==========================================================Ubuntu Security Notice USN-92-1 March 07, 2005
lesstif1-1 vulnerabilities CAN-2005-0605
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 1:0.93.94-4ubuntu1.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Several vulnerabilities have been found in the XPM image decoding
functions of the LessTif library. If an attacker tricked a user into
loading a malicious XPM image with an application that uses LessTif,
he could exploit this to execute arbitrary code in the context of the
user opening the image.
Ubuntu does not contain any server applications using LessTif, so
there is no possibility of privilege escalation.