MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2004:138
Date: November 22nd, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
The XPM library which is part of the XFree86/XOrg project is used
by several GUI applications to process XPM image files.
A source code review of the XPM library, done by Thomas Biege of the
SuSE Security-Team revealed several different kinds of bugs. These
bugs include integer overflows, out-of-bounds memory access, shell
command execution, path traversal, and endless loops.
These bugs can be exploited by remote and/or local attackers to gain
access to the system or to escalate their local privileges, by using a
specially crafted xpm image.
Updated packages are patched to correct all these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
2afb474174ceeeb8b9978731ea67b106 10.0/RPMS/libxfree86-4.3-32.3.100mdk.i586.rpm
becdd628fb0a2daba78e8e0052db8973
10.0/RPMS/libxfree86-devel-4.3-32.3.100mdk.i586.rpm
537ffdd77fcf6aaaeaa671d459640266
10.0/RPMS/libxfree86-static-devel-4.3-32.3.100mdk.i586.rpm
d1f90d0e9d92abbd07873f4cabd5c1ca
10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.i586.rpm
b3df7e27cf04bf02aeacfcfb3bb4ebfe
10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.i586.rpm
2d4ec2c81801423fe46e464bbbe76e28 10.0/RPMS/XFree86-4.3-32.3.100mdk.i586.rpm
6833f06a64c81f00b49dc531a5af967e
10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.i586.rpm
80f39632b42dbd34c9683daeafb2a390
10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.i586.rpm
02fb4c3780a69cadc832bb90ecc83cad
10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.i586.rpm
2b1ba9d93d76b5b2fc50bdb510694d47
10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.i586.rpm
bec7c7941d8251aab82bfb29eb4d13c1
10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.i586.rpm
48aeeefd2c4731768c917eeb8e49a848
10.0/RPMS/XFree86-glide-module-4.3-32.3.100mdk.i586.rpm
703e7ae6efb5c5ae0993dfa25d103f89
10.0/RPMS/XFree86-server-4.3-32.3.100mdk.i586.rpm
4df58044b169210f5886fb4e1c8e990f
10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.i586.rpm
0efa3fb00bccfe27094f5814f44debbf 10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
97eb1462d343a0f338a08f76b1f9364b
amd64/10.0/RPMS/lib64xfree86-4.3-32.3.100mdk.amd64.rpm
fde070d7e006e804a99567c58681da51
amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.3.100mdk.amd64.rpm
4126b4e4e1257cb7ae0fa6891010a656
amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.3.100mdk.amd64.rpm
cb0116f65cd35f50e7be020c0923bf36
amd64/10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.amd64.rpm
d4f015aaa2f759246b8c453e959df1ef
amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.amd64.rpm
e5199a14d89330c33617806e7c800afe
amd64/10.0/RPMS/XFree86-4.3-32.3.100mdk.amd64.rpm
7c2c631d77b62d71f0f4de5ebad0c63a
amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.amd64.rpm
39819257f528fe778e652e2ae0bed6d8
amd64/10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.amd64.rpm
babc267727355c3e36e4b31ec27ff9a0
amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.amd64.rpm
3d74526247d52b1db1628558023085fd
amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.amd64.rpm
364b16bfe97874e4c269ac2662ed13a0
amd64/10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.amd64.rpm
781bc31e2ec070a1b5a02e5fd6021afa
amd64/10.0/RPMS/XFree86-server-4.3-32.3.100mdk.amd64.rpm
209acef5a74274a7a18723f805af7341
amd64/10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.amd64.rpm
0efa3fb00bccfe27094f5814f44debbf
amd64/10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm
Mandrakelinux 10.1:
837af36fa6f3f740caf63b6d001d377f
10.1/RPMS/libxorg-x11-6.7.0-4.2.101mdk.i586.rpm
3d897b1b9cccd9854ac7956d8298fa06
10.1/RPMS/libxorg-x11-devel-6.7.0-4.2.101mdk.i586.rpm
96aacb669136ea3297749ecd074f75c4
10.1/RPMS/libxorg-x11-static-devel-6.7.0-4.2.101mdk.i586.rpm
07b82c78a8f58f188b20859c5a1f8a54
10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.i586.rpm
6235fd580278f46415143ec2a34d7a9c
10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
