---

Home Security

Mandrakelinux Advisories: XFree86, apache2, libxpm4, cups

By

Mandrakelinux Security Update Advisory

Package name: XFree86
Advisory ID: MDKSA-2004:099
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

Chris Evans found several stack and integer overflows in the
libXpm code of X.Org/XFree86:

Stack overflows (CAN-2004-0687):

Careless use of strcat() in both the XPMv1 and XPMv2/3
xpmParseColors code leads to a stack based overflow (parse.c).

Stack overflow reading pixel values in ParseAndPutPixels
(create.c) as well as ParsePixels (parse.c).

Integer Overflows (CAN-2004-0688):

Integer overflow allocating colorTable in xpmParseColors
(parse.c) – probably a crashable but not exploitable offence.

The updated packages have patches from Chris Evans and Matthieu
Herrb to address these vulnerabilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688

Updated Packages:

Mandrakelinux 10.0:
9d1e991a5dbfc681a5c87fd79b561296
10.0/RPMS/libxfree86-4.3-32.2.100mdk.i586.rpm
5b767743ea9fea956ba9dc083bc10c25
10.0/RPMS/libxfree86-devel-4.3-32.2.100mdk.i586.rpm
c658bbabc5e4e0ec5922c3953a87b3ad
10.0/RPMS/libxfree86-static-devel-4.3-32.2.100mdk.i586.rpm
cd19a71edc31e8db8f3e18f79f05089c
10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.i586.rpm
48e02a5d891f5eced5ce66e59cf1eb92
10.0/RPMS/XFree86-4.3-32.2.100mdk.i586.rpm
7e8d4c0d5d2c06c349d979f878d06904
10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.i586.rpm
e5943ade51bbb53aa4988e51d7f55e21
10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.i586.rpm
73b4c3cca0af8beeed2dc8ea2af9328d
10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.i586.rpm
8abff89792decf4563d20e3298def8f5
10.0/RPMS/XFree86-glide-module-4.3-32.2.100mdk.i586.rpm
3ea82bc33e519546877a39a733c9c417
10.0/RPMS/XFree86-server-4.3-32.2.100mdk.i586.rpm
3a5aa6b83350355d2487da6c289fbd08
10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.i586.rpm
c39d5eb61d33fe7a95f4d87a4acb25dd
10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.i586.rpm
fcf0d59a1c31ae4b719eccc11b13e9dd
10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.i586.rpm
541b2b34e491e0d9c2b115a41544de79
10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
541b2b34e491e0d9c2b115a41544de79
amd64/10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm
cd6132b03458466a2562c3a30b168502
amd64/10.0/RPMS/XFree86-4.3-32.2.100mdk.amd64.rpm
a5ba7f7dc4e7a2edb0f6ec096e5a6759
amd64/10.0/RPMS/lib64xfree86-4.3-32.2.100mdk.amd64.rpm
c5a57adf7640982f3808c5db00338b88
amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.2.100mdk.amd64.rpm
e4050b67d3450e6f429cd6dd59b11669
amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.2.100mdk.amd64.rpm

08db9659e9b8333a3c5a32b90548c688
amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.amd64.rpm
ddf14101db0b5acbf124c61a2279b54f
amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.amd64.rpm
22546ddc6d53b46103949a846148c5a2
amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.amd64.rpm

1ceb7bab20d5d86eb5bf1dd46e4d5022
amd64/10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.amd64.rpm
e5ecd7a77dd8114f2b01dc1829d82b88
amd64/10.0/RPMS/XFree86-server-4.3-32.2.100mdk.amd64.rpm
dcd5c36b070a69b7bab557bebe4308a9
amd64/10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.amd64.rpm
02554ec8f462a953290b29376e8da9e2
amd64/10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.amd64.rpm
59ea3335b10ee14f9d0ea5f032c431f1
amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.amd64.rpm

