rhsa-2002:048
Vulnerability from csaf_redhat
Published
2002-03-21 15:48
Modified
2025-05-08 02:17
Summary
Red Hat Security Advisory: : New imlib packages available
Notes
Topic
Updated imlib packages are now available for Red Hat Linux 6.2, 7,
7.1 and 7.2 which fix potential problems loading untrusted images.
Details
Imlib versions prior to 1.9.13 would fall back to loading images
via the NetPBM package, which has various problems making it
unsuitable for loading untrusted images. Imlib 1.9.13 also fixes
various problems in arguments passed to malloc().
These problems may allow attackers to construct images that,
when loaded by a viewer using Imlib, could cause crashes
or potentially the execution of arbitrary code.
Users are advised to upgrade to these errata packages, which
contain Imlib 1.9.13.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2002-0167, CAN-2002-0168 to these issues.
[update May 16 2002]
The previous release of this errata fixed the aforementioned security
problems but had a file descriptor leak and a bug which would cause some
applications (such as the Enlightenment window manager) to hang. These
updated packages fix these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated imlib packages are now available for Red Hat Linux 6.2, 7,\n7.1 and 7.2 which fix potential problems loading untrusted images.", "title": "Topic" }, { "category": "general", "text": "Imlib versions prior to 1.9.13 would fall back to loading images\nvia the NetPBM package, which has various problems making it\nunsuitable for loading untrusted images. Imlib 1.9.13 also fixes\nvarious problems in arguments passed to malloc().\n\nThese problems may allow attackers to construct images that,\nwhen loaded by a viewer using Imlib, could cause crashes \nor potentially the execution of arbitrary code.\n\nUsers are advised to upgrade to these errata packages, which\ncontain Imlib 1.9.13.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2002-0167, CAN-2002-0168 to these issues.\n\n[update May 16 2002]\nThe previous release of this errata fixed the aforementioned security\nproblems but had a file descriptor leak and a bug which would cause some\napplications (such as the Enlightenment window manager) to hang. These\nupdated packages fix these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2002:048", "url": "https://access.redhat.com/errata/RHSA-2002:048" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_048.json" } ], "title": "Red Hat Security Advisory: : New imlib packages available", "tracking": { "current_release_date": "2025-05-08T02:17:57+00:00", "generator": { "date": "2025-05-08T02:17:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.5.0" } }, "id": "RHSA-2002:048", "initial_release_date": "2002-03-21T15:48:00+00:00", "revision_history": [ { "date": "2002-03-21T15:48:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2002-03-15T00:00:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-05-08T02:17:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Linux 6.2", "product": { "name": "Red Hat Linux 6.2", "product_id": "Red Hat Linux 6.2", "product_identification_helper": { "cpe": "cpe:/o:redhat:linux:6.2" } } }, { "category": "product_name", "name": "Red Hat Linux 7.0", "product": { "name": "Red Hat Linux 7.0", "product_id": "Red Hat Linux 7.0", "product_identification_helper": { "cpe": "cpe:/o:redhat:linux:7.0" } } }, { "category": "product_name", "name": "Red Hat Linux 7.1", "product": { "name": "Red Hat Linux 7.1", "product_id": "Red Hat Linux 7.1", "product_identification_helper": { "cpe": "cpe:/o:redhat:linux:7.1" } } }, { "category": "product_name", "name": "Red Hat Linux 7.2", "product": { "name": "Red Hat Linux 7.2", "product_id": "Red Hat Linux 7.2", "product_identification_helper": { "cpe": "cpe:/o:redhat:linux:7.2" } } } ], "category": "product_family", "name": "Red Hat Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2002-0167", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1616750" } ], "notes": [ { "category": "description", "text": "Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Linux 6.2", "Red Hat Linux 7.0", "Red Hat Linux 7.1", "Red Hat Linux 7.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2002-0167" }, { "category": "external", "summary": "RHBZ#1616750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2002-0167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0167" } ], "release_date": "2002-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2002-03-21T15:48:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.", "product_ids": [ "Red Hat Linux 6.2", "Red Hat Linux 7.0", "Red Hat Linux 7.1", "Red Hat Linux 7.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2002:048" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "cve": "CVE-2002-0168", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1616751" } ], "notes": [ { "category": "description", "text": "Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Linux 6.2", "Red Hat Linux 7.0", "Red Hat Linux 7.1", "Red Hat Linux 7.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2002-0168" }, { "category": "external", "summary": "RHBZ#1616751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616751" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0168", "url": "https://www.cve.org/CVERecord?id=CVE-2002-0168" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0168", "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0168" } ], "release_date": "2002-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2002-03-21T15:48:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.", "product_ids": [ "Red Hat Linux 6.2", "Red Hat Linux 7.0", "Red Hat Linux 7.1", "Red Hat Linux 7.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2002:048" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…