Nessus Plugin #15776
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200411-28] X.Org, XFree86: libXpm vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- X.Org, XFree86: libXpm vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200411-28
- Description:
- The remote host is affected by the vulnerability described in GLSA-200411-28
(X.Org, XFree86: libXpm vulnerabilities)
Several issues were discovered in libXpm, including integer
overflows, out-of-bounds memory accesses, insecure path traversal and
an endless loop.
Impact
An attacker could craft a malicious pixmap file and entice a user
to use it with an application linked against libXpm. This could lead to
Denial of Service or arbitrary code execution.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
Solution:
All X.Org users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.7.0-r3"
All XFree86 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xfree-x11-4.3.0-r8"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.