SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libXpm Vendors:   X.org
(Fedora Issues Fix for FC3) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012273
SecurityTracker URL:  http://securitytracker.com/id/1012273
CVE Reference:   CVE-2004-0914   (Links to External Site)
Date:  Nov 19 2004
Impact:   Denial of service via local system, Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): R6.8.1 and prior versions
Description:   Several vulnerabilities were reported in libXpm. A user can create a specially crafted image file that, when processed by libXpm, may cause the application to crash or execute arbitrary code.

The vendor reported that the code contains multipel integer overflows, memory access errors, input validation errors, and logic errors. A remote user may be able to execute shell commands, traverse the directory, and cause denial of service conditions.

Petr Mladek and Thomas Biege are credited with reporting these flaws.

Impact:   A user can create an image file that, when processed by the target application, will cause denial of service conditions or execute arbitrary code on the target system. the specific impact depends on the application that uses libXpm.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

71b25b43914ce57fca3cf5cdeb5f4f41 SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
6aebd3219118e744794665f5eff3ecd2 x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
5a695bc10a9167502570ae0dc4fc5c19 x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
a1cec1ac8cfb276c71ae4c87bb4f891d x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
f44084a0ce34af29a162cecadde5cba9 x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
e70b09d3e33c4782c7c6241d9c7cd445 x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
c410106110a81f3665e9b0ca060dc24d x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
053b59cb6a6f2dce1424c84ddea78c0f x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
8da9e968a1993d3091d4bbfb4c793c0a x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
4f326bf4814a85afbd3f6c93f5599c47 x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
d6dd049341a9d9c09031b57ae2b83887 x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
7229874bfacec9b804df5db4e14aa711 x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
5fbdf7b07a6517bbb99057e7e960e334 x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
9194c4a3cd4b3e052f11cdb441325f38 x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
9bc31cf7a229e2e074d998e5072ae763 x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
dc3203c98c0829b8e9b3d381bff3a28c x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
d2bdbe25a12b5173ddabb9f29ddc6600 x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
66e1e56304ccfcb27a3989b7faeaf13f x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
89701b20f1fdcaec45ba41009d056b52 x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
2192559acdec3429cf5a31fc40316578 x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
0bbd5b40004a228aa7b29f8d211e3750 x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
ea8fcb15fa916a314b8f1d643c446e94 x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
9c0114a8d449a607b269a6d09ad7a5ca x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
5a1bbaa66be29cac32926ee573b68a10 x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
6b8c236f903301c6479fd5243a49b3a5 i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
2192559acdec3429cf5a31fc40316578 i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
c05d6ed2c8a37b5af5c17580b48a1444 i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
14ac9f373f85023bf74a33585efef17b i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
fa84d29bf5009dc90bb4e885f51e175a i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
6b57c514f7b9848c2bfcbf9f749e6893 i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
4a7fa3c2e2bd50c6e5968db10c5beb16 i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
0bbd5b40004a228aa7b29f8d211e3750 i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
ea8fcb15fa916a314b8f1d643c446e94 i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
4076036309fd32a3aebb4b21027193d4 i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
b28cea82051f5fdbbc57da3547bc8126 i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm
789f00f3c95e977afafd216dd5e3633d i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
7b17873d150da89e8c32fa7bcc28d269 i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
5bcbe76f554ce02340df0608ed0f794a i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
9c0114a8d449a607b269a6d09ad7a5ca i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
5a1bbaa66be29cac32926ee573b68a10 i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
fc336ff5b7e75fc8dd907b94955112de i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm
2f4161097f649928190d01ff30e3fa6e i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm

Vendor URL:  x.org/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Nov 17 2004 libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: xorg-x11-6.8.1-12.FC3.1


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-434
2004-11-17
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : xorg-x11
Version     : 6.8.1
Release     : 12.FC3.1
Summary     : The basic fonts, programs and docs for an X workstation.
Description :
X.org X11 is an open source implementation of the X Window System.  It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.

---------------------------------------------------------------------
Update Information:

Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XPM file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain
backported security patches as well as other bug fixes.
---------------------------------------------------------------------

- Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
   number of Xpm issues found by Thomas Biege <thomas@suse.de>
   (#136169)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

71b25b43914ce57fca3cf5cdeb5f4f41  SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
6aebd3219118e744794665f5eff3ecd2  x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
5a695bc10a9167502570ae0dc4fc5c19  x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
a1cec1ac8cfb276c71ae4c87bb4f891d  x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
f44084a0ce34af29a162cecadde5cba9  x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
e70b09d3e33c4782c7c6241d9c7cd445  x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
c410106110a81f3665e9b0ca060dc24d  x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
053b59cb6a6f2dce1424c84ddea78c0f  x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
8da9e968a1993d3091d4bbfb4c793c0a  x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
4f326bf4814a85afbd3f6c93f5599c47  x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
d6dd049341a9d9c09031b57ae2b83887  x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
7229874bfacec9b804df5db4e14aa711  x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
5fbdf7b07a6517bbb99057e7e960e334  x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
9194c4a3cd4b3e052f11cdb441325f38  x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
9bc31cf7a229e2e074d998e5072ae763  x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
dc3203c98c0829b8e9b3d381bff3a28c  x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
d2bdbe25a12b5173ddabb9f29ddc6600  x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
66e1e56304ccfcb27a3989b7faeaf13f  x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
89701b20f1fdcaec45ba41009d056b52  x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
2192559acdec3429cf5a31fc40316578  x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
0bbd5b40004a228aa7b29f8d211e3750  x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
ea8fcb15fa916a314b8f1d643c446e94  x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
9c0114a8d449a607b269a6d09ad7a5ca  x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
5a1bbaa66be29cac32926ee573b68a10  x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
6b8c236f903301c6479fd5243a49b3a5  i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
2192559acdec3429cf5a31fc40316578  i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
c05d6ed2c8a37b5af5c17580b48a1444  i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
14ac9f373f85023bf74a33585efef17b  i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
fa84d29bf5009dc90bb4e885f51e175a  i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
6b57c514f7b9848c2bfcbf9f749e6893  i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
4a7fa3c2e2bd50c6e5968db10c5beb16  i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
0bbd5b40004a228aa7b29f8d211e3750  i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
ea8fcb15fa916a314b8f1d643c446e94  i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
4076036309fd32a3aebb4b21027193d4  i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
b28cea82051f5fdbbc57da3547bc8126  i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm
789f00f3c95e977afafd216dd5e3633d  i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
7b17873d150da89e8c32fa7bcc28d269  i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
5bcbe76f554ce02340df0608ed0f794a  i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
9c0114a8d449a607b269a6d09ad7a5ca  i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
5a1bbaa66be29cac32926ee573b68a10  i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
fc336ff5b7e75fc8dd907b94955112de  i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm
2f4161097f649928190d01ff30e3fa6e  i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC