Package name
xli
Date
2005-04-20
Advisory ID
MDKSA-2005:076
Affected versions
10.2 x86_64 , CS2.1 x86_64 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CAN-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CAN-2005-0639). The updated packages have been patched to correct these problems.

Updated packages

10.2 x86_64

 b49c19725cbc2850ead82731758fe8d8  x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b  x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

CS2.1 x86_64

 8b4a39d741f4eb8fde469411359cad5b  x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1  x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

10.2 i586

 5e5bbac4a40ffc0f7156e671eb920ea0  10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b  10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

10.1 i586

 f5ad03e5bb1c8b93fc1ebca1d7e2e111  10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205  10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

CS3.0 x86_64

 ac33b6d6d9475104bb25c2bde9dfe0c7  x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824  x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm

CS3.0 i586

 fdbf0745aeb6733d6894afa089ac7dd2  corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824  corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm

CS2.1 i586

 c89d695075c7117381d50301745bc82e  corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1  corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

10.1 x86_64

 e798f226cabe865cd3b0a8f3f9292b6d  x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205  x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

References