This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The XPM library which is part of the XFree86/XOrg project is used by
several GUI applications to process XPM image files.
A source code review of the XPM library, done by Thomas Biege of the
SuSE Security-Team revealed several different kinds of bugs. These
bugs include integer overflows, out-of-bounds memory access, shell
command execution, path traversal, and endless loops.
These bugs can be exploited by remote and/or local attackers to gain
access to the system or to escalate their local privileges, by using a
specially crafted xpm image.
The previous libxpm4 update had a linking error that resulted in a
missing s_popen symbol error running applications dependent on the
library. In addition, the file path checking in the security updates
prevented some applications, like gimp-2.0 from being able to save xpm
Updated packages are patched to correct all these issues.
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0