Bug 138522 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
Summary: CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: imlib   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact:
URL:
Whiteboard: impact=moderate,public=20040916
Keywords: Reopened, Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-09 19:15 UTC by Josh Bressers
Modified: 2007-12-18 15:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-18 15:27:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2004-11-09 19:15:46 UTC
Pavel Kankovsky of the fedora legacy project has reported multiple
issues in imlib.  This patch fixes a number of issue, the bulk of them
being integer overflows.

See bug 138516 for more information.

I believe this issue also affects FC2 as well.

Comment 1 Jonathan Blandford 2004-11-23 18:26:16 UTC
Built a package for these

Comment 2 Marius Andreiana 2005-08-20 06:36:21 UTC
Updates released for RH
http://www.linuxcompatible.org/RHSA-2004651-01_Updated_imlib_packages_fix_security_vulnerabilities_s38502.html

No updates for FC3:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/

FC4 includes fix.

As this is quite old, leaving to Jonathan decision if there will be any updates
or just mark WONTFIX for fc3.

Comment 3 Marius Andreiana 2005-08-20 06:37:20 UTC
I mean Matthias, who is the bug owner.

Comment 4 Paul Howarth 2007-04-10 17:13:58 UTC
The test pixmap from Bug #138516 crashes qiv (an imlib-based image viewer) on
FC4 so it appears that Comment #2 is wrong about FC4 including a fix.

Whilst FC4 is no longer maintained, I believe FC5 is still vulnerable (I don't
have an FC5 box to test this). For FC6 onwards, imlib moved to Extras, where
this issue is  recorded in Bug #235416.

Comment 5 Tomas Hoger 2007-12-18 15:27:26 UTC
Fix is included in current Fedora imlib packages:

* Tue Apr 10 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-2
- add patch for CVE-2004-1025, CVE-2004-1026 (integer/buffer overflows)
  (#235416)

Fedora Core 5 is no longer maintained.  Closing this bug.


Note You need to log in before you can comment on or make changes to this bug.