首页 -> 安全研究
安全研究
绿盟月刊
绿盟安全月刊->第30期->最新漏洞
日期:2002-04-12
更新日期: 2002-3-27
受影响的系统:
Imlib Imlib 1.9.9
Imlib Imlib 1.9.7
Imlib Imlib 1.9.6
Imlib Imlib 1.9.5
Imlib Imlib 1.9.4
Imlib Imlib 1.9.3
Imlib Imlib 1.9.2
Imlib Imlib 1.9.12
Imlib Imlib 1.9.11
Imlib Imlib 1.9.1
Imlib Imlib 1.9
Imlib Imlib 1.9.10
- RedHat Linux 7.2
Imlib Imlib 1.9.8
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
不受影响系统:
Imlib Imlib 1.9.4
描述:
--------------------------------------------------------------------------
BUGTRAQ ID: 4336
Imlib是允许X11程序使用各种图象文件格式的库文件。
Imlib由于对参数的传递边界检查不够充分问题,可导致堆破坏漏洞。
Imlib在传递给malloc()的参数时没有进行充分边界检查,可导致攻击者构建特殊的图象文件,当浏览用户使用Imlib库时查看文件时,导致程序崩溃或者以浏览用户身份执行任意代码。
<*链接:https://www.redhat.com/support/errata/RHSA-2002-048.html
*>
--------------------------------------------------------------------------
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 通告用户不要使用链接有Imlib库的程序打开不可信来源的图像文件。
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:048-06)以及相应补丁:
RHSA-2002:048-06:New imlib packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-048.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
版权所有,未经许可,不得转载