Corporate Server 2.1:
e901f65d94c28271b5be9719bcaa530c
corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm

e2a80f62dd03b6c797b4f0685dac1eb8
corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.i586.rpm
571c788226230893eb27e4b319d42825
corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.i586.rpm

be85eb20f3837a76d888e92005b060d1
corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.i586.rpm
2a51ed329cca3879f8ac1328296538de
corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.i586.rpm
ec5088dbe7e9c8be7eca4a55c8bcf018
corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm

6ecc6e0db8325b2b7f2e257a5f9baba3
corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.i586.rpm
0fae2859fa0695ac0fd59af01a7a4975
corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.i586.rpm
044b2a9c5d8bae6ed2013035b2a19f53
corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.10.C21mdk.i586.rpm

7d54ae278a123aee0e5480498f06b18e
corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.i586.rpm

2fddac60e1c86c090e67793d657f09b0
corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.i586.rpm
4a1096b9dbfdf3e2d98f5de321142bef
corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.i586.rpm
cc7253cdac6b100cfea47db75b53296e
corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.i586.rpm
19b7b5aee7498c1435228b907ef07e1f
corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
75126a161c6dedbb937b4c28de45e20c
x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.x86_64.rpm

95cd8c0e294e5a0655a1722bbb25cd71
x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.x86_64.rpm

553c5ec3dd448f6a32b1198835c65e14
x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.x86_64.rpm

e91ccaa84852b400bc110a7a3bc84b24
x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.x86_64.rpm

de7cbc373a397f010f64fe9aaea3e7d3
x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

1b1f3599513d2c89574334d5abec5ad6
x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.x86_64.rpm
4f35485ddf62ec642794ba055e20ad2e
x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

fa490c6542356985b29479862a37e14f
x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

b60c8ed666900e0d5e44ede1be911e0a
x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.x86_64.rpm

ffdce4cde212e7dc3d6d3f9adca260e2
x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.x86_64.rpm

7600253361f2117ab96b2566118df7e0
x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.x86_64.rpm

bacae02d0b5e390f9de780f9595f387b
x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.x86_64.rpm

19b7b5aee7498c1435228b907ef07e1f
x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

Mandrakelinux 9.2:
4e0e127b08d5c09c28d6cc0b7511237f
9.2/RPMS/libxfree86-4.3-24.5.92mdk.i586.rpm
aa610b35928b997da0dd04f779baa00a
9.2/RPMS/libxfree86-devel-4.3-24.5.92mdk.i586.rpm
c15f9b375f7f2f951eced437c6fc4450
9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.i586.rpm
ce94240859b48fe3ee551066e153016f
9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.i586.rpm
4a4d6f1030b15c93edf87260725155a7
9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.i586.rpm
b67a24abf69d45d9fcd5ba65b83bd793
9.2/RPMS/libxfree86-static-devel-4.3-24.5.92mdk.i586.rpm
a5be699ad2b5097253314c2ee25b1557
9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.i586.rpm
ac6ae823cb9981af067ae7d53db93e50
9.2/RPMS/XFree86-glide-module-4.3-24.5.92mdk.i586.rpm
1663c6d77b048451d11c614630f3c920
9.2/RPMS/XFree86-4.3-24.5.92mdk.i586.rpm
9908c0df16c2faf76d2037517eb7af0c
9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.i586.rpm
8e267dbed6a6415a034202c756dc0887
9.2/RPMS/XFree86-server-4.3-24.5.92mdk.i586.rpm
30f0b05257278ff6f5b7ade1d5984fb5
9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.i586.rpm
06236e20e91dd247e7d5458dc10773ca
9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.i586.rpm
eed1932ba7d07b3f7a3e93f6fc101e22
9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
4a1cf11b06553f00492f6080976dbf71
amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.5.92mdk.amd64.rpm
5a5a3704b1cbc3765264ca9c402f87f4
amd64/9.2/RPMS/XFree86-4.3-24.5.92mdk.amd64.rpm
50d13b476df1d933c0f579f8ccd546ea
amd64/9.2/RPMS/lib64xfree86-4.3-24.5.92mdk.amd64.rpm
f3f12bd4da52199c41ac585fcfc0f979
amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.5.92mdk.amd64.rpm

