Paketname
libxpm4
Datum
2004-09-15
Advisory ID
MDKSA-2004:098
Betroffene Versionen
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586

Problembeschreibung

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived): Stack overflows (CAN-2004-0687): Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c). Integer Overflows (CAN-2004-0688): Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence. The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.

Aktualisierte Pakete

9.2 amd64

 5f074ee2a98ebefedd94ce12c481469d  amd64/9.2/RPMS/lib64xpm4-3.4k-27.1.92mdk.amd64.rpm
dab19b1fdec00205b18a3d0db64ae7ea  amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.1.92mdk.amd64.rpm
ae0fa1a38affc7cdbef9505db0bb8e79  amd64/9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm

CS2.1 x86_64

 a98d3ac4aca9d273aec7d0df7affd389  x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.x86_64.rpm
d6aa250f8bb892ccc48e914085e8472f  x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.x86_64.rpm
93b631321701b3309cf47ca62f92b2b2  x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

10.0 amd64

 6f384448d85afd56100e68608d307536  amd64/10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm
6fed4973b8a0f06a78176b35069d39d3  amd64/10.0/RPMS/lib64xpm4-3.4k-27.1.100mdk.amd64.rpm
72b965c6dbf0d3cdc437405c18c8d658  amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.1.100mdk.amd64.rpm

CS2.1 i586

 09d95b236c8bbe18e64a521c91edecea  corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.i586.rpm
f95679273cc924ceb8343f5abb637bbf  corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.i586.rpm
93b631321701b3309cf47ca62f92b2b2  corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

10.0 i586

 b04f06bcbb1d68a0bb5a27a3409ab695  10.0/RPMS/libxpm4-3.4k-27.1.100mdk.i586.rpm
674d40df87b997be5be5b63088cc25f1  10.0/RPMS/libxpm4-devel-3.4k-27.1.100mdk.i586.rpm
6f384448d85afd56100e68608d307536  10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm

9.2 i586

 8d9a613ad0d381e0da4ea8b455dc81ef  9.2/RPMS/libxpm4-3.4k-27.1.92mdk.i586.rpm
f279c6c59dec9a85bc6d209931b2d9b1  9.2/RPMS/libxpm4-devel-3.4k-27.1.92mdk.i586.rpm
ae0fa1a38affc7cdbef9505db0bb8e79  9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm

Referenzen