4be x86_64/corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
e7e6f332b38fd76ec211fbbc46212a50 x86_64/corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

Mandrakelinux 9.2:
79bdc3aa16d848940ed1cf94e19887a8 9.2/RPMS/imlib-1.9.14-8.2.92mdk.i586.rpm
72df820a8b61c902e2a6332c99aab1c4 9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.i586.rpm
a2b76c722b5ae0007a6ad59bc31cfb8d 9.2/RPMS/libimlib1-1.9.14-8.2.92mdk.i586.rpm
441bf743e1762a8a0743058af6ac57ca 9.2/RPMS/libimlib1-devel-1.9.14-8.2.92mdk.i586.rpm
d70303d4fcd33aa96623d126fddcaaa7 9.2/RPMS/libimlib2_1-1.0.6-4.2.92mdk.i586.rpm
3cd32605bfdcf4c500716cd7d5b7a3e7 9.2/RPMS/libimlib2_1-devel-1.0.6-4.2.92mdk.i586.rpm
62b1faf5b90cd88f17e18d5a7d38c641 9.2/RPMS/libimlib2_1-filters-1.0.6-4.2.92mdk.i586.rpm
0d939526721cfe411ee5ef785de2b0d3 9.2/RPMS/libimlib2_1-loaders-1.0.6-4.2.92mdk.i586.rpm
40f1dd9fd95b30eba31a44394e2b73c2 9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
7ad3b6b6914332ca7c344df43814465f 9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
25edf03f98c07e50d6be3feabcc65738 amd64/9.2/RPMS/imlib-1.9.14-8.2.92mdk.amd64.rpm
8ad4f7a5276450271a3497e0eda5b172 amd64/9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.amd64.rpm
5dd09c5e9c63016451162ae3ec73fd58 amd64/9.2/RPMS/lib64imlib1-1.9.14-8.2.92mdk.amd64.rpm
40cd5079caa745125e8160de58bd64fe amd64/9.2/RPMS/lib64imlib1-devel-1.9.14-8.2.92mdk.amd64.rpm
fbf581720a50a7cc8052da20f63de75f amd64/9.2/RPMS/lib64imlib2_1-1.0.6-4.2.92mdk.amd64.rpm
e37d711c09e62f40965c37316fd67f0b amd64/9.2/RPMS/lib64imlib2_1-devel-1.0.6-4.2.92mdk.amd64.rpm
2bda7e59415e5774cd68f2b2a080c1a7 amd64/9.2/RPMS/lib64imlib2_1-filters-1.0.6-4.2.92mdk.amd64.rpm
26e31fe0f48212b698cd612dba1a7c5a amd64/9.2/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.92mdk.amd64.rpm
40f1dd9fd95b30eba31a44394e2b73c2 amd64/9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
7ad3b6b6914332ca7c344df43814465f amd64/9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB5hZWmqjQ0CJFipgRAm7IAJ0QpDBSCiSo1f3eTwNctg+/PlmL1wCgzZSR
JwJJCFTTko8xLciKKnAAL8g=
=3HLq
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: hylafax
Advisory ID: MDKSA-2005:006
Date: January 12th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax. A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.

The updated packages are provided to prevent this issue. Note that
the packages included with Corporate Server 2.1 do not require this fix.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
ee579763c8d03a6700ed952b9ccec832 10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
342f2d7f890f2b31ef689eb0a308dee4 10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
998f0ad4665e364c607fae0d87bf6e63 10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
5113375fd58490f64f6b5c0293780a79 10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
996a95af88ca9ab77371448957b7271f 10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
3530b9962aa58309aa59c1fd355d23ac 10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8b37c55f1eaadd9c4a0645c43b4ad25c amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
cb3290ee2bf666ed51e427e59829459d amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
05451b45a4036f314933d15b755ea8d7 amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
35310391ebce8f0a4085ed6b7d2ccd04 amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
d1b71635033b9e72c86057a0f156c544 amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm
3530b9962aa58309aa59c1fd355d23ac amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
2cbc9e6bd58daf7d2d15f6091416ca23 10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
80cf2d108124ebab09f2d92ffd3e2391 10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
b4e98805f61130b91b5cc98ba886af89 10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
5afec8caa3b77932c27d032e21a0eeed 10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
e5aafca41da67cacdef699983d81f3f0 10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
1fae0a459f3dce423c904ab262921cba 10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ccfce91efcd9e16651a6bb2995a2cc78 x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
6fd803abc59ec7d04f289d3aca50bd25 x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
b7ee9463f3bdf38fa1c1f5271d1d4022 x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
394b51eaef66c424ce9d448dd4ab237e x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
75fbf7eb72ba172e204612580e58b2f1 x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm
1fae0a459f3dce423c904ab262921cba x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB5hXxmqjQ0CJFipgRAsKAAJ9BQXhAKBLMQ9rBpe+OfRpNGonKKgCg2NaN
kQcWe5+upOq+jtr7PT1q6NM=
=eiBI
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |