Bug 138522 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: imlib (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthias Clasen
impact=moderate,public=20040916
: Reopened, Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-09 14:15 EST by Josh Bressers
Modified: 2007-12-18 10:27 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-18 10:27:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-11-09 14:15:46 EST
Pavel Kankovsky of the fedora legacy project has reported multiple
issues in imlib.  This patch fixes a number of issue, the bulk of them
being integer overflows.

See bug 138516 for more information.

I believe this issue also affects FC2 as well.
Comment 1 Jonathan Blandford 2004-11-23 13:26:16 EST
Built a package for these
Comment 2 Marius Andreiana 2005-08-20 02:36:21 EDT
Updates released for RH
http://www.linuxcompatible.org/RHSA-2004651-01_Updated_imlib_packages_fix_security_vulnerabilities_s38502.html

No updates for FC3:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/

FC4 includes fix.

As this is quite old, leaving to Jonathan decision if there will be any updates
or just mark WONTFIX for fc3.
Comment 3 Marius Andreiana 2005-08-20 02:37:20 EDT
I mean Matthias, who is the bug owner.
Comment 4 Paul Howarth 2007-04-10 13:13:58 EDT
The test pixmap from Bug #138516 crashes qiv (an imlib-based image viewer) on
FC4 so it appears that Comment #2 is wrong about FC4 including a fix.

Whilst FC4 is no longer maintained, I believe FC5 is still vulnerable (I don't
have an FC5 box to test this). For FC6 onwards, imlib moved to Extras, where
this issue is  recorded in Bug #235416.
Comment 5 Tomas Hoger 2007-12-18 10:27:26 EST
Fix is included in current Fedora imlib packages:

* Tue Apr 10 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-2
- add patch for CVE-2004-1025, CVE-2004-1026 (integer/buffer overflows)
  (#235416)

Fedora Core 5 is no longer maintained.  Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.