USN-97-1: libxpm vulnerability
16 March 2005
xfree86 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Software Description
Details
Chris Gilbert discovered a buffer overflow in the XPM library shipped with XFree86. If an attacker tricked a user into loading a malicious XPM image with an application that uses libxpm, he could exploit this to execute arbitrary code with the privileges of the user opening the image.
These overflows do not allow privilege escalation through the X server; the overflows are in a client-side library.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 4.10
- libxpm4
- libxpm4-dbg
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.