Bug 136164 - CAN-2004-0914 libXpm integer overflows
Summary: CAN-2004-0914 libXpm integer overflows
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: XFree86   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Kristian Høgsberg
QA Contact: David Lawrence
URL:
Whiteboard: embargo=20041117:14,impact=important
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-18 14:31 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-20 09:38:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch for this issue. (7.19 KB, patch)
2004-10-18 14:38 UTC, Josh Bressers
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:610 high SHIPPED_LIVE Moderate: XFree86 security update 2004-12-20 05:00:00 UTC
Red Hat Product Errata RHSA-2004:612 high SHIPPED_LIVE Moderate: XFree86 security update 2004-12-20 05:00:00 UTC

Description Josh Bressers 2004-10-18 14:31:11 UTC
Additional integer overflows have been reported to vendor-sec by Suse.

These overflows affect the libXpm library.

This issue has no set embargo date, but it should come out of embargo
soon as the issue has been kicked around for a week or so now.

This issue also affects RHEL2.1

Comment 1 Josh Bressers 2004-10-18 14:38:18 UTC
Created attachment 105378 [details]
Proposed patch for this issue.

Comment 3 Josh Bressers 2004-10-22 13:38:19 UTC
Some more libXpm issues have arisen today.  I should have relevant
information updated shortly.

Comment 4 Josh Bressers 2004-10-22 15:37:40 UTC
The current embargo date for this issue has been moved to 2004-11-03

Comment 5 Mark J. Cox 2004-11-09 09:59:23 UTC
Embargo moved by SUSE to Nov17th 1400UTC

Comment 8 Kristian Høgsberg 2004-11-18 17:51:02 UTC
Fixed in XFree86-4.3.0-77.EL

Comment 9 Josh Bressers 2004-11-18 18:13:23 UTC
This bug shouldn't be closed until we release our errata.  Reopening.

Comment 10 Kristian Høgsberg 2004-11-18 19:53:57 UTC
Errata are passed on to QA, setting to MODIFIED.

RHSA-2004:612-10:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A610

RHSA-2004:610-08:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A612

Comment 11 Mark J. Cox 2004-11-19 10:45:32 UTC
Removing embargo

Comment 12 Mark J. Cox 2004-12-20 09:38:11 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-610.html


Comment 13 John Flanagan 2004-12-20 18:57:26 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-612.html



Note You need to log in before you can comment on or make changes to this bug.