[SECURITY] Fedora Core 3 Update: xorg-x11-6.8.1-12.FC3.1

Rahul Sundaram rahulsundaram at gmail.com
Wed Nov 17 23:24:37 UTC 2004


On Wed, 17 Nov 2004 23:19:05 +0000, Timothy Murphy
<tim at birdsnest.maths.tcd.ie> wrote:
> On Wednesday 17 November 2004 19:55, Kristian Høgsberg wrote:
> > ---------------------------------------------------------------------
> > Fedora Update Notification
> > FEDORA-2004-434
> > 2004-11-17
> > ---------------------------------------------------------------------
> >
> > Product     : Fedora Core 3
> > Name        : xorg-x11
> > Version     : 6.8.1
> > Release     : 12.FC3.1
> > Summary     : The basic fonts, programs and docs for an X workstation.
> > Description :
> > X.org X11 is an open source implementation of the X Window System.  It
> > provides the basic low level functionality which full fledged
> > graphical user interfaces (GUIs) such as GNOME and KDE are designed
> > upon.
> >
> > ---------------------------------------------------------------------
> > Update Information:
> >
> > Several integer overflow flaws in the X.Org libXpm library used to decode
> >> ---------------------------------------------------------------------
> > Fedora Update Notification
> > FEDORA-2004-434
> > 2004-11-17
> > ---------------------------------------------------------------------
> >
> > Product     : Fedora Core 3
> > Name        : xorg-x11
> > Version     : 6.8.1
> > Release     : 12.FC3.1
> > Summary     : The basic fonts, programs and docs for an X workstation.
> > Description :
> > X.org X11 is an open source implementation of the X Window System.  It
> > provides the basic low level functionality which full fledged
> > graphical user interfaces (GUIs) such as GNOME and KDE are designed
> > upon.
> >
> > ---------------------------------------------------------------------
> > Update Information:
> >
> > Several integer overflow flaws in the X.Org libXpm library used to decode
> > XPM (X PixMap) images have been found and addressed. An attacker could
> > create a carefully crafted XPM file which would cause an application to
> > crash or potentially execute arbitrary code if opened by a victim.  The
> > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
> > the name CAN-2004-0914 to this issue.
> >
> > Users are advised to upgrade to these erratum packages, which contain
> > backported security patches as well as other bug fixes.
> > ---------------------------------------------------------------------
Hi


> Have you applied the 6-month old patch in
> <http://freedesktop.org/bugzilla/show_bug.cgi?id=591>?


ask in the fedora devel list or post a bug in bugzilla referring to this

-- 
Regards,
Rahul Sundaram




More information about the fedora-list mailing list