Bug 235416
| Summary: | CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <ville.skytta> |
| Component: | imlib | Assignee: | Paul Howarth <paul> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6 | CC: | fedora-security-list, mattdm, maurizio.antillon |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.9.15-2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-05-02 15:40:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ville Skyttä
2007-04-05 16:43:43 UTC
It is unfortunate that the security fixes that went into RHEL4 in November 2004 didn't make it into the Fedora Core package at that time. I've verified that the test pixmap crashes the current imblib (using qiv) and that the patch from Bug #138516 fixes it. I've now incorporated that patch in that bug into the 1.9.15-2 package on devel, and updated FC-6 from 1.9.13-* to 1.9.15-2, which I believe will resolve this problem for FC-6 onwards. FC-5 (1:1.9.13-27) is probably still vulnerable. According to comment #2 in Bug #138522 FC-4 included a fix but I've just tried the test pixmap and it crashes qiv on an FC-4 box. > It is unfortunate that the security fixes that went into RHEL4 in November 2004
> didn't make it into the Fedora Core package at that time.
Sadly, this is a perennial problem with Fedora. :(
|