1eb4a6f947e53c796af52e06c84298d3
amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.amd64.rpm
dbf3c10a52bf88036be7310f32f28e8c
amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.amd64.rpm
37411c4ffe974ef9b0f09b308b4ffd3d
amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.amd64.rpm
5024f50ce4d3e0ca45828c5488477e2a
amd64/9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.amd64.rpm
434106b2719763a1a7c25d4dec468eb4
amd64/9.2/RPMS/XFree86-server-4.3-24.5.92mdk.amd64.rpm
bb887cf687422a1f1c99e49493b17dc8
amd64/9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.amd64.rpm
0f6aca5dea8d35457082965970c6da4a
amd64/9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.amd64.rpm
5fb4470b9052cc0df15333d240c0350d
amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.amd64.rpm
eed1932ba7d07b3f7a3e93f6fc101e22
amd64/9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

Mandrakelinux Security Update Advisory

Package name: apache2
Advisory ID: MDKSA-2004:096
Date: September 15th, 2004
Affected versions: 10.0, 9.2

Problem Description:

Two Denial of Service conditions were discovered in the input
filter of mod_ssl, the module that enables apache to handle HTTPS
requests.

Another vulnerability was discovered by the ASF security team
using the Codenomicon HTTP Test Tool. This vulnerability, in the
apr-util library, can possibly lead to arbitray code execution if
certain non-default conditions are met (enabling the
AP_ENABLE_EXCEPTION_HOOK define).

As well, the SITIC have discovered a buffer overflow when Apache
expands environment variables in configuration files such as
.htaccess and httpd.conf, which can lead to possible privilege
escalation. This can only be done, however, if an attacker is able
to place malicious configuration files on the server.

Finally, a crash condition was discovered in the mod_dav module
by Julian Reschke, where sending a LOCK refresh request to an
indirectly locked resource could crash the server.

The updated packages have been patched to protect against these
vulnerabilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786

http://www.uniras.gov.uk/vuls/2004/403518/index.htm

Updated Packages:

Mandrakelinux 10.0:
577abf316e5d985744e3a55c00ba1ed3
10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm
0f57531ce5bfd8034f1d485d55a8dc36
10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm
8931749f97b852f34500348a4d1f3ae0
10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm
abd6661337d00c261462d9dc4a7e7a27
10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm
d4ece1caa7d12cdcad37fc179a3a507a
10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm
b33b960cc734861a8b12f157c2754d37
10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm
c49321208ca8c4e3f867acf481b56aea
10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm
f03a0281374080c36351c6994ca83fef
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm
e6d2e946c1a4006d7da12e0d4970efdf
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm
4b121a7f3ac76c4d6d47b3b2dd303afc
10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm
fabdc95624a9d4863ce6a0773ba41769
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm
386f4203719e4dbed7ec22c2b2416a6f
10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm
39fb6ee3fb9a25fe9fef386b10908300
10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm
8769f679dd2ff3fbc61a8d53bf7e1e95
10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm
22cdca5e2d82338cd0cf9fb2494f93e5
10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm
6110769acb534f25eb2eca0240dc59c0
10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm
a95799fa3e80c91b9c213e6938894004
10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6147e89235b66d584b49aa29b1bdd48f
amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm
43227a23672e9e794ab9c2fdbfdc29af
amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm
0f4a26910cb8d3cef4f0c6990e2dd89a
amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm
939b4a808c3d4d4aeec7353873fe70d2
amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm
636cb8f74e0fd9955924de1b8c9bcd33
amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm
84440eadc0ca8e45caf80cc1c5a110ec
amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm
bb8fc55c43ed023f41b2c9134b22112b
amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm
059c1ded4088a77ca1379b37bf488d8a
amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm

