Mandrake Linux Security Advisory : xli (MDKSA-2005:076)
High Nessus Plugin ID 18106
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA number of vulnerabilities have been found in the xli image viewer.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CVE-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CVE-2005-0639).
The updated packages have been patched to correct these problems.
SolutionUpdate the affected xli package.