Advisories » MGASA-2017-0035

Updated libxpm packages fix security vulnerability

Publication date: 02 Feb 2017
Modification date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10164

Description

An out of boundary write has been found in libXpm before 3.5.12 which
can be exploited by an attacker through maliciously crafted XPM files.
To trigger the vulnerability, a program must explicitly request to also
parse XPM extensions while reading files. The motif toolkit and xdm are
two among some programs that set the flag (XpmReturnExtensions). It can
only be exploited on 64-bit systems (CVE-2016-10164).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20180
• http://openwall.com/lists/oss-security/2017/01/25/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10164

SRPMS

5/core

• libxpm-3.5.12-1.mga5