Note: This is an archival copy of Security Sun Alert 201611 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001210.1. |
Category Security Release Phase Resolved 5099934 Date of Resolved Release 17-SEP-2004 Impact Due to multiple vulnerabilities in imlib, a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user when that local user has loaded a bitmap (.bmp) format image file supplied by an untrusted remote user. Note: imlib is a multi-image format library. It is used in many popular Open Source projects such as GNOME 1.x. This interface has been deprecated in the GNOME 2.x environment. These issues are described in the following documents:
Contributing Factors These issues can occur in the following releases: Linux Platform
Note: JDS for Solaris is not impacted by these issues. These issues only occur with imlib versions imlib-1.9.10-781 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of imlib, the following command can be run: % rpm -qf /usr/lib/libgdk_imlib.so.1 imlib-1.9.10-781 Symptoms There are no reliable symptoms that would show the described issues have been exploited. Workaround To work around the described issues, avoid using imlib based software to load bitmap image files. Resolution These issues are addressed in the following releases: Linux Platform
To download and install the updated RPMs from the update servers select the following from the launch bar: Launch >> Applications >> System Tools >> Online Update For more information on obtaining updates see:
Modification History Product Sun Java Desktop System Release 2 Attachments This solution has no attachment |
|