X marks the Linux security hole

The X.Org Foundation and several Linux suppliers have released security fixes for the X Window System technology on which most...

The X.Org Foundation and several Linux suppliers have released security fixes for the X Window System technology on which most Linux graphical front-ends are based, patching serious holes in a graphics-manipulation component.

X.Org said a number of bugs in the libXpm library used for manipulating pixmaps could allow an attacker to execute malicious code on a Linux system. The bugs, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop, could be exploited by tricking a user into viewing a specially crafted pixmap file with one of the many applications that rely on libXpm.

A patch was published by the foundation last week, and Novell's Suse division, Red Hat and the Gentoo Foundation have followed suit with their own patches.

The flawed library is found in both XFree86 and X.Org, two separate implementations of the X Window System. Danish security firm Secunia, which maintains a database of vulnerabilities, rated the bugs as "highly critical", its second-highest ranking out of five.

The bugs are related to earlier problems with libXpm that surfaced last month, which prompted "a more extensive security audit" by X.Org. The bugs affect X.Org releases up to and including 6.8.1, and are likely to affect any other products that include the library, such as lesstif and OpenMotif.

Many imaging-related flaws have surfaced this year, including bugs in the Mozilla Foundation's browsers, a serious Microsoft vulnerability in decoding Jpeg images, and further bugs in the imlib library, Qt and Internet Explorer.

Matthew Broersma writes for Techworld



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...