Chris Evans has discovered a number of stack overflows and an integer overflow in the X.org libXpm library. It is unknown what all uses this library for xpm processing, so far we have verified that the gimp does use it. This issue currently has no embargo date. This issue also affects RHEL2.1
Created attachment 103176 [details] Proposed patch for this issue.
The embargo date for this issue is Sept 15.
Created attachment 103542 [details] Latest patch for this issue which fixes a few more issues.
Did a query to see potential impact on an installed system. This system is not an everything install, but gives an idea of some packages that would be affected nonetheless. $ rpm -q --whatrequires libXpm.so.4 xboard-4.2.7-1 xisdnload-3.2-5.p1 kterm-6.2.0-37 emacs-21.3-7 xawtv-3.88-6 Gtk-Perl-0.7008-35 gd-2.0.15-1 xpdf-2.03-1 gd-progs-2.0.15-1 nut-cgi-1.4.0-3 xosview-1.8.0-15 nedit-5.3-5 xfig-3.2.4-2 groff-gxditview-1.18.1-29 Xbae-4.50.2-2 xsnow-1.42-11 Xaw3d-1.5-19 ddd-3.3.7-3 gv-3.5.8-23 XFree86-libs-4.3.0-55 XFree86-4.3.0-55 XFree86-devel-4.3.0-55 gnome-libs-1.4.1.2.90-36 XFree86-tools-4.3.0-55 XFree86-xdm-4.3.0-55 gimp-1.2.5-2
Removing embargo
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-478.html
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-479.html