a8bfffbf221ae11e95c0cac48e3b27ca 10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.i586.rpm
8f7c9eae1e5ae8cd0eb615e01a049aca
10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
153a372ef44ef9da459164701fcad597
10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.i586.rpm
d0349486fb42aa852f1c26d07c87ba2b
10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.i586.rpm
139bb7e0f6a4974d174c7cef6bdc78ec
10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.i586.rpm
987c77256d9d2b549b7f2fd8d90c5c37
10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.i586.rpm
31b76cce2577ffaabaa87494cd2df5cf
10.1/RPMS/xorg-x11-glide-module-6.7.0-4.2.101mdk.i586.rpm
d3d2bd63e2ad0a70aff148481efc7e05
10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.i586.rpm
1909f6390330b8e34758027577a6a498
10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.i586.rpm
42d2df18a8958c81d5e3c561b0ec6dd8 10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
673e76c6bae242fb331d0545e52dbb74
x86_64/10.1/RPMS/lib64xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
4350f24f96a85650e116b7800fa81723
x86_64/10.1/RPMS/lib64xorg-x11-devel-6.7.0-4.2.101mdk.x86_64.rpm
08574ebda1a728e5c973e4c42b4dff84
x86_64/10.1/RPMS/lib64xorg-x11-static-devel-6.7.0-4.2.101mdk.x86_64.rpm
386b6986637674d35872fcdf86ac23f1
x86_64/10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.x86_64.rpm
85219e70a535989addf8e47a01746b61
x86_64/10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
d9419b62ef12d4b12fedc64eaa7b077a
x86_64/10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
2a21aa5e512ce659f051accac86280bd
x86_64/10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
3bb9d4d960d5de8791ae3b921bcb49d4
x86_64/10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.x86_64.rpm
55412a69764ab9a5104b6d19a0c65c0a
x86_64/10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.x86_64.rpm
22fddf5bd800a0cee6152ef8a63af1eb
x86_64/10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.x86_64.rpm
9fcc3c5231066b5b146a28962c7e28a3
x86_64/10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.x86_64.rpm
36574ebda371599d5083ced52e08401e
x86_64/10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.x86_64.rpm
113bf0f396a4d6ed8ddb149b88b21b38
x86_64/10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.x86_64.rpm
42d2df18a8958c81d5e3c561b0ec6dd8
x86_64/10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm
Corporate Server 2.1:
fe1bbb7d6f6d3fb00cca14224483a4bd
corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.i586.rpm
57b8587970f7e8de6dbc9a12ba63dca0
corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
3d895a499c1c7d0c2e7d010df686c106
corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.i586.rpm
401c12a145975b77d52124a5a5d50f74
corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
24d174823b2f859b351dc28038c5445d
corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.i586.rpm
7abc5b779da62bb2cb2932c4c95714e7
corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.i586.rpm
3e1000129934b9a9a073b0213f16dbe6
corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.i586.rpm
e7255e48e85cbecd6262d51f32989014
corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.i586.rpm
a962d0df6dd09eb6854523d84fec4e86
corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.i586.rpm
682d742583e0810687b55308724bc157
corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.11.C21mdk.i586.rpm
780030d5367fcc89d0953c9b044b8529
corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.i586.rpm
8896ce432c93d01d475ae33461735667
corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.i586.rpm
53cd2172e775cbf216ea75f02020e4d4
corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.i586.rpm
b853b4244edd9932f11d11ea2820a739
corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.i586.rpm
9c8d0d9b80b51598a403af219e9a0e2c
corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
dffc68b2636997b396abc62a34cd6dab
x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.x86_64.rpm
0a5072e381c1f92099df34c62944629c
x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
