[Full-Disclosure] MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 11/04/04

  • Next message: Rodrigo Barbosa: "Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)"
    To: full-disclosure@lists.netsys.com
    Date: 4 Nov 2004 21:25:34 -0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                     Mandrakelinux Security Update Advisory
     _______________________________________________________________________

     Package name: xorg-x11
     Advisory ID: MDKSA-2004:124
     Date: November 4th, 2004

     Affected versions: 10.1
     ______________________________________________________________________

     Problem Description:

     Chris Evans found several stack and integer overflows in the libXpm code
     of X.Org/XFree86:
     
     Stack overflows (CAN-2004-0687):
     
     Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code
     leads to a stack based overflow (parse.c).
     
     Stack overflow reading pixel values in ParseAndPutPixels (create.c) as
     well as ParsePixels (parse.c).
     
     Integer Overflows (CAN-2004-0688):
     
     Integer overflow allocating colorTable in xpmParseColors (parse.c) -
     probably a crashable but not exploitable offence.
     
     Additionally, the xorg-x11 packages have been patched with a backport from
     cvs to resolve a failure running the lsb-test-vsw4 test suite, which will
     soon be required for LSB2.0 compliance.
     
     The updated packages have patches from Chris Evans and Matthieu Herrb
     to address these vulnerabilities.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.1:
     2b93b8d548197a3e010e9fbc2ea71149 10.1/RPMS/libxorg-x11-6.7.0-4.1.101mdk.i586.rpm
     1bc9665c6452c49fa46042c0caea4173 10.1/RPMS/libxorg-x11-devel-6.7.0-4.1.101mdk.i586.rpm
     d4205cb6049e1c9a17e4adde46cd0b1e 10.1/RPMS/libxorg-x11-static-devel-6.7.0-4.1.101mdk.i586.rpm
     cdd0a0208665969678a582ff0510fb30 10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.1.101mdk.i586.rpm
     3ed132c742ae85b758bca6ae8946697f 10.1/RPMS/xorg-x11-6.7.0-4.1.101mdk.i586.rpm
     8e0d431d39cd23c7a7170ac85d942085 10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.1.101mdk.i586.rpm
     9e4de7087526cfab9064338f68b414c2 10.1/RPMS/xorg-x11-Xnest-6.7.0-4.1.101mdk.i586.rpm
     16f55b7a396c448330a6da14267bc36d 10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.1.101mdk.i586.rpm
     c2cadaa5f12809921e0fcef07f23a09c 10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.1.101mdk.i586.rpm
     5413e8cf30c44fc0b3f19edddfbf36cc 10.1/RPMS/xorg-x11-doc-6.7.0-4.1.101mdk.i586.rpm
     a48ea891496e7dd9e90b75b8533bf644 10.1/RPMS/xorg-x11-glide-module-6.7.0-4.1.101mdk.i586.rpm
     2e856c46d93eb4a8c61cc113848b9f13 10.1/RPMS/xorg-x11-server-6.7.0-4.1.101mdk.i586.rpm
     16377a6df0cbd7b70bf8425a92be4fb5 10.1/RPMS/xorg-x11-xfs-6.7.0-4.1.101mdk.i586.rpm
     b830086d5c85c3297b90e2319fe4d663 10.1/SRPMS/xorg-x11-6.7.0-4.1.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     91bdf41a37091ef6c5db0f8f983373ca x86_64/10.1/RPMS/lib64xorg-x11-6.7.0-4.1.101mdk.x86_64.rpm
     ce79ba874bbf696d3652cc59379e4751 x86_64/10.1/RPMS/lib64xorg-x11-devel-6.7.0-4.1.101mdk.x86_64.rpm
     df055cecac43947a1c87f894d27aedf7 x86_64/10.1/RPMS/lib64xorg-x11-static-devel-6.7.0-4.1.101mdk.x86_64.rpm
     fab3bb69bd7b40d4f6af1107d9b613af x86_64/10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.1.101mdk.x86_64.rpm
     7926b68ab6a146d2ac07bad0c03b9be5 x86_64/10.1/RPMS/xorg-x11-6.7.0-4.1.101mdk.x86_64.rpm
     1d1661463b9085ebf16880e46378498e x86_64/10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.1.101mdk.x86_64.rpm
     c358625db3dbd9b19b1e6d074e64b4e4 x86_64/10.1/RPMS/xorg-x11-Xnest-6.7.0-4.1.101mdk.x86_64.rpm
     15c2eb87dde073bb0f367c1c45e3dd6d x86_64/10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.1.101mdk.x86_64.rpm
     1a598408d5bfacabdf1683d0ea0fcef9 x86_64/10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.1.101mdk.x86_64.rpm
     1a0706ff7c8fcb28c8b168acd5582118 x86_64/10.1/RPMS/xorg-x11-doc-6.7.0-4.1.101mdk.x86_64.rpm
     264081cd33c2da5c039c06389af32fbf x86_64/10.1/RPMS/xorg-x11-server-6.7.0-4.1.101mdk.x86_64.rpm
     b383016c7b278de82bcb4471b6132d58 x86_64/10.1/RPMS/xorg-x11-xfs-6.7.0-4.1.101mdk.x86_64.rpm
     b830086d5c85c3297b90e2319fe4d663 x86_64/10.1/SRPMS/xorg-x11-6.7.0-4.1.101mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandrakesoft for security. You can obtain
     the GPG public key of the Mandrakelinux Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandrakelinux at:

      http://www.mandrakesoft.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFBip5OmqjQ0CJFipgRAooCAJ45YPz22l3dVzmFcp8aTsgcuS2d7wCeO+cj
    DgxxGK1Ooly8NiZ1134ye1E=
    =/XdX
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Rodrigo Barbosa: "Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)"

    Relevant Pages