21e5578866e52cafb66a8810b80bb8ee
amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm

b772fc49e45ba69cf54befd0c43b0478
amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm
8ab329afc0a8114022c2989f0da114e5
amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm

3dd9a74509e65083895a38a40b5737e8
amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm
dd8c9c7a029a409f1a9c0498e9bdb0d4
amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm
9823808a0fd99a4285a742bc843f2a7f
amd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm
6a801d9aa2cd2b4b2702541a29b21adc
amd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm
c5b670cc38bfe405e581a4d82bfbc49d
amd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm
a95799fa3e80c91b9c213e6938894004
amd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 9.2:
a5022c41292c79824da685f40a84088f
9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm
f7bb47cfbaaed2b59cb75c1fd19334ba
9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm
1f71d90ac568f5e8f6ab1dfaa98cf4c3
9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm
5494d0648be5a27178b810980cb7f3e8
9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm
42f46e37fe2242947dceda9e0455bdfc
9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm
70b913fa54ddcfa696c1bd4251a79945
9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm
5000116dac10fd53b04153b7380528a9
9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm
102a388f55bc59ad824e94913893bb97
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm
4e80f75066f180226812ab89256ed651
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm
67c4d53ee756149485ee98fb4a0a3f98
9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm
5d33dc3247dee2d598534564245534e7
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm
82d6c628240e4529555f5234f61ae465
9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm
162af1842efde8e25cee655c9a6074d8
9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm
57cfc8ec7a4f0748df2512a8cab871c1
9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm
d2b611bd99ed5f0de8a211058ea5c9b3
9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm
732529e90ba322a1af3e8cc52ed3b35d
9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm
0a407de570da4a4fa87f0ff01209e6cb
9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
d38ea5529d580f08fd41e5d60e0e27f3
amd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm
71b971bfa2ee3c9892c474b52d25d013
amd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm
271807bfedd2e488fe8612c1eeac884c
amd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm
956499b5a87b862eba2a6cad34acbe73
amd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm
385ba3c32e876db596afddc5e6115904
amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm
7ae05ee04cb1a28e028fd6bae59ba2e8
amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm
7c2a5dce49f994d8535344e284342a84
amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm
43540961c80877d932bbb71a21be2e96
amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm

1a0333f97501803238053c8bf0d1a536
amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm

df9db8eda897070aa85b9c39552ec353
amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm
bda589312c97917e3febd6315d403533
amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm
93c3f05ab21020651aa2f3ec8dee77eb
amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm
0184016e442847ca432a78ee488c14da
amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm
2e73a720242ea4010cc783afd8eb30d8
amd64/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.amd64.rpm
e33488dc979fc75ff33e82b4749ac87e
amd64/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.amd64.rpm
cc7bc30bd8cc09da849d981701a96f6c
amd64/9.2/RPMS/lib64apr0-2.0.47-6.9.92mdk.amd64.rpm
0a407de570da4a4fa87f0ff01209e6cb
amd64/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

Mandrakelinux Security Update Advisory

Package name: libxpm4
Advisory ID: MDKSA-2004:098
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

Chris Evans found several stack and integer overflows in the
libXpm code of X.Org/XFree86 (from which the libxpm code is
derived):

Stack overflows (CAN-2004-0687):

Careless use of strcat() in both the XPMv1 and XPMv2/3
xpmParseColors code leads to a stack based overflow (parse.c).

Stack overflow reading pixel values in ParseAndPutPixels
(create.c) as well as ParsePixels (parse.c).

Integer Overflows (CAN-2004-0688):

Integer overflow allocating colorTable in xpmParseColors
(parse.c) – probably a crashable but not exploitable offence.

