A CVE has been assigned for another security issue fixed upstream in imlib2: http://openwall.com/lists/oss-security/2016/04/14/8 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated imlib2 packages fix security vulnerability: Integer overflow in imlib2 1.4.8 on 32-bit machines leads to insufficient heap allocation and heap overwrite in many image loaders, potentially resulting in remote code execution (CVE-2016-4024). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4024 http://openwall.com/lists/oss-security/2016/04/14/8 ======================== Updated packages in core/updates_testing: ======================== libimlib2_1-1.4.8-1.1.mga5 libimlib2-devel-1.4.8-1.1.mga5 libimlib2_1-filters-1.4.8-1.1.mga5 libimlib2_1-loaders-1.4.8-1.1.mga5 imlib2-data-1.4.8-1.1.mga5 from imlib2-1.4.8-1.1.mga5.src.rpm
x86_64 Mate Most of the packages were already installed. Tried out a few applications from the list provided by $ urpmq --whatrequires | sort |uniq qiv image viewer sxiv image viewer deadbeef audio player scrot screen capture feh image viewer eterm terminal wmcoincoin French talk program : pinnipede teletype coin coin is equivalent to quack quack It revealed the news that Stallman is pregnant! They all seemed to work OK. After updating they all continued to work as expected.
CC: (none) => tarazed25
Whiteboard: (none) => MGA5-64-OK
i586 in virtualbox Mate Installed the applications listed above and ran them after the update. All function OK. Validating this update.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0144.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/684748/