Updated libxpm packages fix security vulnerability
Publication date: 02 Feb 2017Modification date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10164
Description
An out of boundary write has been found in libXpm before 3.5.12 which can be exploited by an attacker through maliciously crafted XPM files. To trigger the vulnerability, a program must explicitly request to also parse XPM extensions while reading files. The motif toolkit and xdm are two among some programs that set the flag (XpmReturnExtensions). It can only be exploited on 64-bit systems (CVE-2016-10164).
References
SRPMS
5/core
- libxpm-3.5.12-1.mga5