dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Debian GNU/Linux Advisory: xfree86

Sep 12, 2003, 21:51 (0 Talkback[s])

Debian Security Advisory DSA 380-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
September 12th, 2003 http://www.debian.org/security/faq

Package : xfree86
Vulnerability : buffer overflows, denial of service
Problem-Type : remote
Debian-specific : no
CVE Ids : CAN-2003-0063 CAN-2003-0071 CAN-2002-0164 CAN-2003-0730

Four vulnerabilities have been discovered in XFree86.

CAN-2003-0063 - xterm window title reporting escape sequence can deceive user

The xterm package provides a terminal escape sequence that reports the window title by injecting it into the input buffer of the terminal window, as if the user had typed it. An attacker can craft an escape sequence that sets the title of a victim's xterm window to an arbitrary string (such as a shell command) and then reports that title. If the victim is at a shell prompt when this is done, the injected command will appear on the command line, ready to be run. Since it is not possible to embed a carriage return in the window title, the attacker would have to convince the victim to press Enter (or rely upon the victim's careless or confusion) for the shell or other interactive process to interpret the window title as user input. It is conceivable that the attacker could craft other escape sequences that might convince the victim to accept the injected input, however. The Common Vulnerabilities and Exposures project at cve.mitre.org/ has assigned the name CAN-2003-0063 to this issue.

To determine whether your version of xterm is vulnerable to abuse of the window title reporting feature, run the following command at a shell prompt from within an xterm window:

echo -e "e[21t"

(The terminal bell may ring, and the window title may be prefixed with an "l".)

This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the "cat" command). Whether you are likely to be exposed to it depends on how you use xterm. Consider the following:

echo -e 'e]2;s && echo rm -rf *a' > /tmp/sploit echo -e 'e[21t' >> /tmp/sploit
cat /tmp/sploit

Debian has resolved this problem by disabling the window title reporting escape sequence in xterm; it is understood but ignored. The escape sequence to set the window title has not been disabled.

A future release of the xterm package will have a configuration option to permit the user to turn the window title reporting feature back on, but it will default off.

CAN-2003-0071 - xterm susceptible to DEC UDK escape sequence denial-of-service attack

The xterm package, since it emulates DEC VT-series text terminals, emulates a feature of DEC VT terminals known as "User-Defined Keys" (UDK for short). There is a bug in xterm's handling of DEC UDK escape sequences, however, and an ill-formed one can cause the xterm process to enter a tight loop. This causes the process to "spin", consuming CPU cycles uselessly, and refusing to handle signals (such as efforts to kill the process or close the window).

To determine whether your version of xterm is vulnerable to this attack, run the following command at a shell prompt from within a "sacrificial" xterm window (i.e., one that doesn't have anything in the scrollback buffer you might need to see later):

echo -e "eP0;0|0A/17x9c"

This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the "cat" command). Whether you are likely to be exposed to it depends on how you use xterm.

Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.

CAN-2002-0164 - flaw in X server's MIT-SHM extension permits user owning X session to read and write arbitrary shared memory segments

Most X servers descended from the MIT/X Consortium/X.Org Sample Implementation, including XFree86's X servers, support an extension to the X protocol called MIT-SHM, which enables X clients running on the same host as the X server to operate more quickly and efficiently by taking advantage of an operating system feature called shared memory where it is available. The Linux kernel, for example, supports shared memory.

Because the X server runs with elevated privileges, the operating system's built-in access control mechanisms are ineffective to police the X server's usage of segments of shared memory. Th X server has to implement its own access control. This was imperfectly done in previous releases of XFree86 (and the MIT/X Consortium/X.Org Sample Implementation before it), leaving opportunities for malicious X clients to read and alter shared memory segments to which they should not have access. The Common Vulnerabilities and Exposures project at cve.mitre.org/ has assigned the name CAN-2002-0164 to this issue.

Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix for the this flaw, only enforcing proper access control for X servers that were not started by a display manager (e.g., xdm). This update resolves that problem.

The Debian Project knows of no exploits for this vulnerability. A malicious X client that abused the MIT-SHM extension could conceivably be written however, and run (deliberately or unwittingly) by a user able to run an X server on a host. The impact of this flaw depends on how shared memory is used on the system. See the ipcs(8) manual page for more information.

Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.

CAN-2003-0730 - multiple integer overflows in the font libraries for XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks

Security researcher "blexim" wrote [paraphrased]:

I have identified several bugs in the font libraries of the current version of the XFree86 source code. These bugs could potentially lead to the execution of arbitrary code by a remote user in any process which calls the functions in question. The functions are related to the transfer and enumeration of fonts from font servers to clients, limiting the range of the exposure caused by these bugs.

Specifically, several sizing variables passed from a font server to a client are not adequately checked, causing calculations on them to result in erroneous values. These erroneous calculations can lead to buffers on the heap and stack overflowing, potentially leading to arbitrary code execution. As stated before, the risk is limited by the fact that only clients can be affected by these bugs, but in some (non-default) configurations, both xfs and the X server can act as clients to remote font servers. In these configurations, both xfs and the X server could be potentially compromised.

The Common Vulnerabilities and Exposures project at cve.mitre.org/ has assigned the name CAN-2003-0730 to this issue.

The Debian Project knows of no exploits for this vulnerability. By default in Debian, X servers are configured to listen only to a locally-running font server, which is not even used if the xfs package is not installed. The Debian default configuration of xfs uses only font directories on the local host, and does not attempt to connect to any external font servers.

Debian has resolved this problem by backporting an upstream fix to XFree86 4.1.0.

All of the above problems also affect the xfree86v3 packages (in the case of the first two flaws, the xterm source code contains the flaws, but no xterm package is produced). Due to resource limitations and a lack of upstream support for this legacy code, Debian is unable to continue supporting version 3.3.6 of XFree86. To avoid exposure to the latter two flaws in this advisory, we recommend that you remove the following packages if you have them installed:

xserver-3dlabs
xserver-8514
xserver-agx
xserver-common-v3
xserver-fbdev
xserver-i128
xserver-mach32
xserver-mach64
xserver-mach8
xserver-mono
xserver-p9000
xserver-s3
xserver-s3v
xserver-svga
xserver-tga
xserver-vga16
xserver-w32

(You may also wish to remove the xext, xlib6, and xlib6-altdev packages, as support for them is being terminated along with the rest of the XFree86 3.3.6 packages, though they are not affected by the flaws in this advisory.)

For the stable distribution (woody) these problems have been fixed in version 4.1.0-16woody1.

For the unstable distribution (sid) all problems except CAN-2003-0730 are fixed in version 4.2.1-11. CAN-2003-0730 will be fixed in 4.2.1-12, currently in preparation.

We recommend that you update your xfree86 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.dsc
Size/MD5 checksum: 1512 944b46135349c20bfcc29e70c48e3134
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.diff.gz
Size/MD5 checksum: 1596153 502185d1b3e5b517d6a9cda100597014
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
Size/MD5 checksum: 54433247 ea7a32e6a81a850e9f19428f3104c300

Architecture independent components:

http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody1_all.deb
Size/MD5 checksum: 59660 77a3d33f0adef1482433508fc2fe2572
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody1_all.deb
Size/MD5 checksum: 8332974 61c2a42c2d5e668ab6adbaaff9da4c02
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody1_all.deb
Size/MD5 checksum: 4441766 a1980fa766907cd8c0137769378ce017
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody1_all.deb
Size/MD5 checksum: 7224972 7672c6a1664634a543bee78dbd707f27
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody1_all.deb
Size/MD5 checksum: 3931002 ded7e9cf4ec402311366f3c16cf3b522
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody1_all.deb
Size/MD5 checksum: 1104714 0c310f293d5f18027b4f66d89e8c88a9
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody1_all.deb
Size/MD5 checksum: 5028098 45d2fb54abcbc20a454c54d07fd87275
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody1_all.deb
Size/MD5 checksum: 437850 a4b60c52f618daba56cb59422dca8e1e
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody1_all.deb
Size/MD5 checksum: 68210 9c70aea042a1bb6e3bb32a12f417e335
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody1_all.deb
Size/MD5 checksum: 795574 2b51a0af0d69f6bfc7c9386926d3393b
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody1_all.deb
Size/MD5 checksum: 545426 041abd5637b1dd4adb9461f1db4e8f54
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody1_all.deb
Size/MD5 checksum: 59620 29a21611c82da8b2beac7b77a56c596f
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody1_all.deb
Size/MD5 checksum: 59818 b6ac13562174e6071f8320aeb1abc0a5
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody1_all.deb
Size/MD5 checksum: 4164958 3c984ffa27a444559d0ffae3a1802f14

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 164866 1589c2363e16ad5d51e9889a31989945
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 306128 56c6b42026e1146c4c3e133517f94e58
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 197878 96e0f225d467aa56cc74523144aa10b8
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 778272 757acf63b9140c8c3d8a616094010091
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 203204 de9c0dc495c42356b4d577c09a7ef7be
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 649012 b511d1bb8f602037d58f99453241f168
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 389956 2643d5a44baf3fe148fa99fa811c17e2
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 263568 f5d176e3b64c05ed31b36b6410b88edb
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 820138 ead43db05d1682dc1cd33c990a85b913
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 389850 8011f307a4d5cb0aa8bb7db530493772
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 78564 bc5b9adecfaa4cc78dd24cc3e88774b5
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 177350 1431799fc554aaea70c7026d2a5d570e
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 59834 68e917e3a99dc0ec98ecdfe5c0727f80
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1990190 ffd857b488710539d35fd2364b3fb772
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 189472 05639af5c6bed73fb841cf59ae6e40bb
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 374388 3c6cdee84b2ecf885ed591af5a869149
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 84420 256b1ac71b1dce646cffda30704e170c
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 693842 710420c07d20c12ba50900d28a194e4d
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 4133954 97db3a5d0bfd5dc3991db39573fd5068
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1489760 146d8cf832269d7e3d6f39a3fe5925c7
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 711612 115904a2a0f649d6f455e4561f474b5c
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 611030 1d9b81263c2eb48b733a9f6420cde676
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1603088 b234f6d424434758f7a777ce18ea5ce6
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1372460 df00b6ff8d52de15ef15df761b63e2c1
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 4393618 49d74798e58e143dab843c8ad7ddc581
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 3225348 41fe5aff2fdfe51677cec138bfa51f73
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 84026 d3a486e3ad293e6819dc1250d573d30f
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 150362 6dcafb93fa6ac6e005ab34ec947199f0
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1888098 892d99d5af5409c0504e14c8d63f3e94
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 1474552 8336ea711719c79772e3ecdcff85d872
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 219794 b20e366322272ac1abf24c905b7416c4
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 5719450 550c9f5113ddd3805a734c85a8758c09
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 524804 78830449f57a4cc482c2b29256148014
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 712538 f198be0721d0fefe3e80de9de8de12b9
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_alpha.deb
Size/MD5 checksum: 2046538 41b18574ece3be00a57c8f2420e194cd

ARM architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 144700 345e837401ae1f48eabe0904aeac4ab0
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 252596 78c3eaeb69c0744df80a4ea7b82d5c2b
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 178530 43b2a9d746d9b7aa147a124004620a94
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 443948 b9f3e2d2d06b98d4f57dbf5f08c9fa3e
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 188344 011939c2d5c73132dc79eeb16184ec44
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 377520 47bff42e7d0896c535ecf886c51afbfb
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 348050 c3994a45c47f2679dc9255b78509f556
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 240318 a9e51c32915bc6c4779a43046cea7bae
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 490722 e10d565db8e49f9c1b8795f541dafb0c
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 347956 08d2176d6754817d50e96ae9bd4cece1
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 76032 e5de962649328611044720866a85afb3
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 168668 b93e3ef7e89883728176868f2b06a55f
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 59848 2d04ec15c027f7709f0396d28cba1282
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 1623866 25e9fe67b7f750055927f1bb08c0e3b4
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 175104 d719a073d23a85e0b6ea73b5ac3d431a
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 324422 3ff4ef758563163134c032e0b21540d7
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 81586 7455f6073d9385706a92016973e37ce0
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 606376 af0672909ca333192243bd99c66d8870
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 351610 de91181edf74112232ddc966afbc02a9
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 931808 16c6364cfd52a64e4c8565b5c28ec8fd
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 1314666 8344fd91b283a3180d8db171e9098fbc
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 2757110 86347d552e46d6588bffff6527891609
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 3091924 2ecfecaf4d1480f6719161f41b1c57a9
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 84070 cd1a99cea3618cc2df79d8417a59283e
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 132958 a4dd99b199475e87d45a7c6b9c244787
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 1655408 10d1a806b2428d178132e33149b56d9e
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 1339478 5b79e75ece1e0712cc28fb240f92ecc3
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 218956 565a64b431fd778ade91de79a11cdd47
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 4831874 7c5f4bfc08c1e716f61c5b0b4fa5ae51
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 494176 8f3d1fe933cd1eae269e82c36ded5bd9
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 620578 472603867d1421d01e6c692e767eb032
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_arm.deb
Size/MD5 checksum: 1786420 635e9b4396a3a20f17db98337e91b685

