漏洞信息详情
Imlib NetPBM相关性漏洞
- CNNVD编号:CNNVD-200204-019
- 危害等级: 高危
- CVE编号: CVE-2002-0167
- 漏洞类型: 环境条件错误
- 发布时间: 2002-03-21
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: enlightenment
- 漏洞来源:
漏洞简介
Imlib是允许X11程序使用各种图象文件格式的库文件。 Imlib在装载图象文件时处理存在漏洞可导致装载不信任图象文件。 Imlib装载图象文件通过NETPBM包来处理,存在各种问题如设置相关图象文件等可导致装载不信任图象文件,攻击者可以自己构建图象文件,设置相关环境变量,导致任意代码以查看图象文件用户身份被执行。 <*链接:https://www.redhat.com/support/errata/RHSA-2002-048.HTML *>
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 暂时没有好的临时解决方法。 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2002:048-06)以及相应补丁:
RHSA-2002:048-06:New imlib packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-048.HTML
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
参考网址
来源: REDHAT 名称: RHSA-2002:048 链接:http://www.redhat.com/support/errata/RHSA-2002-048.HTML 来源: BID 名称: 4339 链接:http://www.securityfocus.com/bid/4339 来源: SUSE 名称: SuSE-SA:2002:015 链接:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.HTML 来源: MANDRAKE 名称: MDKSA-2002:029 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php 来源: CONECTIVA 名称: CLA-2002:470 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470 来源: CALDERA 名称: CSSA-2002-019.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
受影响实体
- Enlightenment Imlib:1.9.9
- Enlightenment Imlib:1.9.8
- Enlightenment Imlib:1.9.7
- Enlightenment Imlib:1.9.6
- Enlightenment Imlib:1.9.5
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论