aru Posted June 1, 2004 Report Share Posted June 1, 2004 Mandrakesoft Security Advisories MDKSA-2004:053 : xpcd Updated xpcd package fix vulnerabilities June 1st, 2004 A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib to display graphics on the console and it would copy user-supplied data of an arbitrary length into a fixed-size buffer in the pcd_open function. As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that could be triggered by a long HOME environment variable, which could be exploited by a local attacker to obtain root privileges. The updated packages resolve these vulnerabilities. The released versions of Mandrake GNU/Linux affected are: 9.2 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:053 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0649 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0402 Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts