Detections
Analytics
Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:081)
high Nessus Plugin ID 18235
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library.
Updated packages are patched to correct all these issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 18235
File Name: mandrake_MDKSA-2005-081.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 5/11/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:x11r6-contrib, p-cpe:/a:mandriva:linux:xfree86, p-cpe:/a:mandriva:linux:xfree86-100dpi-fonts, p-cpe:/a:mandriva:linux:xfree86-75dpi-fonts, p-cpe:/a:mandriva:linux:xfree86-xnest, p-cpe:/a:mandriva:linux:xfree86-xvfb, p-cpe:/a:mandriva:linux:xfree86-cyrillic-fonts, p-cpe:/a:mandriva:linux:xfree86-doc, p-cpe:/a:mandriva:linux:xfree86-glide-module, p-cpe:/a:mandriva:linux:xfree86-server, p-cpe:/a:mandriva:linux:xfree86-xfs, p-cpe:/a:mandriva:linux:lib64xfree86, p-cpe:/a:mandriva:linux:lib64xfree86-devel, p-cpe:/a:mandriva:linux:lib64xfree86-static-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11, p-cpe:/a:mandriva:linux:lib64xorg-x11-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel, p-cpe:/a:mandriva:linux:libxfree86, p-cpe:/a:mandriva:linux:libxfree86-devel, p-cpe:/a:mandriva:linux:libxfree86-static-devel, p-cpe:/a:mandriva:linux:libxorg-x11, p-cpe:/a:mandriva:linux:libxorg-x11-devel, p-cpe:/a:mandriva:linux:libxorg-x11-static-devel, p-cpe:/a:mandriva:linux:xorg-x11, p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-xdmx, p-cpe:/a:mandriva:linux:xorg-x11-xnest, p-cpe:/a:mandriva:linux:xorg-x11-xprt, p-cpe:/a:mandriva:linux:xorg-x11-xvfb, p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts, p-cpe:/a:mandriva:linux:xorg-x11-doc, p-cpe:/a:mandriva:linux:xorg-x11-glide-module, p-cpe:/a:mandriva:linux:xorg-x11-server, p-cpe:/a:mandriva:linux:xorg-x11-xauth, p-cpe:/a:mandriva:linux:xorg-x11-xfs, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 5/5/2005
Reference Information
CVE: CVE-2005-0605
MDKSA: 2005:081