Home > Security > Advisories


Mandriva Advisories

Package name xli
Date August 31st, 2001
Advisory ID MDKSA-2001:073
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated xli packages fix boundary check vulnerability

Problem Description

A buffer overflow exists in xli due to missing boundary checks. This
could be triggered by an external attacker to execute commands on the
victim's machine. An exploit is publically available. xli is an image
viewer that is used by Netscape's plugger to display TIFF, PNG, and
Sun-Raster images.

Updated Packages

Mandrakelinux 7.1

 994bc689c7ab60fac976816abfa71a8e  7.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  7.1/SRPMS/xli-1.16-4.1mdk.src.rpm

Mandrakelinux 7.2

 2a4a20ba543f917b41ec8b92bda3107a  7.2/RPMS/xli-1.16-7.1mdk.i586.rpm
3cf0768d88055b81011b9d56224f3858  7.2/SRPMS/xli-1.16-7.1mdk.src.rpm

Mandrakelinux 8.0

 f1eff4c239eaebb0ff41f169de8ccd3e  8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm
b3aa5d5d8598e02c8bff9132dd312e06  8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 ae86f1d74de0a0b6fa15b699530a1c6d  ppc/8.0/RPMS/xli-1.17.0-1.1mdk.ppc.rpm
4608ff87dc4de7b0686ceb3a0a67b8dc  ppc/8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm

Corporate Server 1.0.1

 994bc689c7ab60fac976816abfa71a8e  1.0.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  1.0.1/SRPMS/xli-1.16-4.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.