Ya Gotta Larf

A nasty set of security bug fixes by Mandrake in xorg-x11 had the funniest text I've seen in a security bulletin. Ever!

I have highlighted the funny part in red.


Problem Description:

Chris Evans found several stack and integer overflows in the libXpm code
of X.Org/XFree86:

Stack overflows (CAN-2004-0687):

Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code
leads to a stack based overflow (parse.c).

Stack overflow reading pixel values in ParseAndPutPixels (create.c) as
well as ParsePixels (parse.c).

Integer Overflows (CAN-2004-0688):

Integer overflow allocating colorTable in xpmParseColors (parse.c) -
probably a crashable but not exploitable offence.


An interesting factoid is it's taken Mandrake nearly two months to fix this, relative to the other vendors.

Vendor Fix Date URL
SuSE Sep-17-2004 http://www.suse.com/de/security/2004_34_xfree86_libs_xshared.html
Gentoo Sep-27-2004 http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
RedHat Oct-04-2004 http://rhn.redhat.com/errata/RHSA-2004-478.html
Mandrake Nov-04-2004    http://www.linuxsecurity.com/advisories/mandrake_advisory-5081.html

The bug also affects IBM's AIX http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1484.1 and Sun's Solaris http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1&searchclause=