Imlib NetPBM相关性漏洞

漏洞信息详情

Imlib NetPBM相关性漏洞

• CNNVD编号：CNNVD-200204-019
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0167
  
• 漏洞类型：
  
  
  环境条件错误
  
• 发布时间：
  
  2002-03-21
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  enlightenment
• 漏洞来源：

Imlib是允许X11程序使用各种图象文件格式的库文件。
Imlib在装载图象文件时处理存在漏洞可导致装载不信任图象文件。
Imlib装载图象文件通过NETPBM包来处理，存在各种问题如设置相关图象文件等可导致装载不信任图象文件，攻击者可以自己构建图象文件，设置相关环境变量，导致任意代码以查看图象文件用户身份被执行。
＜*链接：https：//www.redhat.com/support/errata/RHSA-2002-048.html
*＞

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 暂时没有好的临时解决方法。
厂商补丁：
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2002:048-06)以及相应补丁:

RHSA-2002:048-06：New imlib packages available

链接：https://www.redhat.com/support/errata/RHSA-2002-048.html” target=”_blank”>https://www.redhat.com/support/errata/RHSA-2002-048.html

补丁下载：

Red Hat Linux 6.2:

SRPMS:

ftp://updates.redhat.com/6.2/en/os/SRPMS/imlib-1.9.13-2.6.x.src.rpm

alpha:

ftp://updates.redhat.com/6.2/en/os/alpha/imlib-1.9.13-2.6.x.alpha.rpm

ftp://updates.redhat.com/6.2/en/os/alpha/imlib-cfgeditor-1.9.13-2.6.x.alpha.rpm

ftp://updates.redhat.com/6.2/en/os/alpha/imlib-devel-1.9.13-2.6.x.alpha.rpm

i386:

ftp://updates.redhat.com/6.2/en/os/i386/imlib-1.9.13-2.6.x.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/imlib-cfgeditor-1.9.13-2.6.x.i386.rpm

ftp://updates.redhat.com/6.2/en/os/i386/imlib-devel-1.9.13-2.6.x.i386.rpm

sparc:

ftp://updates.redhat.com/6.2/en/os/sparc/imlib-1.9.13-2.6.x.sparc.rpm

ftp://updates.redhat.com/6.2/en/os/sparc/imlib-cfgeditor-1.9.13-2.6.x.sparc.rpm

ftp://updates.redhat.com/6.2/en/os/sparc/imlib-devel-1.9.13-2.6.x.sparc.rpm

Red Hat Linux 7.0:

SRPMS:

ftp://updates.redhat.com/7.0/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm

alpha:

ftp://updates.redhat.com/7.0/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm

ftp://updates.redhat.com/7.0/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm

ftp://updates.redhat.com/7.0/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm

i386:

ftp://updates.redhat.com/7.0/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.0/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.0/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm

Red Hat Linux 7.1:

SRPMS:

ftp://updates.redhat.com/7.1/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm

alpha:

ftp://updates.redhat.com/7.1/en/os/alpha/imlib-1.9.13-2.7.x.alpha.rpm

ftp://updates.redhat.com/7.1/en/os/alpha/imlib-cfgeditor-1.9.13-2.7.x.alpha.rpm

ftp://updates.redhat.com/7.1/en/os/alpha/imlib-devel-1.9.13-2.7.x.alpha.rpm

i386:

ftp://updates.redhat.com/7.1/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.1/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.1/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm

ia64:

ftp://updates.redhat.com/7.1/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm

ftp://updates.redhat.com/7.1/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm

ftp://updates.redhat.com/7.1/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm

Red Hat Linux 7.2:

SRPMS:

ftp://updates.redhat.com/7.2/en/os/SRPMS/imlib-1.9.13-2.7.x.src.rpm

i386:

ftp://updates.redhat.com/7.2/en/os/i386/imlib-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.2/en/os/i386/imlib-cfgeditor-1.9.13-2.7.x.i386.rpm

ftp://updates.redhat.com/7.2/en/os/i386/imlib-devel-1.9.13-2.7.x.i386.rpm

ia64:

ftp://updates.redhat.com/7.2/en/os/ia64/imlib-1.9.13-2.7.x.ia64.rpm

ftp://updates.redhat.com/7.2/en/os/ia64/imlib-cfgeditor-1.9.13-2.7.x.ia64.rpm

ftp://updates.redhat.com/7.2/en/os/ia64/imlib-devel-1.9.13-2.7.x.ia64.rpm

可使用下列命令安装补丁：

rpm -Fvh [文件名]

来源: REDHAT
名称: RHSA-2002:048
链接:http://www.redhat.com/support/errata/RHSA-2002-048.html

来源: BID
名称: 4339
链接:http://www.securityfocus.com/bid/4339

来源: SUSE
名称: SuSE-SA:2002:015
链接:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html

来源: MANDRAKE
名称: MDKSA-2002:029
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php

来源: CONECTIVA
名称: CLA-2002:470
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470

来源: CALDERA
名称: CSSA-2002-019.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt