Advisories
Mandriva Advisories
|
 |
| Problem Description |
A buffer overflow exists in xli due to missing boundary checks. This
could be triggered by an external attacker to execute commands on the
victim's machine. An exploit is publically available. xli is an image
viewer that is used by Netscape's plugger to display TIFF, PNG, and
Sun-Raster images.
Update:
The xloadimage package uses the same code as xli and is likewise
vulnerable. An update is provided for xloadimage which was only
provided with Linux-Mandrake 7.2.
| Updated Packages |
Mandrakelinux 7.1
994bc689c7ab60fac976816abfa71a8e 7.1/RPMS/xli-1.16-4.1mdk.i586.rpm 32eebf37c2562a088409a31b363555c4 7.1/SRPMS/xli-1.16-4.1mdk.src.rpm
Mandrakelinux 7.2
2a4a20ba543f917b41ec8b92bda3107a 7.2/RPMS/xli-1.16-7.1mdk.i586.rpm 2f3464a4fcee7a3215de4a765e5fd328 7.2/RPMS/xloadimage-4.1-6.1mdk.i586.rpm 3cf0768d88055b81011b9d56224f3858 7.2/SRPMS/xli-1.16-7.1mdk.src.rpm 61c138ea07acbe91d5c466d70493bea2 7.2/SRPMS/xloadimage-4.1-6.1mdk.src.rpm
Mandrakelinux 8.0
f1eff4c239eaebb0ff41f169de8ccd3e 8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm b3aa5d5d8598e02c8bff9132dd312e06 8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm
Mandrakelinux 8.0/PPC
ae86f1d74de0a0b6fa15b699530a1c6d ppc/8.0/RPMS/xli-1.17.0-1.1mdk.ppc.rpm 4608ff87dc4de7b0686ceb3a0a67b8dc ppc/8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm
Corporate Server 1.0.1
994bc689c7ab60fac976816abfa71a8e 1.0.1/RPMS/xli-1.16-4.1mdk.i586.rpm 32eebf37c2562a088409a31b363555c4 1.0.1/SRPMS/xli-1.16-4.1mdk.src.rpm
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.