Ubuntu
openmotif package

CVE-2005-3964: Two exploitable buffer overflows in openmotif

Bug #29398 reported by Yann Rouillard on 2006-01-22

258

Affects		Status	Importance	Assigned to	Milestone
	openmotif (Ubuntu)	Fix Released	High	Daniel T Chen

Bug Description

From debian bug 342092:

Two exploitable buffer overflows have been found in OpenMotif. Please
see http://marc.theaimsgroup.com/?l=full-disclosure&m=113349242925897&w=2
for details. This has been assigned CVE-2005-3964, please mention it in
the changelog when fixing it.

Cheers,
Moritz

CVE References

2005-3964

Yann Rouillard (yann-pleiades) on 2006-01-23

Changed in openmotif:
assignee:	nobody → motu

Revision history for this message

Gary Coady (garycoady) wrote on 2006-04-24:

The vulnerable code still appears to be in the package.

Changed in openmotif:
status:	Unconfirmed → Confirmed

Daniel T Chen (crimsun) on 2006-05-18

Changed in openmotif:
assignee:	motu → crimsun

Revision history for this message

Daniel T Chen (crimsun) wrote on 2006-05-19:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 19 May 2006 11:57:58 -0400
Source: openmotif
Binary: libmotif-dev libmotif3 motif-clients
Architecture: source
Version: 2.2.3-1.2ubuntu2
Distribution: dapper
Urgency: low
Maintainer: Gerd Knorr <email address hidden>
Changed-By: Daniel T Chen <email address hidden>
Description:
libmotif-dev - Open Motif - development files
libmotif3 - Open Motif - shared libraries
motif-clients - Open Motif - X11 clients (mwm, xmbind)
Changes:
openmotif (2.2.3-1.2ubuntu2) dapper; urgency=low
.
   * [SECURITY]
     - Add patches/CVE-2005-3964.patch: Fix buffer overflows in libUil,
       taken from upstream cvs. Closes: Malone #29398.
     - References:
       CVE-2005-3964
       http://bugs.debian.org/342092
Files:
846786d908aaab56b351428f3d23f802 726 non-free/devel extra openmotif_2.2.3-1.2ubuntu2.dsc
c931d1da0f17f8a01d01decb45a74c63 19298 non-free/devel extra openmotif_2.2.3-1.2ubuntu2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEbesie9GwFciKvaMRAjybAJ9t37stRlqrLCxvUtbUd7yEExmJMgCdH8Wm
IDh9aJ6KncOjbOpnxfrl/+o=
=GF+R
-----END PGP SIGNATURE-----

Changed in openmotif:
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #342092
[done grave fixed security] Edit
gentoo-bugs #114234
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenmotif package