GLSA-200503-15 : X.org: libXpm vulnerability
High Nessus Plugin ID 17317
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200503-15 (X.org: libXpm vulnerability)
Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions.
A carefully-crafted XPM file could crash X.org, potentially allowing the execution of arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
SolutionAll X.org users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose x11-base/xorg-x11