Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-537: openmotif Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the openmotif packages
Detailed Explanation for this Vulnerability Test
Updated openmotif packages that fix flaws in the Xpm image library are now
OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.
During a source code audit, Chris Evans and others discovered several stack
overflow flaws and an integer overflow flaw in the libXpm library used to
decode XPM (X PixMap) images. A vulnerable version of this library was
found within OpenMotif. A possible hacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names
CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues.
Users of OpenMotif are advised to upgrade to these erratum packages, which
contain backported security patches to the embedded libXpm library.
Solution : http://rhn.redhat.com/errata/RHSA-2004-537.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.