Bug 17594

Summary: imlib2 new security issues CVE-2014-976[2-4]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, herman.viaene, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/673458/
Whiteboard: MGA5-32-OK advisory
Source RPM: imlib2-1.4.6-4.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-01-24 04:22:32 CET 
CVEs have been assigned for security issues fixed in imlib2 1.4.7:
http://openwall.com/lists/oss-security/2016/01/22/6

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated imlib2 packages fix security vulnerabilities:

Various issues in imlib before 1.4.7 in the GIF loader (CVE-2014-9762,
CVE-2014-9764) and PNM loader (CVE-2014-9763) could cause crashes.

The imlib2 package has been updated to version 1.4.7, fixing these issues
and several other bugs.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9764
https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog
http://openwall.com/lists/oss-security/2016/01/22/6
========================

Updated packages in core/updates_testing:
========================
libimlib2_1-1.4.7-1.mga5
libimlib2-devel-1.4.7-1.mga5
libimlib2_1-filters-1.4.7-1.mga5
libimlib2_1-loaders-1.4.7-1.mga5
imlib2-data-1.4.7-1.mga5

from imlib2-1.4.7-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2016-01-25 20:31:13 CET 
Debian-LTS has issued an advisory for this on January 24:
http://lwn.net/Alerts/673416/

URL: (none) => http://lwn.net/Vulnerabilities/673458/

Comment 2 Herman Viaene 2016-02-04 16:53:32 CET 
MGA5-32 on Acer D620 Xfce
No installation issues
Found Eterm to be dependent on libimlib2_1, run at CLI
$ strace -o ~/Documenten/eterm.txt Eterm
played a bit with font and background settings and checked in eterm.txt that the library was used.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA5-32-OK

Dave Hodgins 2016-02-05 04:01:40 CET

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2016-02-05 18:27:51 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0049.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED