Linux groups patch image flaw

Common code used to process graphics has a flaw that could allow an attacker to issue commands as the user.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Several flaws in common Linux code used to process graphics in older versions of the GNOME desktop environment could allow an attacker to compromise a computer that displays a malicious image file, a security group warned this week.

The vulnerabilities occur in the Imlib software library, a set of common code for handling images, security information provider Secunia stated in an advisory Tuesday. The company rated the flaw threat as "highly critical."

Czech software developer Pavel Kankovsky discovered the flaws when he checked the Imlib library to see if it was affected by vulnerabilities found in a similar set of Linux code, Linux distributor Gentoo said in an advisory.

Both Gentoo and Novell's SuSE Linux released patches for the issue this week.

The image flaw is the latest graphics library vulnerability to affect a major operating system. Microsoft fixed a major flaw in how its operating system and applications handled the popular JPEG format. The flaw could be used to take control of a victim's PC by viewing a graphic. Another flaw in a popular code library for handling an open-source image format, known as Portable Network Graphics, put computers running Linux, Windows and Mac OS X at risk.

Another common element of Web pages, Sun Microsystems' Java, also had a major flaw that could affect Linux and Windows computer users. The company patched the issue in October.

Other versions of the Linux operating system are likely affected if they use an older version of the GNOME desktop. In addition, other applications on those systems could also be affected if that software uses the Imlib code.