首页 -> 安全研究
安全研究
安全漏洞
Imlib存在堆破坏漏洞
发布日期:2002-03-21
更新日期:2002-03-27
受影响系统:
Imlib Imlib 1.9.9不受影响系统:
Imlib Imlib 1.9.7
Imlib Imlib 1.9.6
Imlib Imlib 1.9.5
Imlib Imlib 1.9.4
Imlib Imlib 1.9.3
Imlib Imlib 1.9.2
Imlib Imlib 1.9.12
Imlib Imlib 1.9.11
Imlib Imlib 1.9.1
Imlib Imlib 1.9
Imlib Imlib 1.9.10
- RedHat Linux 7.2
Imlib Imlib 1.9.8
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
Imlib Imlib 1.9.4描述:
BUGTRAQ ID: 4336
CVE(CAN) ID: CVE-2002-0168
Imlib是允许X11程序使用各种图象文件格式的库文件。
Imlib由于对参数的传递边界检查不够充分问题,可导致堆破坏漏洞。
Imlib在传递给malloc()的参数时没有进行充分边界检查,可导致攻击者构建特殊的图象文件,当浏览用户使用Imlib库时查看文件时,导致程序崩溃或者以浏览用户身份执行任意代码。
<*链接:https://www.redhat.com/support/errata/RHSA-2002-048.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 通告用户不要使用链接有Imlib库的程序打开不可信来源的图像文件。
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:048-06)以及相应补丁:
RHSA-2002:048-06:New imlib packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-048.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
浏览次数:3330
严重程度:0(网友投票)
绿盟科技给您安全的保障