Bug 136164 - CAN-2004-0914 libXpm integer overflows
CAN-2004-0914 libXpm integer overflows
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: XFree86 (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Kristian Høgsberg
David Lawrence
embargo=20041117:14,impact=important
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-18 10:31 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-20 04:38:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch for this issue. (7.19 KB, patch)
2004-10-18 10:38 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Josh Bressers 2004-10-18 10:31:11 EDT
Additional integer overflows have been reported to vendor-sec by Suse.

These overflows affect the libXpm library.

This issue has no set embargo date, but it should come out of embargo
soon as the issue has been kicked around for a week or so now.

This issue also affects RHEL2.1
Comment 1 Josh Bressers 2004-10-18 10:38:18 EDT
Created attachment 105378 [details]
Proposed patch for this issue.
Comment 3 Josh Bressers 2004-10-22 09:38:19 EDT
Some more libXpm issues have arisen today.  I should have relevant
information updated shortly.
Comment 4 Josh Bressers 2004-10-22 11:37:40 EDT
The current embargo date for this issue has been moved to 2004-11-03
Comment 5 Mark J. Cox (Product Security) 2004-11-09 04:59:23 EST
Embargo moved by SUSE to Nov17th 1400UTC
Comment 8 Kristian Høgsberg 2004-11-18 12:51:02 EST
Fixed in XFree86-4.3.0-77.EL
Comment 9 Josh Bressers 2004-11-18 13:13:23 EST
This bug shouldn't be closed until we release our errata.  Reopening.
Comment 10 Kristian Høgsberg 2004-11-18 14:53:57 EST
Errata are passed on to QA, setting to MODIFIED.

RHSA-2004:612-10:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A610

RHSA-2004:610-08:
http://porkchop.devel.redhat.com/errata/erratainfo.cgi?advisory=2004%3A612
Comment 11 Mark J. Cox (Product Security) 2004-11-19 05:45:32 EST
Removing embargo
Comment 12 Mark J. Cox (Product Security) 2004-12-20 04:38:11 EST
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-610.html
Comment 13 John Flanagan 2004-12-20 13:57:26 EST
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-612.html

Note You need to log in before you can comment on or make changes to this bug.