Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 136164

Summary: CAN-2004-0914 libXpm integer overflows
Product: Red Hat Enterprise Linux 3 Reporter: Josh Bressers <bressers>
Component: XFree86Assignee: Kristian Høgsberg <krh>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: medium    
Version: 3.0CC: security-response-team, xgl-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: embargo=20041117:14,impact=important
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-20 09:38:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed patch for this issue. none

Description Josh Bressers 2004-10-18 14:31:11 UTC 
Additional integer overflows have been reported to vendor-sec by Suse.

These overflows affect the libXpm library.

This issue has no set embargo date, but it should come out of embargo
soon as the issue has been kicked around for a week or so now.

This issue also affects RHEL2.1
Comment 1 Josh Bressers 2004-10-18 14:38:18 UTC 
Created attachment 105378 [details]
Proposed patch for this issue.
Comment 3 Josh Bressers 2004-10-22 13:38:19 UTC 
Some more libXpm issues have arisen today.  I should have relevant
information updated shortly.
Comment 4 Josh Bressers 2004-10-22 15:37:40 UTC 
The current embargo date for this issue has been moved to 2004-11-03
Comment 5 Mark J. Cox 2004-11-09 09:59:23 UTC 
Embargo moved by SUSE to Nov17th 1400UTC
Comment 8 Kristian Høgsberg 2004-11-18 17:51:02 UTC 
Fixed in XFree86-4.3.0-77.EL
Comment 9 Josh Bressers 2004-11-18 18:13:23 UTC 
This bug shouldn't be closed until we release our errata.  Reopening.
Comment 10 Kristian Høgsberg 2004-11-18 19:53:57 UTC 
Errata are passed on to QA, setting to MODIFIED.

RHSA-2004:612-10:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A610

RHSA-2004:610-08:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A612
Comment 11 Mark J. Cox 2004-11-19 10:45:32 UTC 
Removing embargo
Comment 12 Mark J. Cox 2004-12-20 09:38:11 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-610.html
Comment 13 John Flanagan 2004-12-20 18:57:26 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-612.html