OpenBSD: Xpm security fix
Posted by LinuxSecurity.com Team   
OpenBSD Chris Evans reported several flaws (stack and integer overflows) in theXpm library code that parses image files (CAN-2004-0687, CAN-2004-0688).Some of these would be exploitable when parsing malicious image files inan application that handles XPM images, if they could escape ProPolice.

Chris Evans reported several flaws (stack and integer overflows) in the
Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688).
Some of these would be exploitable when parsing malicious image files in
an application that handles XPM images, if they could escape ProPolice.

The fixes have been committed to OpenBSD -current as well as the
3.4 and 3.5 -stable branches.

Patches against OpenBSD 3.4 and 3.5 are also available:
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/030_xpm.patch
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch