Ya Gotta Larf
A nasty set of security bug fixes by Mandrake in xorg-x11 had the funniest text I've seen in a security bulletin. Ever!
I have highlighted the funny part in red.
https://www.linuxsecurity.com/advisories/mandrake_advisory-5081.html
Problem Description:
Chris Evans found several stack and integer overflows in the libXpm code
of X.Org/XFree86:Stack overflows (CAN-2004-0687):
Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code
leads to a stack based overflow (parse.c).Stack overflow reading pixel values in ParseAndPutPixels (create.c) as
well as ParsePixels (parse.c).Integer Overflows (CAN-2004-0688):
Integer overflow allocating colorTable in xpmParseColors (parse.c) -
probably a crashable but not exploitable offence.
:)
An interesting factoid is it's taken Mandrake nearly two months to fix this, relative to the other vendors.
| Vendor | Fix Date | URL |
| SuSE | Sep-17-2004 | https://www.suse.com/de/security/2004_34_xfree86_libs_xshared.html |
| Gentoo | Sep-27-2004 | https://www.gentoo.org/security/en/glsa/glsa-200409-34.xml |
| RedHat | Oct-04-2004 | https://rhn.redhat.com/errata/RHSA-2004-478.html |
| Mandrake | Nov-04-2004 | https://www.linuxsecurity.com/advisories/mandrake_advisory-5081.html |
The bug also affects IBM's AIX https://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1484.1 and Sun's Solaris https://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1&searchclause=