Bug 135081 - CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914)
Summary: CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914)
Keywords:
Status: CLOSED DUPLICATE of bug 152803
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: lesstif
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, 2, needsbuild
Depends On:
Blocks: CVE-2004-0688 CVE-2004-0914
TreeView+ depends on / blocked
 
Reported: 2004-10-08 15:03 UTC by Josh Bressers
Modified: 2008-01-28 16:06 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-07-28 06:25:24 UTC
Embargoed:


Attachments (Terms of Use)

Description Josh Bressers 2004-10-08 15:03:11 UTC
Multiple integer overflows in xpmParseColors in parse.c for libXpm
before 6.8.1 allow remote attackers to execute arbitrary code via a
malformed XPM image file.

This library itself is contained in lesstif.

Comment 1 Mark J. Cox 2004-11-19 12:37:27 UTC
Also see CAN-2004-0914 additional issues which were embargoed until Nov17

Comment 2 Matthew Miller 2005-04-11 22:20:32 UTC
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]

Comment 3 Marc Deslauriers 2005-04-20 23:05:50 UTC
This was fixed for other FL releases in bug 152803.
We need FC2 packages now.

Comment 4 Pekka Savola 2005-05-21 19:51:20 UTC
The fix was apparently committed to Fedora CVS, but was never released:
http://cvs.fedora.redhat.com/viewcvs/rpms/lesstif/FC-2/lesstif.spec?rev=1.14&view=auto

Comment 5 Michal Jaegermann 2005-06-04 06:00:54 UTC
lesstif-0.93.15-4.AS21.5.src.rpm, which is a version from
https://rhn.redhat.com/errata/RHSA-2005-473.html
has patches for CAN-2004-0687, CAN-2004-0688, CAN-2004-0914 and CAN-2005-0605.

Comment 6 Marc Deslauriers 2005-07-26 22:38:41 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages for fc2:

c0c5a26f9366488129f88bb96dde2b50403ccf63  lesstif-0.93.36-5.3.legacy.i386.rpm
d5468d178f9d2dd00b4df62345ac3c62a82a7a27  lesstif-0.93.36-5.3.legacy.src.rpm
b31a31b82e32adf6f32cc4504dfc4ed5f5d76a59  lesstif-devel-0.93.36-5.3.legacy.i386.rpm

Changelog:
* Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers> 0.93.36-5.3.legacy
- - fixed possible libXpm overflows (CAN-2005-0605)
- - allow to write XPM files with absolute path names again

* Fri Nov 26 2004 Thomas Woerner <twoerner> 0.93.36-6.FC2.1
- - fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688 (stack overflows)
  in embedded Xpm library (#135080)
- - latest Xpm patches: CAN-2004-0914 (#135081)

http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-0.93.36-5.3.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/lesstif-devel-0.93.36-5.3.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC5rtwLMAs/0C4zNoRAgB5AKCKCvi25sHR45Sz3YRM6QyYAnaQkACfV+Dz
hLYMN+U9oWViKWA7lEcf6g0=
=i5Zm
-----END PGP SIGNATURE-----


Comment 7 Pekka Savola 2005-07-27 05:48:18 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - spec file changes minimal
 - source integrity good
 - patches verified to come from FC2 CVS and RHEL21 lesstif update
 
However, I'd like to get the latter two changes made to RHL73, RHL9, and FC1
as well.  Could you respin the packages in #152803 and I'll give them a
publish? (We could then continue track this under a single PR.)
 
+PUBLISH FC2
 
d5468d178f9d2dd00b4df62345ac3c62a82a7a27  lesstif-0.93.36-5.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFC5yACGHbTkzxSL7QRAkkYAKDJmsOUtQFFmJO+wIADn5QUKLZBfgCcDK/Z
VvLodGNHVHvi/C50FQnhzk8=
=y4Bw
-----END PGP SIGNATURE-----


Comment 8 Pekka Savola 2005-07-28 06:25:24 UTC
Continuing tracking this problem at #152803, with RHL73/RHL9/FC1.

*** This bug has been marked as a duplicate of 152803 ***


Note You need to log in before you can comment on or make changes to this bug.