GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Mon Feb 07, 2005 8:25 am Post subject: [ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libX |
|
|
Gentoo Linux Security Advisory
Title: LessTif: Multiple vulnerabilities in libXpm (GLSA 200502-06)
Severity: normal
Exploitable: remote
Date: February 06, 2005
Bug(s): #78483
ID: 200502-06
Synopsis
Multiple vulnerabilities have been discovered in libXpm, which is included
in LessTif, that can potentially lead to remote code execution.
Background
LessTif is a clone of OSF/Motif, which is a standard user
interface toolkit available on Unix and Linux.
Affected Packages
Package: x11-libs/lesstif
Vulnerable: < 0.94.0
Unaffected: >= 0.94.0
Architectures: All supported architectures
Description
Multiple vulnerabilities, including buffer overflows, out of
bounds memory access and directory traversals, have been discovered in
libXpm, which is shipped as a part of the X Window System. LessTif, an
application that includes libXpm, suffers from the same issues.
Impact
A carefully-crafted XPM file could crash applications making use
of the LessTif toolkit, potentially allowing the execution of arbitrary
code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All LessTif users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0" |
References
CAN-2004-0914
LessTif Release Notes
Last edited by GLSA on Mon Jun 02, 2014 4:18 am; edited 3 times in total |
|