Brookline MA, November 17, 2004 - The X.Org Foundation today announced
the release of a patch for the X Window System, which addresses the
security vulnerability first announced on September 15, 2004, with
the release of source patch CAN-2004-0687-0688.patch.
X.Org was made aware of additional security vulnerability in libXpm, the X
Pixmap library, which is shipped as part of the X Window System. The
affected library is used in many popular application for image viewing and
manipulation. This library was subject of recent security advisories
(CAN-2004-0687 and CAN-2004-0688).
1. Affected versions
All X.Org release up to and including R6.8.1 are vulnerable. Products like
XFree86, lesstif and OpenMotif, which include libXpm are likely to be
affected.
2. Description
libXpm is a library for manipulating pixmaps used by the X Window
System. After the release of the X11R6.8.1 security release, a more
extensive security audit was made.
Several integer overflows and out-of-bounds memory accesses have been
identified and fixed, a path traversal has been fixed and shell command
execution has been made more secure. This new fix also addresses possible
endless loops and memory leaks. These vulnerabilities may allow an
application linking against libXpm to crash, to become unusable, or to
execute other code of a user running an application linked against libXpm.
3. CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2004-0914 to these issues. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems. You may check:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
4. Available Patch.
A source patch is available for:
X.Org Release 6.8.0 under:
http://www.x.org/pub/X11R6.8.0/patches/xorg-680-CAN-2004-0914.patch
and X.Org Release 6.8.1 under:
http://www.x.org/pub/X11R6.8.1/patches/xorg-681-CAN-2004-0914.patch
and from X.Org mirror sites world-wide.
5. Acknowledgments
The X.Org Foundation would like to thank Petr Mladek for identifying the
vulnerabilities and providing a patch, and Thomas Biege for systematically
reviewing the libXpm code and fixing additional possible vulnerabilities.
The X.Org Foundation would also thank Matthieu Herrb and Jacques A. Vidrine
for their help in auditing the code, reviewing the patch and suggesting
additional fixes.