Ubuntu Security Notice USN-97-1
16th March, 2005
xfree86 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Chris Gilbert discovered a buffer overflow in the XPM library shipped
with XFree86. If an attacker tricked a user into loading a malicious
XPM image with an application that uses libxpm, he could exploit this
to execute arbitrary code with the privileges of the user opening the
image.
These overflows do not allow privilege escalation through the X
server; the overflows are in a client-side library.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- libxpm4
- libxpm4-dbg
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None