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 131868 4e6a729ecedd2d792f545b95ef8808e2
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 229100 013b9f545a8bf7b4614b5ebfc00617db
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 167876 b9f7444698c022fdc76142fba2924a73
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 408864 bf7ba3cafc0c6029b2e5fd99875c792f
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 165824 d6eeae92cccce977c08a41322c9e2ae0
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 333700 c239af4fd8f9f46334b29c6238f4027e
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 292050 ff62c702b756263a3086ba61c8253fd5
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 212696 9531fd87f93ff956508e216137345d33
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 433272 d0c09cc477a275c1c2a4623aed08c55c
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 291924 8a6ae5427bd486a3742217b2baa8e704
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 75768 bb365449a41c50f4325cfbfa2d29d224
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 151086 6f58a0ce83eb1f08a6aa902bdd0a4bbc
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 59832 99de5573bd52e68023e1747f6099574b
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 1455808 ac5514563aa1be8ab2a50f1a845d5c87
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 170514 6013f8eb6e7c78aa7e1f7ff439852e7f
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 274984 210ddc3dbdc15329709b887e3f516ac0
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 80368 646d0ad46906cc7ab109949702b1d68f
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 552130 c345b869bda72ea9e81dedbe5c957b6a
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 3421956 bfe9428425b2867657328174d1038cc5
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 865318 bc4fcfed268ab378c4e611c51ab844eb
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 521954 8e1a132af4f7d8bf03e7c4aebe6f68ed
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 462062 0284e02b24c5bc1c6ea0619cdf3e3176
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 963620 23b9e018dd3a2f3b57c0e9e25e083fcc
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 1223940 aa0cc49a4d7ba1967ca29c1ec1b786a1
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 2534236 51ec646bc89eeca7c3f727673958d051
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 2724850 28a3ead8c6cbcaa064f05daff4c1dd9f
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 72806 aeee0ddfff582183898337624a6e5a0f
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 123924 b77989c1a5314e8274d13821f1fea13b
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 1392972 328ea5d378d96e83323091822760a853
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 1122518 07ac6616cb6c84a11923a9bc94718dab
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 219050 9a99505ef78921269793dd75edc8cda2
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 4334876 805e2b2e2ae08edb479a7b5ee52f4823
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 483978 9ac9e1ef4cbed922661e69f4e5d2b068
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 601676 7f8dee0ac3974e55046f5ffc3396f184
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_i386.deb
Size/MD5 checksum: 1495932 e0b2e685945a924a2c454518e9cb8765

