--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152803 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152803 2005-11-17 --------------------------------------------------------------------- Name : lesstif Versions : rh73: lesstif-0.93.18-2.3.legacy Versions : rh9: lesstif-0.93.36-3.3.legacy Versions : fc1: lesstif-0.93.36-4.3.legacy Versions : fc2: lesstif-0.93.36-5.3.legacy Summary : An OSF/Motif(R) clone. Description : LessTif is a free replacement for OSF/Motif(R), which provides a full set of widgets for application development (menus, text entry areas, scrolling windows, etc.). LessTif is source compatible with OSF/Motif(R) 1.2. The widget set code is the primary focus of development. If you are installing lesstif, you also need to install lesstif-clients. --------------------------------------------------------------------- Update Information: Updated lesstif packages that fix flaws in the Xpm image library are now available. lesstif is a free replacement for OSF/Motif(R), which provides a full set of widgets for application development. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within LessTif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues. An integer overflow flaw was found in libXpm; a vulnerable version of this library is found within LessTif. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to LessTif. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Users of lesstif are advised to upgrade to these erratum packages, which contain backported security patches correcting these issues. --------------------------------------------------------------------- Changelogs: rh73: * Wed Jul 27 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.93.18-2.3.legacy - Use the RHEL patches for CAN-2004-0667, CAN-2004-0668 and CAN-2004-0914 - fixed possible libXpm overflows (CAN-2005-0605) * Fri Dec 03 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.18-2.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) * Thu Nov 04 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.18-2.1.legacy - apply patch for CAN-2004-0688 (FL #2142) - truncated changelog because it was somehow breaking things rh9: * Wed Jul 27 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.93.36-3.3.legacy - Use the RHEL patches for CAN-2004-0667, CAN-2004-0668 and CAN-2004-0914 - fixed possible libXpm overflows (CAN-2005-0605) * Fri Dec 03 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.36-3.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) * Thu Nov 04 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.36-3.1.legacy - apply patch for CAN-2004-0688 (FL #2142) fc1: * Wed Jul 27 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.93.36-4.3.legacy - Use the RHEL patches for CAN-2004-0667, CAN-2004-0668 and CAN-2004-0914 - fixed possible libXpm overflows (CAN-2005-0605) * Fri Dec 03 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.36-4.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) * Thu Nov 04 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 0.93.36-4.1.legacy - apply patch for CAN-2004-0688 (FL #2142) fc2: * Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 0.93.36-5.3.legacy - fixed possible libXpm overflows (CAN-2005-0605) - allow to write XPM files with absolute path names again --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 83e9647ade78338b07abdb618f5d88b0ed12b46b redhat/7.3/updates-testing/i386/lesstif-0.93.18-2.3.legacy.i386.rpm c9dcedad7c1576504e12340753b391181d613714 redhat/7.3/updates-testing/i386/lesstif-devel-0.93.18-2.3.legacy.i386.rpm 649a15edc64e3847238eb252be93db1583baa1cc redhat/7.3/updates-testing/SRPMS/lesstif-0.93.18-2.3.legacy.src.rpm rh9: a4a8e6e888234cb0751800c181430db4c7b524e6 redhat/9/updates-testing/i386/lesstif-0.93.36-3.3.legacy.i386.rpm 0804ad3304bf12be7f1ab71a463e980f4ea17975 redhat/9/updates-testing/i386/lesstif-devel-0.93.36-3.3.legacy.i386.rpm 51459c1f41f08654e13b4f22bb76082ed04bbbde redhat/9/updates-testing/SRPMS/lesstif-0.93.36-3.3.legacy.src.rpm fc1: 9d8c60a5d5fd55081cd0e7f4ac9c349393c851c8 fedora/1/updates-testing/i386/lesstif-0.93.36-4.3.legacy.i386.rpm 7453bc2247080a99da8cb3aba8adb768191fa30f fedora/1/updates-testing/i386/lesstif-devel-0.93.36-4.3.legacy.i386.rpm 0131e9cd6d912798c1ad0b45a0195fc9b3e6cfe3 fedora/1/updates-testing/SRPMS/lesstif-0.93.36-4.3.legacy.src.rpm fc2: 00c8b8ed1cc28659d23e3a786ee12b0bfa1eb10d fedora/2/updates-testing/i386/lesstif-0.93.36-5.3.legacy.i386.rpm 051563d1c29930fc45f3184ff9abbcf92daf1b74 fedora/2/updates-testing/i386/lesstif-devel-0.93.36-5.3.legacy.i386.rpm 2bb39e060197d2bed2f9e7448b9a6e68c72555f5 fedora/2/updates-testing/SRPMS/lesstif-0.93.36-5.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list