Fedora Legacy Test Update Notification: xloadimage
Marc Deslauriers
marcdeslauriers at videotron.ca
Wed Mar 29 00:38:38 UTC 2006
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152923
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152923
2006-03-28
---------------------------------------------------------------------
Name : xloadimage
Versions : rh73: xloadimage-4.1-21.2.legacy
Versions : rh9: xloadimage-4.1-27.2.legacy
Versions : fc1: xloadimage-4.1-29.2.legacy
Versions : fc2: xloadimage-4.1-34.FC2.2.legacy
Summary : An X Window System based image viewer.
Description :
The xloadimage utility displays images in an X Window System window,
loads images into the root window, or writes images into a file.
Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM,
and XBM).
---------------------------------------------------------------------
Update Information:
A new xloadimage package that fixes bugs in handling malformed tiff and
pbm/pnm/ppm images, and in handling metacharacters in file names is now
available.
The xloadimage utility displays images in an X Window System window,
loads images into the root window, or writes images into a file.
Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM,
and XBM).
A flaw was discovered in xloadimage where filenames were not properly
quoted when calling the gunzip command. An attacker could create a file
with a carefully crafted filename so that it would execute arbitrary
commands if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0638 to
this issue.
A flaw was discovered in xloadimage via which an attacker can construct
a NIFF image with a very long embedded image title. This image can cause
a buffer overflow. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-3178 to this issue.
All users of xloadimage should upgrade to this erratum package, which
contains backported patches to correct these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1-21.2.legacy
- Added missing XFree86-devel BuildPrereq
* Thu Mar 16 2006 Donald Maner <donjr at maner.org> 4.1-21.1.legacy
- Patches for CVE-2005-0638 and CVE-2005-3178 (#152923)
rh9:
* Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1-27.2.legacy
- Added missing XFree86-devel to BuildPrereq
* Thu Mar 16 2006 Donald Maner <donjr at maner.org> 4.1-27.1.legacy
- Patches for CVE-2005-0638 and CVE-2005-3178 (#152923)
fc1:
* Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca]>
4.1-29.2.legacy
- Added missing XFree86-devel to BuildPrereq
* Thu Mar 16 2006 Donald Maner <donjr at maner.org> 4.1-29.1.legacy
- Patches for CVE-2005-0638 and CVE-2005-3178 (#152923)
fc2:
* Tue Mar 21 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1-34.FC2.2.legacy
- Added missing libjpeg-devel to BuildPrereq
- Fix release tag
* Fri Mar 17 2006 Donald Maner <donjr at pobox.com> 4.1-34.1.legacy
- Patch for CVE-2005-3178 (#152923)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
88326ff1a0753287240180322b36f8174686e0cc
redhat/7.3/updates-testing/i386/xloadimage-4.1-21.2.legacy.i386.rpm
663b64ed039000824bacd3475e807c29c835f388
redhat/7.3/updates-testing/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm
rh9:
7fef8d73737dfacb3d56f203bf31f3c8e2014925
redhat/9/updates-testing/i386/xloadimage-4.1-27.2.legacy.i386.rpm
2b4223a41ab2127ee3b173e0803635f3c441bb4f
redhat/9/updates-testing/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm
fc1:
c24c7a2ae4d703b00a3f84623cae24775674d5d7
fedora/1/updates-testing/i386/xloadimage-4.1-29.2.legacy.i386.rpm
ec2c5a9b5049aeca3cd4d12e7b84c650fec1c295
fedora/1/updates-testing/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm
fc2:
2910727dcd74a462a2f137746592e53ba5fcdfac
fedora/2/updates-testing/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm
924f5e4ffc9ff7190dc1808def838e57377f5fd6
fedora/2/updates-testing/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060328/3dd21040/attachment.sig>
More information about the fedora-legacy-list
mailing list