c3bb343202b6e4fd8407204f275a1533
x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.x86_64.rpm
f55e947c57306a93731fdd3c1c5f145f
x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
65298c67e1b19bd8bdf516c84ef7eaec
x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.x86_64.rpm
adc6f86d68acd23d38773ab8f0f29f71
x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.x86_64.rpm
87ac9ab90759b9edee919fcc47ff2eeb
x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
29abb2e493d3b17898c6dc2aacf41439
x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.x86_64.rpm
312cbac5a7fde15d896d57166bc9b76c
x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.x86_64.rpm
b84fa36e4e5531e8b661924621b8c5e6
x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.x86_64.rpm
072a8d9e3d058ca5e4dd5acb93108e82
x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.x86_64.rpm
be7ea83bbf39396d176784fd075539be
x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.x86_64.rpm
4ede9683a99c187df328af315217c337
x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.x86_64.rpm
9c8d0d9b80b51598a403af219e9a0e2c
x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm
Mandrakelinux 9.2:
5c332161d55e7eebd2360303601dfadb 9.2/RPMS/libxfree86-4.3-24.6.92mdk.i586.rpm
c450c2e22005e97350f3fb29d5ea20ae
9.2/RPMS/libxfree86-devel-4.3-24.6.92mdk.i586.rpm
41bcf9b6bd846a23b89de2e990b26533
9.2/RPMS/libxfree86-static-devel-4.3-24.6.92mdk.i586.rpm
0b2c7bf72e6327e6c6bd93c2aa5f37d6
9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.i586.rpm
3b66f817c250f2bd7085413206509025
9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.i586.rpm
26cb98d0fb72082dc853f5646c067578 9.2/RPMS/XFree86-4.3-24.6.92mdk.i586.rpm
82394b97c9a71a719af0e2c7b01ba77b
9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.i586.rpm
6df3de4f21e16d2751ede3f25874aebe
9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.i586.rpm
616e1e3b8c6ebe6bbb0a76ee72270d98 9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.i586.rpm
d228bc7b643465201bc9400588dcde24
9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.i586.rpm
037afc7cdf1849aeb4854a4d4af29214 9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.i586.rpm
a317f00f84226f4a307d8134a2fc237e
9.2/RPMS/XFree86-glide-module-4.3-24.6.92mdk.i586.rpm
f16720d379d6eacdf2a20fa576ed61dc
9.2/RPMS/XFree86-server-4.3-24.6.92mdk.i586.rpm
b1f380a049bcb2e1f7c2dc06ab44c431 9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.i586.rpm
8d78775e3a349b127e38891fabf65255 9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
7edd01fc836fc645c05e491f86a9d6a6
amd64/9.2/RPMS/lib64xfree86-4.3-24.6.92mdk.amd64.rpm
52c87fee470e394c7e4d0d617c5bb475
amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.6.92mdk.amd64.rpm
2a241721a939736a6ed6d25928518c73
amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.6.92mdk.amd64.rpm
c20d2ffd87f829413f7c0bb279c00171
amd64/9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.amd64.rpm
27e5788d874a503305d4f2eff281ed49
amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.amd64.rpm
c1fe36f7de0bfc47e60519e0fd399a0e
amd64/9.2/RPMS/XFree86-4.3-24.6.92mdk.amd64.rpm
3d9959e78352bc4468da2b9983d334c7
amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.amd64.rpm
40fb31d5324397dab3794a274c9c0827
amd64/9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.amd64.rpm
64111dae07d4e6b1745e56f3e97e46a6
amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.amd64.rpm
8ea864fc4f0289399010b4155652aa9a
amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.amd64.rpm
b3c734540a22b56da8ba64577a0579d1
amd64/9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.amd64.rpm
5b48ff86468c5ced0f5d450bc34e55da
amd64/9.2/RPMS/XFree86-server-4.3-24.6.92mdk.amd64.rpm
dcb6917cf251d27cb91e1e187a9c6265
amd64/9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.amd64.rpm
8d78775e3a349b127e38891fabf65255
amd64/9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBo17nmqjQ0CJFipgRAulTAJ9Ru9FpOI8mAu67e43p5A+/CDWSsACgtvIK
cxaSMnXsb1da/p720DuAMgs=
=i51J
-----END PGP SIGNATURE-----