Bug 426091 (CVE-2007-3568)
Summary: | CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | mclasen, paul | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-01-07 13:16:32 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tomas Hoger
2007-12-18 13:43:57 UTC
Created attachment 289890 [details]
Gentoo patch
Replaces incorrect 'bpp && 16' with 'bpp != 16'
NVD statement for Red Hat Enterprise Linux imlib packages was already published on Nist NVD site (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568): Official Statement from Red Hat (7/6/2007) Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue. It is currently not planned to backport fix to Red Hat Enterprise Linux imlib packages. It may be worth fixing in Fedora, as according to reporter, imlib upstream is inactive for some time, so we probably can't count on new upstream release addressing this. Paul? imlib-1.9.15-6.fc9 containing the patch to fix this issue has been built for Rawhide, and updates for F-7 and F-8 have been built and requested to be pushed to updates-testing. Thanks, Paul! imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib' imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib' imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. |