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 191052 79823d7ec74e9b4120c2a26cec34d780
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 321506 b5c3dcdc87f282f517ed18d1b6a09262
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 240868 3ba4a3f5bf0d6575363cd77d7eeac165
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 824490 7f8129dd9a812ae380c11a772c40e02a
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 257462 de039254c0b162ec9347b1ed8ee8ce59
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 1166896 547186763b3370fc7da723a36aaad5e1
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 443612 3340375c091b952fa659a001c778c06c
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 339718 cf23cb9a8b1584f36f2aa20124194274
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 1333316 88b88ef01a767216f33b4ad7af8bcae2
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 443508 45468bc6469d2a9000eccfbea2bae74d
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 83312 c379fe38cd17a665819c6a88506f4068
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 207136 69ae84939b0d052efb2939a339ba6064
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 59836 062a0e576d0286cd38330550464c7b58
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 2409600 4f8519fe609780cda1036e867b9a99e4
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 210322 abcc2f3d14d6a59777a72091c0e9f864
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 472904 8ebd374a3fdc9229a4d2b529cbc66f25
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 90522 17ebcdf66c36b2b8a972e38f44a9278d
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 742964 47356a0370608644a49a20c44731bb2b
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 5184974 9dbf5b85af5dc5b787fc49a11a8e150d
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 2394146 58ce91432619dcea37f4bdea032662ee
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 831202 1710d9b86fe0ac1a8c2d8f066e298957
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 755344 e59ac8fff400c722f33da5e22f663e36
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 3198822 564e9fb30c4ae252072c824ab99ef63d
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 1651928 fe029ff2145d14e6f5de6dd8cd58bf90
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 18060132 9c029ed22bdb90650064d6bb5ca836b1
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 3512430 306a9b2df41fe39bc3d3a552e1b8d1af
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 88644 2448ab3fc771fbb6bc0dfd17714029bb
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 169816 dfbe0d27616854586ab10a76fdbe7150
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 2369928 d234d286498d08fad843f5214fe03a51
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 1894400 ab19d6258158894b704bc1abe145a288
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 220980 3639dac0d5e21e7148f56409f62f58ec
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 6900550 44d66f86f743a7da5d0457de449ba446
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 566226 05635ac4c0026ad63f0cf90128daf92a
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 814896 e48c8276b5e880dbc6cca21fdd6527cd
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_ia64.deb
Size/MD5 checksum: 2570950 ded41248f56a4aa50d8b162233d0914e

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 153970 282d3d56f5bb262ee43dd195c8c64ac3
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 277818 2ad015cf6fd0d61d3309f1597749b941
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 201844 106ce97413bd06905d08343772ed81bb
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 488336 09fc528826e2a43f81b9c81f25247490
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 203396 ff63d2458d9d2be8a6730b0e63254e9d
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 397250 f143cc3ffdd65f980cc0e1f8b46b5b74
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 357932 57b67b20bc31be5adfb2777c2814493c
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 263802 526ae9aeb9eff5d3b44a8b524da28afd
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 516890 87e2d9ba2f01b5ff025e2abe5a20ebc0
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 357810 f55c9ab6e9dd0ba084019919d9dd2aa1
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 77990 f7a8a2ea68081a58faca3451df7f6b5c
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 171862 a7443c9db94d3e537cf68f00f6426e84
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 59828 541a95464444759a8441ac8ea8b434f0
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 1699284 2a8039d220647328f6a983b50b707e0e
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 180434 11d9a2e4538b54897bb13a047af9b78c
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 337770 89756d38d2524a1e360546f1b2e59e94
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 83002 ca058399ba6a124f813ce75fe9a48f8c
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 680980 704a1ef0f5f54821bbe997cb43681eba
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 434142 9fe8e70f6cfdc53f35e9d1ac41138d9d
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 995116 d262b4f194f76355e4c3aa53feb19b52
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 1456222 3609976a0b3facbab8b9f338a5f5360b
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 2977164 22afbf53fba3442713d17ee8b63588c4
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 3191114 88a304ccb8f96f21593043ae907b4bdb
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 80530 08bc4cd00ad008c6362b2cdcfacc01f4
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 137256 6b5a563ef922d653aa1e9e7b541bca9b
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 1923244 5730d34a84e93760933ccdb14a226579
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 1498606 511f15524b42ef50b311217f817a1691
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 219536 94b448d2443ca9e37f90600ea4b6ab09
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 3591730 f028df776b92cf7939f92c69bcbdba33
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 509590 4b1513550084710c18b810ba738b204b
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 664394 70ff31e23438f40bbc882415daab2b8a
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_hppa.deb
Size/MD5 checksum: 2069434 0a840cb6a2ad4b800c19e0ccfebb7225

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_m68k.deb
Size/MD5 checksum: 127008 dbe5ce6140c4867cdcd8c19e16cafd7c
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_m68k.deb
Size/MD5 checksum: 231820 ab45bf783d22460b17e7bec16083a7bb
http://secu