<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           xpm
 Advisory ID:            MDKSA-2005:080
 Date:                   April 28th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 The XPM library which is part of the XFree86/XOrg project is used         
 by several GUI applications to process XPM image files.                      
 
 An integer overflow flaw was found in libXPM, which is used by some
 applications for loading of XPM images. An attacker could create a
 malicious XPM file that would execute arbitrary code via a negative 
 bitmap_unit value if opened by a victim using an application linked 
 to the vulnerable library.
 
 Updated packages are patched to correct all these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 8f19344086b5361b30766c9085ee2ea2  10.0/RPMS/libxpm4-3.4k-27.4.100mdk.i586.rpm
 7a7b882e901bcf7b24d182ccfeb7fef2  
10.0/RPMS/libxpm4-devel-3.4k-27.4.100mdk.i586.rpm
 6a5874bad1fb6105baf8c26dca1bf7c2  10.0/SRPMS/xpm-3.4k-27.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 fce3bee71945e407d81abfdaf8f8cbdc  
amd64/10.0/RPMS/lib64xpm4-3.4k-27.4.100mdk.amd64.rpm
 22eb44cb9c8958fd3dab0d5ed9fb9418  
amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.4.100mdk.amd64.rpm
 6a5874bad1fb6105baf8c26dca1bf7c2  amd64/10.0/SRPMS/xpm-3.4k-27.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 2f0250adcad3d9845225cf4b4d9ce8ef  10.1/RPMS/libxpm4-3.4k-28.3.101mdk.i586.rpm
 e171fdf9b23986e58c1fdcac292f70d0  
10.1/RPMS/libxpm4-devel-3.4k-28.3.101mdk.i586.rpm
 603d509c51b30617f2c89a038f666872  10.1/SRPMS/xpm-3.4k-28.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 1930678575cb695ecbd5cf4efd60e9a6  
x86_64/10.1/RPMS/lib64xpm4-3.4k-28.3.101mdk.x86_64.rpm
 a92856072a02d1efd23ba5a83dcfa766  
x86_64/10.1/RPMS/lib64xpm4-devel-3.4k-28.3.101mdk.x86_64.rpm
 603d509c51b30617f2c89a038f666872  
x86_64/10.1/SRPMS/xpm-3.4k-28.3.101mdk.src.rpm

 Mandrakelinux 10.2:
 fc4e22a6f1b2441b51eb79dfc26ae74c  10.2/RPMS/libxpm4-3.4k-30.1.102mdk.i586.rpm
 db6d27e6d96a0fa7a696bac650ef78fe  
10.2/RPMS/libxpm4-devel-3.4k-30.1.102mdk.i586.rpm
 cb1212dbc9082e3a9dfd912ea35f7ed4  10.2/SRPMS/xpm-3.4k-30.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 7ba435fc44bf3904dbf42e4b784d0184  
x86_64/10.2/RPMS/lib64xpm4-3.4k-30.1.102mdk.x86_64.rpm
 bd578228b038ca5df10ad9efd70d20ce  
x86_64/10.2/RPMS/lib64xpm4-devel-3.4k-30.1.102mdk.x86_64.rpm
 cb1212dbc9082e3a9dfd912ea35f7ed4  
x86_64/10.2/SRPMS/xpm-3.4k-30.1.102mdk.src.rpm

 Corporate Server 2.1:
 2925cd9c64536b76c9eefb2e9987029b  
corporate/2.1/RPMS/libxpm4-3.4k-21.4.C21mdk.i586.rpm
 7cb0cadd2e1934f9627637416a9284ba  
corporate/2.1/RPMS/libxpm4-devel-3.4k-21.4.C21mdk.i586.rpm
 03f77ccacff7731bc38dd8a124f29f8d  
corporate/2.1/SRPMS/xpm-3.4k-21.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 037361e9e4d51661fb7acd367977c16f  
x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.4.C21mdk.x86_64.rpm
 a44a23d0525cc8b3a589082597f86e94  
x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.4.C21mdk.x86_64.rpm
 03f77ccacff7731bc38dd8a124f29f8d  
x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.4.C21mdk.src.rpm

 Corporate 3.0:
 4872d5deec449ef844e478359d82ab18  
corporate/3.0/RPMS/libxpm4-3.4k-27.4.C30mdk.i586.rpm
 ddd7569f50b68fa4cb621957f1ed56b6  
corporate/3.0/RPMS/libxpm4-devel-3.4k-27.4.C30mdk.i586.rpm
 30a7df84d2bda0065f895ec5b6de3eeb  
corporate/3.0/SRPMS/xpm-3.4k-27.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e5a369fa603516b674db9f2a6afc083b  
x86_64/corporate/3.0/RPMS/lib64xpm4-3.4k-27.4.C30mdk.x86_64.rpm
 d9f11eeef73c93d0a36b311986306126  
x86_64/corporate/3.0/RPMS/lib64xpm4-devel-3.4k-27.4.C30mdk.x86_64.rpm
 30a7df84d2bda0065f895ec5b6de3eeb  
x86_64/corporate/3.0/SRPMS/xpm-3.4k-27.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCchzFmqjQ0CJFipgRAolBAKDuydbLaxZeI7p8Chw5cb9ghp/4MwCcCZW4
B6yGqj0mCkPpEwMh3GLzAmg=
=sws4
-----END PGP SIGNATURE-----