Bug 135081 - CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914)
CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914)
Status: CLOSED DUPLICATE of bug 152803
Product: Fedora Legacy
Classification: Retired
Component: lesstif (Show other bugs)
fc2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, 2, needsbuild
: Security
Depends On:
Blocks: CVE-2004-0688 CVE-2004-0914
  Show dependency treegraph
 
Reported: 2004-10-08 11:03 EDT by Josh Bressers
Modified: 2008-01-28 11:06 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-28 02:25:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-10-08 11:03:11 EDT
Multiple integer overflows in xpmParseColors in parse.c for libXpm
before 6.8.1 allow remote attackers to execute arbitrary code via a
malformed XPM image file.

This library itself is contained in lesstif.
Comment 1 Mark J. Cox (Product Security) 2004-11-19 07:37:27 EST
Also see CAN-2004-0914 additional issues which were embargoed until Nov17
Comment 2 Matthew Miller 2005-04-11 18:20:32 EDT
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]
Comment 3 Marc Deslauriers 2005-04-20 19:05:50 EDT
This was fixed for other FL releases in bug 152803.
We need FC2 packages now.
Comment 4 Pekka Savola 2005-05-21 15:51:20 EDT
The fix was apparently committed to Fedora CVS, but was never released:
http://cvs.fedora.redhat.com/viewcvs/rpms/lesstif/FC-2/lesstif.spec?rev=1.14&view=auto
Comment 5 Michal Jaegermann 2005-06-04 02:00:54 EDT
lesstif-0.93.15-4.AS21.5.src.rpm, which is a version from
https://rhn.redhat.com/errata/RHSA-2005-473.html
has patches for CAN-2004-0687, CAN-2004-0688, CAN-2004-0914 and CAN-2005-0605.
Comment 6 Marc Deslauriers 2005-07-26 18:38:41 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages for fc2:

c0c5a26f9366488129f88bb96dde2b50403ccf63  lesstif-0.93.36-5.3.legacy.i386.rpm
d5468d178f9d2dd00b4df62345ac3c62a82a7a27  lesstif-0.93.36-5.3.legacy.src.rpm
b31a31b82e32adf6f32cc4504dfc4ed5f5d76a59  lesstif-devel-0.93.36-5.3.legacy.i386.rpm

Changelog:
* Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers@videotron.ca> 0.93.36-5.3.legacy
- - fixed possible libXpm overflows (CAN-2005-0605)
- - allow to write XPM files with absolute path names again

* Fri Nov 26 2004 Thomas Woerner <twoerner@redhat.com> 0.93.36-6.FC2.1
- - fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688 (stack overflows)
  in embedded Xpm library (#135080)
- - latest Xpm patches: CAN-2004-0914 (#135081)

http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-devel-0.93.36-5.3.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC5rtwLMAs/0C4zNoRAgB5AKCKCvi25sHR45Sz3YRM6QyYAnaQkACfV+Dz
hLYMN+U9oWViKWA7lEcf6g0=
=i5Zm
-----END PGP SIGNATURE-----
Comment 7 Pekka Savola 2005-07-27 01:48:18 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - spec file changes minimal
 - source integrity good
 - patches verified to come from FC2 CVS and RHEL21 lesstif update
 
However, I'd like to get the latter two changes made to RHL73, RHL9, and FC1
as well.  Could you respin the packages in #152803 and I'll give them a
publish? (We could then continue track this under a single PR.)
 
+PUBLISH FC2
 
d5468d178f9d2dd00b4df62345ac3c62a82a7a27  lesstif-0.93.36-5.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFC5yACGHbTkzxSL7QRAkkYAKDJmsOUtQFFmJO+wIADn5QUKLZBfgCcDK/Z
VvLodGNHVHvi/C50FQnhzk8=
=y4Bw
-----END PGP SIGNATURE-----
Comment 8 Pekka Savola 2005-07-28 02:25:24 EDT
Continuing tracking this problem at #152803, with RHL73/RHL9/FC1.

*** This bug has been marked as a duplicate of 152803 ***

Note You need to log in before you can comment on or make changes to this bug.