The developer of the Binal Internet Message Open Source Code is warned that they found serious security defects in the two Linux components of LHA and IMLIB, which enables hackers to take a deceived means to users, let users browse a special Image file or open a document to control the user's computer system. There is currently a patched software to fix these defects.
According to Novell's SUSE Linux department, IMLIB is the library file of the user's graphical browsing application in the GNOME graphical interface. The library file contains a defect, and when the user browsses the specially designed image This defect can perform malware codes when the file is made. According to the announcement released by Danish Safety Manufacturer Secunia, border errors in bitmap file decoding have caused this defect, which can trigger buffer overflow issues. The BMP decoding defect in the QT found last month is related to this defect.
IMLIB 1.x and IMLIB2 1.x have been influenced by this defect. Gentoo, Mandrakesoft, and other Linux vendors have begun to release the corresponding patches for correcting these defects, and the GNOME project organization also released their own patches.
Linux Manufacturer Red Hat Company warned that LHA included a third security defect. All previous versions of LHA 1.14 are affected by this defect. If the user is touched to extract a malicious document or test it, or pass a specially designed command to LHA, the defect will make the system perform malicious code. The third defect enables hackers to perform any commands by creating a directory.
Secunia said that as long as the user is "away from" untrusted documents, these three defects cannot be quickly swing. Red hats companies, Gentoo, and other Linux vendors have released patches for this defect.
From:
World