Open-source developers have warned of serious security holes in two Linux components that could allow attackers to take over a system by tricking a user into viewing a specially crafted image file or opening an archive. Patches exist for the bugs, which affect LHA and imlib.

Imlib, a library for graphics-viewing applications used in the Gnome graphical user environment, contains a bug that could allow the execution of malicious code when a user views a specially crafted bit-map image file, according to Marcus Meissner of Novell Inc.'s Suse Linux. The vulnerability is due to a boundary error in the decoding of runlength-encoded bitmap images, which can be exploited to cause a buffer overflow, according to an advisory from Danish security firm Secunia, which maintains a vulnerabilities database.

Gentoo, MandrakeSoft SA and other Linux vendors have begun distributing fixes for the bug, and a patch is also available from the Gnome project. Imlib 1.x and imlib2 1.x are affected.


Source : InfoWorld