Multiple integer overflows in xpmParseColors in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. This library itself is contained in lesstif.
Also see CAN-2004-0914 additional issues which were embargoed until Nov17
[Bulk move of FC2 bugs to Fedora Legacy. See <http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]
This was fixed for other FL releases in bug 152803. We need FC2 packages now.
The fix was apparently committed to Fedora CVS, but was never released: http://cvs.fedora.redhat.com/viewcvs/rpms/lesstif/FC-2/lesstif.spec?rev=1.14&view=auto
lesstif-0.93.15-4.AS21.5.src.rpm, which is a version from https://rhn.redhat.com/errata/RHSA-2005-473.html has patches for CAN-2004-0687, CAN-2004-0688, CAN-2004-0914 and CAN-2005-0605.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages for fc2: c0c5a26f9366488129f88bb96dde2b50403ccf63 lesstif-0.93.36-5.3.legacy.i386.rpm d5468d178f9d2dd00b4df62345ac3c62a82a7a27 lesstif-0.93.36-5.3.legacy.src.rpm b31a31b82e32adf6f32cc4504dfc4ed5f5d76a59 lesstif-devel-0.93.36-5.3.legacy.i386.rpm Changelog: * Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers> 0.93.36-5.3.legacy - - fixed possible libXpm overflows (CAN-2005-0605) - - allow to write XPM files with absolute path names again * Fri Nov 26 2004 Thomas Woerner <twoerner> 0.93.36-6.FC2.1 - - fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688 (stack overflows) in embedded Xpm library (#135080) - - latest Xpm patches: CAN-2004-0914 (#135081) http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-devel-0.93.36-5.3.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5rtwLMAs/0C4zNoRAgB5AKCKCvi25sHR45Sz3YRM6QyYAnaQkACfV+Dz hLYMN+U9oWViKWA7lEcf6g0= =i5Zm -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - spec file changes minimal - source integrity good - patches verified to come from FC2 CVS and RHEL21 lesstif update However, I'd like to get the latter two changes made to RHL73, RHL9, and FC1 as well. Could you respin the packages in #152803 and I'll give them a publish? (We could then continue track this under a single PR.) +PUBLISH FC2 d5468d178f9d2dd00b4df62345ac3c62a82a7a27 lesstif-0.93.36-5.3.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC5yACGHbTkzxSL7QRAkkYAKDJmsOUtQFFmJO+wIADn5QUKLZBfgCcDK/Z VvLodGNHVHvi/C50FQnhzk8= =y4Bw -----END PGP SIGNATURE-----
Continuing tracking this problem at #152803, with RHL73/RHL9/FC1. *** This bug has been marked as a duplicate of 152803 ***