|
|
| Problem Description |
The XPM library which is part of the XFree86/XOrg project is used
by several GUI applications to process XPM image files.
An integer overflow flaw was found in libXPM, which is used by some
applications for loading of XPM images. An attacker could create a
malicious XPM file that would execute arbitrary code via a negative
bitmap_unit value if opened by a victim using an application linked
to the vulnerable library.
Updated packages are patched to correct all these issues.
| Updated Packages |
Mandrakelinux 10.0
8f19344086b5361b30766c9085ee2ea2 10.0/RPMS/libxpm4-3.4k-27.4.100mdk.i586.rpm 7a7b882e901bcf7b24d182ccfeb7fef2 10.0/RPMS/libxpm4-devel-3.4k-27.4.100mdk.i586.rpm 6a5874bad1fb6105baf8c26dca1bf7c2 10.0/SRPMS/xpm-3.4k-27.4.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
fce3bee71945e407d81abfdaf8f8cbdc amd64/10.0/RPMS/lib64xpm4-3.4k-27.4.100mdk.amd64.rpm 22eb44cb9c8958fd3dab0d5ed9fb9418 amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.4.100mdk.amd64.rpm 8f19344086b5361b30766c9085ee2ea2 amd64/10.0/RPMS/libxpm4-3.4k-27.4.100mdk.i586.rpm 6a5874bad1fb6105baf8c26dca1bf7c2 amd64/10.0/SRPMS/xpm-3.4k-27.4.100mdk.src.rpm
Mandrakelinux 10.1
2f0250adcad3d9845225cf4b4d9ce8ef 10.1/RPMS/libxpm4-3.4k-28.3.101mdk.i586.rpm e171fdf9b23986e58c1fdcac292f70d0 10.1/RPMS/libxpm4-devel-3.4k-28.3.101mdk.i586.rpm 603d509c51b30617f2c89a038f666872 10.1/SRPMS/xpm-3.4k-28.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
1930678575cb695ecbd5cf4efd60e9a6 x86_64/10.1/RPMS/lib64xpm4-3.4k-28.3.101mdk.x86_64.rpm a92856072a02d1efd23ba5a83dcfa766 x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.3.101mdk.x86_64.rpm 2f0250adcad3d9845225cf4b4d9ce8ef x86_64/10.1/RPMS/libxpm4-3.4k-28.3.101mdk.i586.rpm e171fdf9b23986e58c1fdcac292f70d0 x86_64/10.1/RPMS/libxpm4-devel-3.4k-28.3.101mdk.i586.rpm 603d509c51b30617f2c89a038f666872 x86_64/10.1/SRPMS/xpm-3.4k-28.3.101mdk.src.rpm
Corporate Server 2.1
2925cd9c64536b76c9eefb2e9987029b corporate/2.1/RPMS/libxpm4-3.4k-21.4.C21mdk.i586.rpm 7cb0cadd2e1934f9627637416a9284ba corporate/2.1/RPMS/libxpm4-devel-3.4k-21.4.C21mdk.i586.rpm 03f77ccacff7731bc38dd8a124f29f8d corporate/2.1/SRPMS/xpm-3.4k-21.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64
037361e9e4d51661fb7acd367977c16f x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.4.C21mdk.x86_64.rpm a44a23d0525cc8b3a589082597f86e94 x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.4.C21mdk.x86_64.rpm 03f77ccacff7731bc38dd8a124f29f8d x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.4.C21mdk.src.rpm
Corporate Server 3.0
4872d5deec449ef844e478359d82ab18 corporate/3.0/RPMS/libxpm4-3.4k-27.4.C30mdk.i586.rpm ddd7569f50b68fa4cb621957f1ed56b6 corporate/3.0/RPMS/libxpm4-devel-3.4k-27.4.C30mdk.i586.rpm 30a7df84d2bda0065f895ec5b6de3eeb corporate/3.0/SRPMS/xpm-3.4k-27.4.C30mdk.src.rpm
Corporate Server 3.0/X86_64
e5a369fa603516b674db9f2a6afc083b x86_64/corporate/3.0/RPMS/lib64xpm4-3.4k-27.4.C30mdk.x86_64.rpm d9f11eeef73c93d0a36b311986306126 x86_64/corporate/3.0/RPMS/lib64xpm4-devel-3.4k-27.4.C30mdk.x86_64.rpm 4872d5deec449ef844e478359d82ab18 x86_64/corporate/3.0/RPMS/libxpm4-3.4k-27.4.C30mdk.i586.rpm 30a7df84d2bda0065f895ec5b6de3eeb x86_64/corporate/3.0/SRPMS/xpm-3.4k-27.4.C30mdk.src.rpm
Mandriva Linux LE2005
fc4e22a6f1b2441b51eb79dfc26ae74c 10.2/RPMS/libxpm4-3.4k-30.1.102mdk.i586.rpm db6d27e6d96a0fa7a696bac650ef78fe 10.2/RPMS/libxpm4-devel-3.4k-30.1.102mdk.i586.rpm cb1212dbc9082e3a9dfd912ea35f7ed4 10.2/SRPMS/xpm-3.4k-30.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
7ba435fc44bf3904dbf42e4b784d0184 x86_64/10.2/RPMS/lib64xpm4-3.4k-30.1.102mdk.x86_64.rpm bd578228b038ca5df10ad9efd70d20ce x86_64/10.2/RPMS/lib64xpm4-devel-3.4k-30.1.102mdk.x86_64.rpm fc4e22a6f1b2441b51eb79dfc26ae74c x86_64/10.2/RPMS/libxpm4-3.4k-30.1.102mdk.i586.rpm db6d27e6d96a0fa7a696bac650ef78fe x86_64/10.2/RPMS/libxpm4-devel-3.4k-30.1.102mdk.i586.rpm cb1212dbc9082e3a9dfd912ea35f7ed4 x86_64/10.2/SRPMS/xpm-3.4k-30.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.