|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-28] X.Org, XFree86: libXpm vulnerabilities Vulnerability Scan
Vulnerability Scan Summary X.Org, XFree86: libXpm vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-28
(X.Org, XFree86: libXpm vulnerabilities)
Several issues were discovered in libXpm, including integer
overflows, out-of-bounds memory accesses, insecure path traversal and
an endless loop.
Impact
A possible hacker could craft a malicious pixmap file and entice a user
to use it with an application linked against libXpm. This could lead to
Denial of Service or arbitrary code execution.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0914
Solution:
All X.Org users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.7.0-r3"
All XFree86 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xfree-x11-4.3.0-r8"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|