Linux

Linux groups patch image flaw

Common code used to process graphics has a flaw that could allow an attacker to issue commands as the user.
Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

By Robert Lemos
Staff Writer, CNET News.com

Several flaws in common Linux code used to process graphics in the GNOME desktop environment could allow an attacker to compromise a computer that displays a malicious image file, a security group warned this week.

The vulnerabilities occur in the Imlib software library, a set of common code for handling images, security information provider Secunia stated in an advisory Tuesday. The company rated the flaw threat as "highly critical."

Czech software developer Pavel Kankovsky discovered the flaws when he checked the Imlib library to see if it was affected by vulnerabilities found in a similar set of Linux code, Linux distributor Gentoo said in an advisory.

Both Gentoo and Novell's SuSE Linux have released patches for the issue this week.

The image flaw is the latest graphics library vulnerability to affect a major operating system. Microsoft fixed a major flaw in how its operating system and applications handled the popular JPEG format. The flaw could be used to take control of a victim's PC by viewing a graphic. Another flaw in a popular code library for handling an open-source image format, known as Portable Network Graphics, put computers running Linux, Windows and Mac OS X at risk.

Another common element of Web pages, Sun Microsystems' Java, also had a major flaw that could affect Linux and Windows computer users. The company patched the issue in October.

Other versions of the Linux operating system are likely affected if they use a recent version of the GNOME desktop.

Editor's Picks