> Linux Reviews > News and headlines > 2004 News archive > September >

Possibly serious security risk in imlib-library, Linux users are urged to update

LinuxReviews

Imlib is a image library used to display graphics used by Gnome and many important Linux applications. The library has a bug that allows evil code to be executed on your computer just by opening a carefully crafted image with a program that uses it to display graphics.

Gentoo Linux released a Security Advisory about BMP decoding buffer overflows in ImageMagick, imlib and imlib2.

ImageMagick and imlib checks bounds improperly and are vulnerable to buffer overflow attacks by using carefully crafted BMP images. Potentially, viewing a carefully crafted image using any application that uses imlib to display graphics could cause evil code to be executed on your computer.

Linux users should upgrade the libraries to imagemagick >= 6.0.7.1, imlib >= 1.9.14 and imlib2 >= 1.1.2.**

More information:

Several buffer overflows are also found in LHa, a a console-based program for handling LHarc archives. This is a very uncommon archiving format and is not, even though the holes themselves may be serious, a big issue. Updates LHarc packages are available for Gentoo, Fedora and most distributions.

More information:

What's the big deal? Headlines like "Pair of Linux Holes Put Users at Risk" (eweek) and other scandal-like stores flourish in the media this week. This story has become "huge".

Here is some information that will help you avoid being stuck with fear if updates packages are not yet available for your distribution:

> Linux Reviews > News and headlines > 2004 News archive > September >
Possibly serious security risk in imlib-library, Linux users are urged to update