dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Mandrake Linux Advisory: XFree86

Sep 12, 2003, 20:29 (0 Talkback[s])

Mandrake Linux Security Update Advisory


Package name: XFree86
Advisory ID: MDKSA-2003:089
Date: September 11th, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1

Problem Description:

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.

As well, some bugs were fixed in XFree86 as released with Mandrake Linux 9.2, specifically a problem where X would freeze with a black screen at logout or shutdown with DRI enabled on certain ATI Radeon cards.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730 http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2


Updated Packages:

Corporate Server 2.1:
b6b82d5616020f748cebd0dc707a8618 corporate/2.1/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761 corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3 corporate/2.1/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312 corporate/2.1/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7 corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73 corporate/2.1/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec corporate/2.1/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea corporate/2.1/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04 corporate/2.1/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111 corporate/2.1/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312 corporate/2.1/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c corporate/2.1/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

Corporate Server 2.1/x86_64:
22a2ea48c62ed91abd3416ab3216dbe8 x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.5mdk.x86_64.rpm
f097301439f1ea6710a3c05bfe762589 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
28b6047b4e78bf242c121eb575e6ad63 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.5mdk.x86_64.rpm
0fcfdad70433f21f3bc4a070e11a6937 x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
e22324f87a25559aa554267993b7c653 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.5mdk.x86_64.rpm
62db7479d78c5df932c20fa8ca9d07ff x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.5mdk.x86_64.rpm
83df7387954929a12fdd7c41bcc22074 x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.5mdk.x86_64.rpm
f7ec6931c6fab25c7879adfa1b6c20d2 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.5mdk.x86_64.rpm
587a4d0672d0f1e08f28e8e72329d73c x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.5mdk.x86_64.rpm
b6c5a94eac5508c204a5ff9c4633a546 x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.5mdk.x86_64.rpm
b59596a1f304b7392061ccdf446d63ed x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.5mdk.x86_64.rpm
ffb70fc44c7ca06fd91a54644c194725 x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.5mdk.x86_64.rpm
0a4cef33d2fecadf2b4bd1578c9709eb x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.5mdk.x86_64.rpm
da92afa2600c67e9d2a6995ec4dfd172 x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.5mdk.src.rpm

Mandrake Linux 9.0:
b6b82d5616020f748cebd0dc707a8618 9.0/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761 9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3 9.0/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7 9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312 9.0/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7 9.0/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a 9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73 9.0/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec 9.0/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775 9.0/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea 9.0/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04 9.0/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111 9.0/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312 9.0/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c 9.0/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

Mandrake Linux 9.1:
b71d5294e6017e77722e5f78c72a910c 9.1/RPMS/X11R6-contrib-4.3-8.2mdk.i586.rpm
3dfdf7b100f83824595a223fddfced35 9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.i586.rpm
30095dbd12ce97c5eefb9a8b527b5e52 9.1/RPMS/XFree86-4.3-8.2mdk.i586.rpm
61ecdc4dc1d05eb5bcb22247dec478cb 9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.i586.rpm
d3554b5b68e405bca67021b85fd37869 9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.i586.rpm
2ebffbcd48bc3c6e6a76cf7e3d81aa46 9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.i586.rpm
b32f90d1611326ae4495303d6561076f 9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.i586.rpm
6328a66ac5ff3ccdd8fe946c96842061 9.1/RPMS/XFree86-devel-4.3-8.2mdk.i586.rpm
f316f8b4889b3b259f095e935277acff 9.1/RPMS/XFree86-doc-4.3-8.2mdk.i586.rpm
fcd822ba375492f84f394099ec804d16 9.1/RPMS/XFree86-glide-module-4.3-8.2mdk.i586.rpm
f57330dbd60738eab19e5e42080697e5 9.1/RPMS/XFree86-libs-4.3-8.2mdk.i586.rpm
1b632cd73f8143d82baa9cdf9648b8dd 9.1/RPMS/XFree86-server-4.3-8.2mdk.i586.rpm
582715411b806eb6248192d2db23f79e 9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.i586.rpm
be7ce95709aa7e757fd51d765399a457 9.1/RPMS/XFree86-xfs-4.3-8.2mdk.i586.rpm
28411743be8f5f1f05e819a63e091a18 9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm

Mandrake Linux 9.1/PPC:
9f1b69d618825865a8cdef95f3aecfb9 ppc/9.1/RPMS/X11R6-contrib-4.3-8.2mdk.ppc.rpm
2ceff4f871f07bbcdad696380ab9ae5e ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.ppc.rpm
4983703738ef3b4867b43d2529f50f9a ppc/9.1/RPMS/XFree86-4.3-8.2mdk.ppc.rpm
d01c586bd35004ea54337947d80c1769 ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.ppc.rpm
4275992e50cc330980540a782e82b941 ppc/9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.ppc.rpm
4c098691c64be4c1e4c7ac590b606b51 ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.ppc.rpm
ec3c3cbeff15c78d1b99c5fd525a1425 ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.ppc.rpm
6d36dfdc2e680807ff34b326a4a17ce4 ppc/9.1/RPMS/XFree86-devel-4.3-8.2mdk.ppc.rpm
2d5ef47dd57d6ae65d455c47df99f4ae ppc/9.1/RPMS/XFree86-doc-4.3-8.2mdk.ppc.rpm
c7de33f6110057b6ca082e0cbb54ef4f ppc/9.1/RPMS/XFree86-libs-4.3-8.2mdk.ppc.rpm
5d7cacc104264b378a8c1a15eec7a1d2 ppc/9.1/RPMS/XFree86-server-4.3-8.2mdk.ppc.rpm
dbcf8d7ebe9c33c7e704fef3b795c30e ppc/9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.ppc.rpm
f115f1b52a3fa8ed4025ebbbeb7ec6e6 ppc/9.1/RPMS/XFree86-xfs-4.3-8.2mdk.ppc.rpm
28411743be8f5f1f05e819a63e091a18 ppc/9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm


Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

1307 - XFree86 freezes on logout or shutdown with DRI on Radeon Mobility 7500 2741 - XFree fails to restart after logout


To upgrade automatically, use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>