USN-83-2: LessTif 1 vulnerabilities
Posted on: 09/12/2005 09:42 AM

A new LessTif 1 vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-83-2 September 12, 2005
lesstif1-1 vulnerabilities

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

USN-83-1 fixed some vulnerabilities in the "lesstif2" library. The
older "lesstif1" library was also affected, however, a fix was not yet
available at that time. This USN fixes the flaws for lesstif1.

Please note that there are no supported applications that use this
library, so this only affects you if you use third-party applications
which use lesstif1.

For your convenience, here is the relevant part of the USN-83-1

Several vulnerabilities have been found in the XPM image decoding
functions of the LessTif library. If an attacker tricked a user into
loading a malicious XPM image with an application that uses LessTif,
he could exploit this to execute arbitrary code in the context of
the user opening the image.

Ubuntu does not contain any server applications using LessTif, so
there is no possibility of privilege escalation.

Source archives:
Size/MD5: 120384 728cea45df73cfac025aab648667ba26
Size/MD5: 864 f7a77c6d69d735c64e480407bc744b6b
Size/MD5: 4862623 9eb87b5470333ccb31425a47d24f5a96

Architecture independent packages:
Size/MD5: 342270 0c35f7bdddb569d91eb28399e266ba79

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 176996 d5ad4f18af977e3e6fda8aff1f8b5942
Size/MD5: 919372 b15bc0f2b55e10ccf92cb0d3dd01f52d
Size/MD5: 662418 985665bdc0a646fa21538a2b64801271
Size/MD5: 1068818 48621de47a78ad4561e216d0ee20fa56
Size/MD5: 743454 8ea85ba224c678b5052aa8fe8535bae9

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 159652 ca7bc02a28b971ad8c5aab26213bba88
Size/MD5: 805232 89e719ca3265064bc7bf4614766d7407
Size/MD5: 599756 860536eae168c35c97ef6f5a880bf002
Size/MD5: 934130 0ac40da1c5dc9e774df200bf51eedbf7
Size/MD5: 674398 44dd744e49359462acddb071c2dde808

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 171920 180a779c3eb2783dfc4b882af996b8e5
Size/MD5: 947886 e29147ec36b74014861eeb90a85f19c6
Size/MD5: 627706 fa9045896ab981aaf4b71759978d9129
Size/MD5: 1094798 4112aa0f5cb26adc74430a8a6fe17343
Size/MD5: 706780 2fa548597283134ba0f7dd400f6c298e

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (GNU/Linux)


Printed from Linux Compatible (