Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2001:073-1

Nom du paquet: xloadimage
Date: 2001-09-12
Advisory ID: MDKSA-2001:073-1
Affected versions: 8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586 , 8.0 i586

Problem description

A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images. Update: The xloadimage package uses the same code as xli and is likewise vulnerable. An update is provided for xloadimage which was only provided with Linux-Mandrake 7.2.

Updated packages

8.0 i586

 f1eff4c239eaebb0ff41f169de8ccd3e  8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm
b3aa5d5d8598e02c8bff9132dd312e06  8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm

7.2 i586

 2a4a20ba543f917b41ec8b92bda3107a  7.2/RPMS/xli-1.16-7.1mdk.i586.rpm
2f3464a4fcee7a3215de4a765e5fd328  7.2/RPMS/xloadimage-4.1-6.1mdk.i586.rpm
3cf0768d88055b81011b9d56224f3858  7.2/SRPMS/xli-1.16-7.1mdk.src.rpm
61c138ea07acbe91d5c466d70493bea2  7.2/SRPMS/xloadimage-4.1-6.1mdk.src.rpm

7.1 i586

 994bc689c7ab60fac976816abfa71a8e  7.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  7.1/SRPMS/xli-1.16-4.1mdk.src.rpm

CS1.0 i586

 994bc689c7ab60fac976816abfa71a8e  1.0.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  1.0.1/SRPMS/xli-1.16-4.1mdk.src.rpm

8.0 i586

 ae86f1d74de0a0b6fa15b699530a1c6d  ppc/8.0/RPMS/xli-1.17.0-1.1mdk.ppc.rpm
4608ff87dc4de7b0686ceb3a0a67b8dc  ppc/8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm