On Wed, 17 Nov 2004 23:19:05 +0000, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote: > On Wednesday 17 November 2004 19:55, Kristian Høgsberg wrote: > > --------------------------------------------------------------------- > > Fedora Update Notification > > FEDORA-2004-434 > > 2004-11-17 > > --------------------------------------------------------------------- > > > > Product : Fedora Core 3 > > Name : xorg-x11 > > Version : 6.8.1 > > Release : 12.FC3.1 > > Summary : The basic fonts, programs and docs for an X workstation. > > Description : > > X.org X11 is an open source implementation of the X Window System. It > > provides the basic low level functionality which full fledged > > graphical user interfaces (GUIs) such as GNOME and KDE are designed > > upon. > > > > --------------------------------------------------------------------- > > Update Information: > > > > Several integer overflow flaws in the X.Org libXpm library used to decode > >> --------------------------------------------------------------------- > > Fedora Update Notification > > FEDORA-2004-434 > > 2004-11-17 > > --------------------------------------------------------------------- > > > > Product : Fedora Core 3 > > Name : xorg-x11 > > Version : 6.8.1 > > Release : 12.FC3.1 > > Summary : The basic fonts, programs and docs for an X workstation. > > Description : > > X.org X11 is an open source implementation of the X Window System. It > > provides the basic low level functionality which full fledged > > graphical user interfaces (GUIs) such as GNOME and KDE are designed > > upon. > > > > --------------------------------------------------------------------- > > Update Information: > > > > Several integer overflow flaws in the X.Org libXpm library used to decode > > XPM (X PixMap) images have been found and addressed. An attacker could > > create a carefully crafted XPM file which would cause an application to > > crash or potentially execute arbitrary code if opened by a victim. The > > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > > the name CAN-2004-0914 to this issue. > > > > Users are advised to upgrade to these erratum packages, which contain > > backported security patches as well as other bug fixes. > > --------------------------------------------------------------------- Hi > Have you applied the 6-month old patch in > <http://freedesktop.org/bugzilla/show_bug.cgi?id=591>? ask in the fedora devel list or post a bug in bugzilla referring to this -- Regards, Rahul Sundaram
