A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to version 4.3.0.dfsg.1-6ubuntu25.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Chris Gilbert discovered a buffer overflow in the XPM library shipped with XFree86. If an attacker tricked a user into loading a malicious XPM image with an application that uses libxpm, he could exploit this to execute arbitrary code with the privileges of the user opening the image.
These overflows do not allow privilege escalation through the X server; the overflows are in a client-side library.