Note: This is an archival copy of Security Sun Alert 201611 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001210.1.
Date of Resolved Release
Due to multiple vulnerabilities in imlib, a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user when that local user has loaded a bitmap (.bmp) format image file supplied by an untrusted remote user.
Note: imlib is a multi-image format library. It is used in many popular Open Source projects such as GNOME 1.x. This interface has been deprecated in the GNOME 2.x environment.
These issues are described in the following documents:
These issues can occur in the following releases:
Note: JDS for Solaris is not impacted by these issues.
These issues only occur with imlib versions imlib-1.9.10-781 or earlier.
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of imlib, the following command can be run:
% rpm -qf /usr/lib/libgdk_imlib.so.1 imlib-1.9.10-781
There are no reliable symptoms that would show the described issues have been exploited.
To work around the described issues, avoid using imlib based software to load bitmap image files.
These issues are addressed in the following releases:
To download and install the updated RPMs from the update servers select the following from the launch bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining updates see:
Sun Java Desktop System Release 2
This solution has no attachment