RHEL 2.1 / 3 : openmotif (RHSA-2004:537)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated openmotif packages that fix flaws in the Xpm image library are
now available.

OpenMotif provides libraries which implement the Motif industry
standard graphical user interface.

During a source code audit, Chris Evans and others discovered several
stack overflow flaws and an integer overflow flaw in the libXpm
library used to decode XPM (X PixMap) images. A vulnerable version of
this library was found within OpenMotif. An attacker could create a
carefully crafted XPM file which would cause an application to crash
or potentially execute arbitrary code if opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to
these issues.

Users of OpenMotif are advised to upgrade to these erratum packages,
which contain backported security patches to the embedded libXpm
library.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0687.html
https://www.redhat.com/security/data/cve/CVE-2004-0688.html
https://www.redhat.com/security/data/cve/CVE-2004-0914.html
http://rhn.redhat.com/errata/RHSA-2004-537.html

Solution :

Update the affected openmotif, openmotif-devel and / or openmotif21
packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 15943 ()

Bugtraq ID:

CVE ID: CVE-2004-0687
CVE-2004-0688
CVE-2004-0883
CVE-2004-0914
CVE-2004-0949
CVE-2004-1068
CVE-2004-1071
CVE-2004-1072