Description: | Description:
The remote host is missing updates announced in advisory FLSA-2006:152803.
During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within LessTif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues.
An integer overflow flaw was found in libXpm a vulnerable version of this library is found within LessTif. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to LessTif. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue.
Users of lesstif are advised to upgrade to these errata packages, which contain backported security patches correcting these issues.
Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1 Fedora Core 2
Solution: https://secure1.securityspace.com/smysecure/catid.html?in=FLSA-2006:152803
Risk factor : Critical
CVSS Score: 10.0
|