GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Fri Mar 04, 2005 3:41 pm Post subject: [ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer ove |
|
|
Gentoo Linux Security Advisory
Title: OpenMotif, LessTif: New libXpm buffer overflows (GLSA 200503-08)
Severity: normal
Exploitable: remote
Date: March 04, 2005
Bug(s): #83655, #83656
ID: 200503-08
Synopsis
A new vulnerability has been discovered in libXpm, which is included in OpenMotif and LessTif, that can potentially lead to remote code execution.
Background
LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux. OpenMotif also provides a free version of the Motif toolkit for open source applications.
Affected Packages
Package: x11-libs/openmotif
Vulnerable: < 2.2.3-r3
Unaffected: >= 2.2.3-r3
Unaffected: >= 2.1.30-r9 < 2.1.31
Architectures: All supported architectures
Package: x11-libs/lesstif
Vulnerable: < 0.94.0-r2
Unaffected: >= 0.94.0-r2
Architectures: All supported architectures
Description
Chris Gilbert discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm security advisories.
Impact
A carefully-crafted XPM file could crash applications making use of the OpenMotif or LessTif toolkits, potentially allowing the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All OpenMotif users should upgrade to an unaffected version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose x11-libs/openmotif | All LessTif users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0-r2" |
References
CAN-2005-0605
Last edited by GLSA on Sun Nov 09, 2008 4:17 am; edited 5 times in total |
|