MDKSA-2003:089 - Updated XFree86 packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2003:089
Date: September 11th, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1
________________________________________________________________________
Problem Description:
Several vulnerabilities were discovered by blexim(at)hush.com in the
font libraries of XFree86 version 4.3.0 and earlier. These bugs could
potentially lead to execution of arbitrary code or a DoS by a remote
user in any way that calls these functions, which are related to the
transfer and enumeration of fonts from font servers to clients.
As well, some bugs were fixed in XFree86 as released with Mandrake
Linux 9.2, specifically a problem where X would freeze with a black
screen at logout or shutdown with DRI enabled on certain ATI Radeon
cards.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730
http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2
________________________________________________________________________
Updated Packages:
Corporate Server 2.1:
b6b82d5616020f748cebd0dc707a8618
corporate/2.1/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761
corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3
corporate/2.1/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7
corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312
corporate/2.1/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7
corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a
corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73
corporate/2.1/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec
corporate/2.1/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775
corporate/2.1/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea
corporate/2.1/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04
corporate/2.1/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111
corporate/2.1/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312
corporate/2.1/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c
corporate/2.1/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm
Corporate Server 2.1/x86_64:
22a2ea48c62ed91abd3416ab3216dbe8
x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.5mdk.x86_64.rpm
f097301439f1ea6710a3c05bfe762589
x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
28b6047b4e78bf242c121eb575e6ad63
x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.5mdk.x86_64.rpm
0fcfdad70433f21f3bc4a070e11a6937
x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
e22324f87a25559aa554267993b7c653
x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.5mdk.x86_64.rpm
62db7479d78c5df932c20fa8ca9d07ff
x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.5mdk.x86_64.rpm
83df7387954929a12fdd7c41bcc22074
x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.5mdk.x86_64.rpm
f7ec6931c6fab25c7879adfa1b6c20d2
x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.5mdk.x86_64.rpm
587a4d0672d0f1e08f28e8e72329d73c
x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.5mdk.x86_64.rpm
b6c5a94eac5508c204a5ff9c4633a546
x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.5mdk.x86_64.rpm
b59596a1f304b7392061ccdf446d63ed
x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.5mdk.x86_64.rpm
ffb70fc44c7ca06fd91a54644c194725
x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.5mdk.x86_64.rpm
0a4cef33d2fecadf2b4bd1578c9709eb
x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.5mdk.x86_64.rpm
da92afa2600c67e9d2a6995ec4dfd172
x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.5mdk.src.rpm
Mandrake Linux 9.0:
b6b82d5616020f748cebd0dc707a8618 9.0/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761
9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3 9.0/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7
9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312 9.0/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7 9.0/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a
9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73 9.0/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec 9.0/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775
9.0/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea 9.0/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04 9.0/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111
9.0/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312 9.0/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c 9.0/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm
Mandrake Linux 9.1:
b71d5294e6017e77722e5f78c72a910c 9.1/RPMS/X11R6-contrib-4.3-8.2mdk.i586.rpm
3dfdf7b100f83824595a223fddfced35
9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.i586.rpm
30095dbd12ce97c5eefb9a8b527b5e52 9.1/RPMS/XFree86-4.3-8.2mdk.i586.rpm
61ecdc4dc1d05eb5bcb22247dec478cb
9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.i586.rpm
d3554b5b68e405bca67021b85fd37869 9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.i586.rpm
2ebffbcd48bc3c6e6a76cf7e3d81aa46 9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.i586.rpm
b32f90d1611326ae4495303d6561076f
9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.i586.rpm
6328a66ac5ff3ccdd8fe946c96842061 9.1/RPMS/XFree86-devel-4.3-8.2mdk.i586.rpm
f316f8b4889b3b259f095e935277acff 9.1/RPMS/XFree86-doc-4.3-8.2mdk.i586.rpm
fcd822ba375492f84f394099ec804d16
9.1/RPMS/XFree86-glide-module-4.3-8.2mdk.i586.rpm
f57330dbd60738eab19e5e42080697e5 9.1/RPMS/XFree86-libs-4.3-8.2mdk.i586.rpm
1b632cd73f8143d82baa9cdf9648b8dd 9.1/RPMS/XFree86-server-4.3-8.2mdk.i586.rpm
582715411b806eb6248192d2db23f79e
9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.i586.rpm
be7ce95709aa7e757fd51d765399a457 9.1/RPMS/XFree86-xfs-4.3-8.2mdk.i586.rpm
28411743be8f5f1f05e819a63e091a18 9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm
Mandrake Linux 9.1/PPC:
9f1b69d618825865a8cdef95f3aecfb9 ppc/9.1/RPMS/X11R6-contrib-4.3-8.2mdk.ppc.rpm
2ceff4f871f07bbcdad696380ab9ae5e
ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.ppc.rpm
4983703738ef3b4867b43d2529f50f9a ppc/9.1/RPMS/XFree86-4.3-8.2mdk.ppc.rpm
d01c586bd35004ea54337947d80c1769
ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.ppc.rpm
4275992e50cc330980540a782e82b941 ppc/9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.ppc.rpm
4c098691c64be4c1e4c7ac590b606b51 ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.ppc.rpm
ec3c3cbeff15c78d1b99c5fd525a1425
ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.ppc.rpm
6d36dfdc2e680807ff34b326a4a17ce4 ppc/9.1/RPMS/XFree86-devel-4.3-8.2mdk.ppc.rpm
2d5ef47dd57d6ae65d455c47df99f4ae ppc/9.1/RPMS/XFree86-doc-4.3-8.2mdk.ppc.rpm
c7de33f6110057b6ca082e0cbb54ef4f ppc/9.1/RPMS/XFree86-libs-4.3-8.2mdk.ppc.rpm
5d7cacc104264b378a8c1a15eec7a1d2
ppc/9.1/RPMS/XFree86-server-4.3-8.2mdk.ppc.rpm
dbcf8d7ebe9c33c7e704fef3b795c30e
ppc/9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.ppc.rpm
f115f1b52a3fa8ed4025ebbbeb7ec6e6 ppc/9.1/RPMS/XFree86-xfs-4.3-8.2mdk.ppc.rpm
28411743be8f5f1f05e819a63e091a18 ppc/9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
1307 - XFree86 freezes on logout or shutdown with DRI on Radeon Mobility 7500
2741 - XFree fails to restart after logout
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/YW0HmqjQ0CJFipgRAjouAJ4x4O2/E4eJNH5ARAj+jnVILlVnDACgwhV4
Mxto42EAQfoO8+BluZXMR3Y=
=WA48
-----END PGP SIGNATURE-----