News

=========================================================== Ubuntu Security Notice USN-97-1 March 16, 2005 xfree86 vulnerability CAN-2005-0605 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libxpm4 libxpm4-dbg The problem can be corrected by upgrading the affected package to version 4.3.0.dfsg.1-6ubuntu25.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Gilbert discovered a buffer overflow in the XPM library shipped with XFree86. If an attacker tricked a user into loading a malicious XPM image with an application that uses libxpm, he could exploit this to execute arbitrary code with the privileges of the user opening the image. These overflows do not allow privilege escalation through the X server; the overflows are in a client-side library.