xloadimage Buffer Overflow Vulnerability
It is advised to disable the use of xloadimage by the plugger in '/etc/pluggerrc'.
Red Hat, S.u.S.E., Debian and MandrakeSoft have made fixes available.
Gentoo has released advisory GLSA 200503-05 available dealing with this and other issues. Apparently Gentoo failed to resolve this issue until currently. Gentoo advises that all xloadimage users should also upgrade to the latest version by carrying out the following commands with superuser privileges:
emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r2"
For more information please see the referenced Gentoo linux advisory.
Debian has made advisory DSA 695-1 available along with fixes dealing with this issue. It should be noted that this issue was successfully fixed in Debian's previous xli advisory (DSA 069). Debian has reissued the fix in the latest set of fixes.
TurboLinux has released advisory TLSA-2005-43 along with fixes dealing with this issue. Please see the referenced advisory for more information.
xli xli 1.16
xli xli 1.17
xloadimage xloadimage 4.1