Bug#298939: libxpm4: new buffer overflow security hole (CAN-2005-0605)
Package: libxpm4
Version: 4.3.0.dfsg.1-12
Severity: grave
Tags: security, upstream, fixed-upstream, patch
CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to
execute arbitrary code via a negative bitmap_unit value that leads to a
buffer overflow."
Patch is here:
https://bugs.freedesktop.org/attachment.cgi?id=1909
Description is here:
https://bugs.freedesktop.org/show_bug.cgi?id=1920
Gentoo issued an advisory about this on 4 March.
Ubuntu issued an advisory about this on 7 March.
I learned about this from Linux Weekly News.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libxpm4 depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
-- no debconf information
Reply to: