blob: 7a6d0cd243006640f8b70d058abd7de03319e189 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200503-15">
<title> libXpm vulnerability</title>
A new vulnerability has been discovered in libXpm, which is included in, that can potentially lead to remote code execution.
<product type="ebuild"></product>
<announced>March 12, 2005</announced>
<revised>March 12, 2005: 02</revised>
<package name="x11-base/xorg-x11" auto="yes" arch="*">
<unaffected range="rge">6.8.0-r5</unaffected>
<unaffected range="ge">6.8.2-r1</unaffected>
<vulnerable range="lt">6.8.2-r1</vulnerable>
libXpm is a pixmap manipulation library for the X Window System,
included in
Chris Gilbert has discovered potentially exploitable buffer overflow
cases in libXpm that weren't fixed in previous libXpm versions.
<impact type="normal">
A carefully-crafted XPM file could crash, potentially allowing
the execution of arbitrary code with the privileges of the user running
the application.
There is no known workaround at this time.
All users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose x11-base/xorg-x11</code>
<uri link="">CAN-2005-0605</uri>
<uri link="">Freedesktop bug</uri>
<metadata tag="requester" timestamp="Sun, 6 Mar 2005 13:19:18 +0000">
<metadata tag="submitter" timestamp="Mon, 7 Mar 2005 11:11:00 +0000">
<metadata tag="bugReady" timestamp="Fri, 11 Mar 2005 13:22:24 +0000">