OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.
During a source code audit, Chris Evans and others discovered several stack
overflow flaws and an integer overflow flaw in the libXpm library used to
decode XPM (X PixMap) images. A vulnerable version of this library was
found within OpenMotif. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.
Users of OpenMotif are advised to upgrade to these erratum packages, which
contain backported security patches to the embedded libXpm library.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | openmotif | < 2.2.3-4.RHEL3.4 | openmotif-2.2.3-4.RHEL3.4.s390x.rpm |
RedHat | any | i386 | openmotif | < 2.1.30-13.21AS.4 | openmotif-2.1.30-13.21AS.4.i386.rpm |
RedHat | any | s390 | openmotif-devel | < 2.2.3-4.RHEL3.4 | openmotif-devel-2.2.3-4.RHEL3.4.s390.rpm |
RedHat | any | ia64 | openmotif21 | < 2.1.30-9.RHEL3.4 | openmotif21-2.1.30-9.RHEL3.4.ia64.rpm |
RedHat | any | i386 | openmotif | < 2.2.3-4.RHEL3.4 | openmotif-2.2.3-4.RHEL3.4.i386.rpm |
RedHat | any | s390x | openmotif-devel | < 2.2.3-4.RHEL3.4 | openmotif-devel-2.2.3-4.RHEL3.4.s390x.rpm |
RedHat | any | ia64 | openmotif | < 2.2.3-4.RHEL3.4 | openmotif-2.2.3-4.RHEL3.4.ia64.rpm |
RedHat | any | ppc | openmotif | < 2.2.3-4.RHEL3.4 | openmotif-2.2.3-4.RHEL3.4.ppc.rpm |
RedHat | any | i386 | openmotif-devel | < 2.1.30-13.21AS.4 | openmotif-devel-2.1.30-13.21AS.4.i386.rpm |
RedHat | any | s390 | openmotif | < 2.2.3-4.RHEL3.4 | openmotif-2.2.3-4.RHEL3.4.s390.rpm |