[CLA-2002:548] Conectiva Linux Security Announcement - windowmaker

From: secure@conectiva.com.br
Date: 11/18/02

Next message: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"

Previous message: 3APA3A: "LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 18 Nov 2002 12:10:49 -0200
To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com
From: secure@conectiva.com.br

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : windowmaker
SUMMARY : Integer buffer overflow vulnerability
DATE : 2002-11-18 12:10:00
ID : CLA-2002:548
RELEVANT
RELEASES : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
Window Maker[1] is a very popular window manager.

Al Viro reported a vulnerability[2] in a function that is used when
Window Maker loads images. This function is used, for example, when a
new background image is configured, and when previewing themes.

This function calculates the ammount of memory necessary to load the
image by doing a multiplication. It does not, however, check the
result of this multiplication, which could suffer an integer overflow
and not fit into the destination variable. Given a sufficiently large
height and/or width parameter, a less than needed ammount of memory
would be allocated, which would result in a buffer overflow later on
when the image is actually loaded.

A possible scenario for this vulnerability could be that of an
attacker making a specially crafted image available and convincing an
unsuspecting user to set it as a background image.

SOLUTION
It is recommended that all Window Maker users upgrade their
packages.

IMPORTANT: if Window Maker is in use during the update, it will have
to be restarted manually. This can be done via the "Exit -> Restart"
menu.

REFERENCES
1. http://www.windowmaker.org/
2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277

ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE92PTo42jd0JmAcZARAuaiAJ9fFjBSaM+nIbyEETz0owqzgv1jOQCgoO/M
JMwiprOgrWPFCrAODLMuUOA=
=vtFt
-----END PGP SIGNATURE-----

Next message: Florian Weimer: "Re: GNU GCC: Optimizer Removes Code Necessary for Security"
Previous message: 3APA3A: "LOM: Multiple vulnerabilities in Macromedia Flash ActiveX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[CLA-2003:664] Conectiva Security Announcement - radiusd-cistron
... SUMMARY: Buffer overflow vulnerability ... The apt tool can be used to perform RPM packages upgrades: ... Detailed instructions reagarding the use of apt and upgrade examples ...
(Bugtraq)
[CLA-2003:711] Conectiva Security Announcement - mnogosearch
... This update addresses two vulnerabilities in mnoGoSearch which affect ... Buffer overflow in the "ul" variable ... It is recommended that all mnoGoSearch users upgrade their packages. ... Detailed instructions reagarding the use of apt and upgrade examples ...
(Bugtraq)
[CLA-2001:411] Conectiva Linux Security Announcement - windowmaker
... Window Maker is a popular window manager. ... It is recommended that all Window Maker users upgrade their packages. ... Detailed instructions reagarding the use of apt and upgrade examples ...
(Bugtraq)
Re: [PATCH] ncurses based config V2
... Fixed segfaults in help window. ... Removed the instructions window, made the instructions appear as a button ... Added hot keys support. ... ESC prefix, I don't know). ...
(Linux-Kernel)
Re: [kde-linux] Window Borders Have Dissapeared
... the Control Center to modify any of the window properties or set up more ... of the packages I installed has caused this, but I don't know which one. ... undefined symbol in the program; ... libraries that's been upgraded by installing other packages. ...
(KDE)