Support / Security / Advisories / Mandrakelinux 10.0 / MDKSA-2004:137

Package name: libxpm4
Date: 2004-11-22
Advisory ID: MDKSA-2004:137
Affected versions: 9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues.

Updated packages

9.2 amd64

 c6072becb352417e46e8f4c0f0c60448  amd64/9.2/RPMS/lib64xpm4-3.4k-27.2.92mdk.amd64.rpm
9afa723c45efcfec02ae432c1642fb66  amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.2.92mdk.amd64.rpm
52842751cd00ab528d5195ee073183dd  amd64/9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm

CS2.1 x86_64

 bfde0d277eb562d59883803b3b81f2ed  x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.x86_64.rpm
29248a40d731e6379fa6f18c4ec2e41c  x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.x86_64.rpm
fbb74336950e487af490ac5748a81d8a  x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

10.0 amd64

 ab8ec33b42a021ba05aac29b26b91cb3  amd64/10.0/RPMS/lib64xpm4-3.4k-27.2.100mdk.amd64.rpm
fecd9804be4b8c16f2bcda27c041d13a  amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.2.100mdk.amd64.rpm
37b8b1901d808934e8e1084264bde60b  amd64/10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

10.1 i586

 492e768f18555e1d6096e9061c356ebd  10.1/RPMS/libxpm4-3.4k-28.1.101mdk.i586.rpm
a84d8584c9c58e08d6e01c52fc6a3de1  10.1/RPMS/libxpm4-devel-3.4k-28.1.101mdk.i586.rpm
0e2425dfa7b33b9446661cf10c2f3d2d  10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

10.0 i586

 6b3453de798acc7020f5f53f3e160673  10.0/RPMS/libxpm4-3.4k-27.2.100mdk.i586.rpm
0b26896ede6846a74aab29ff67bb4eb6  10.0/RPMS/libxpm4-devel-3.4k-27.2.100mdk.i586.rpm
37b8b1901d808934e8e1084264bde60b  10.0/SRPMS/xpm-3.4k-27.2.100mdk.src.rpm

9.2 i586

 2a7e4bacd58df0abe0b6c379c491ba19  9.2/RPMS/libxpm4-3.4k-27.2.92mdk.i586.rpm
fc1495046860e6b6a1c50db6b8584613  9.2/RPMS/libxpm4-devel-3.4k-27.2.92mdk.i586.rpm
52842751cd00ab528d5195ee073183dd  9.2/SRPMS/xpm-3.4k-27.2.92mdk.src.rpm

CS2.1 i586

 8af4abbd31cc4fd1ba232ed697664b16  corporate/2.1/RPMS/libxpm4-3.4k-21.2.C21mdk.i586.rpm
b45e47efe6bc3d1de784e72a10319b24  corporate/2.1/RPMS/libxpm4-devel-3.4k-21.2.C21mdk.i586.rpm
fbb74336950e487af490ac5748a81d8a  corporate/2.1/SRPMS/xpm-3.4k-21.2.C21mdk.src.rpm

10.1 x86_64

 956f34afe9c71f8ed439722a8edee292  x86_64/10.1/RPMS/lib64xpm4-3.4k-28.1.101mdk.x86_64.rpm
d8941408e789d6dc6b70073f1fe7b689  x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.1.101mdk.x86_64.rpm
0e2425dfa7b33b9446661cf10c2f3d2d  x86_64/10.1/SRPMS/xpm-3.4k-28.1.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914