The updated packages have patches from Chris Evans and Matthieu
Herrb to address these vulnerabilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688

Updated Packages:

Mandrakelinux 10.0:
b04f06bcbb1d68a0bb5a27a3409ab695
10.0/RPMS/libxpm4-3.4k-27.1.100mdk.i586.rpm
674d40df87b997be5be5b63088cc25f1
10.0/RPMS/libxpm4-devel-3.4k-27.1.100mdk.i586.rpm
6f384448d85afd56100e68608d307536
10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6f384448d85afd56100e68608d307536
amd64/10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm
6fed4973b8a0f06a78176b35069d39d3
amd64/10.0/RPMS/lib64xpm4-3.4k-27.1.100mdk.amd64.rpm
72b965c6dbf0d3cdc437405c18c8d658
amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.1.100mdk.amd64.rpm

Corporate Server 2.1:
09d95b236c8bbe18e64a521c91edecea
corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.i586.rpm
f95679273cc924ceb8343f5abb637bbf
corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.i586.rpm
93b631321701b3309cf47ca62f92b2b2
corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
a98d3ac4aca9d273aec7d0df7affd389
x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.x86_64.rpm
d6aa250f8bb892ccc48e914085e8472f
x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.x86_64.rpm

93b631321701b3309cf47ca62f92b2b2
x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

Mandrakelinux 9.2:
8d9a613ad0d381e0da4ea8b455dc81ef
9.2/RPMS/libxpm4-3.4k-27.1.92mdk.i586.rpm
f279c6c59dec9a85bc6d209931b2d9b1
9.2/RPMS/libxpm4-devel-3.4k-27.1.92mdk.i586.rpm
ae0fa1a38affc7cdbef9505db0bb8e79
9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
5f074ee2a98ebefedd94ce12c481469d
amd64/9.2/RPMS/lib64xpm4-3.4k-27.1.92mdk.amd64.rpm
dab19b1fdec00205b18a3d0db64ae7ea
amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.1.92mdk.amd64.rpm
ae0fa1a38affc7cdbef9505db0bb8e79
amd64/9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

Mandrakelinux Security Update Advisory

Package name: cups
Advisory ID: MDKSA-2004:097
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

Alvaro Martinez Echevarria discovered a vulnerability in the
CUPS print server where an empty UDP datagram sent to port 631 (the
default port that cupsd listens to) would disable browsing. This
would prevent cupsd from seeing any remote printers or any future
remote printer changes.

The updated packages are patched to protect against this
vulnerability.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558

http://www.cups.org/str.php?L863

Updated Packages:

Mandrakelinux 10.0:
6f786e3ec36e246d7370f492e53e8071
10.0/RPMS/cups-1.1.20-5.1.100mdk.i586.rpm
3b648685e2d6daca32c19f0c911c2a2d
10.0/RPMS/cups-common-1.1.20-5.1.100mdk.i586.rpm
c38951a854429442227c08493ce95b10
10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.i586.rpm
68d867e3151cc40be946f7e6585718b3
10.0/RPMS/libcups2-1.1.20-5.1.100mdk.i586.rpm
73a61738b404f9ffe2f5d33d999c58d8
10.0/RPMS/libcups2-devel-1.1.20-5.1.100mdk.i586.rpm
dbf32babe26d1b9bf922839fd4f64409
10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9dd4e92fa6761ce6414583f3673dab6b
amd64/10.0/RPMS/cups-1.1.20-5.1.100mdk.amd64.rpm
e49fdc4df0ab800ad48c24a87117a63f
amd64/10.0/RPMS/cups-common-1.1.20-5.1.100mdk.amd64.rpm
ccc5ae05b07c3a56eb30cfe3a95e2aea
amd64/10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.amd64.rpm
a816a4ad33164d23d0a5425b900d9ce0
amd64/10.0/RPMS/lib64cups2-1.1.20-5.1.100mdk.amd64.rpm
feeed14726902046368619d8e5f680c4
amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.1.100mdk.amd64.rpm
dbf32babe26d1b9bf922839fd4f64409
amd64/10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Corporate Server 2.1:
142f95c8680e081dfbfb53e586de0758
corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.i586.rpm
13510fb948f686e81cb0e43ed199a5c9
corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.i586.rpm
fe7759d16276087aea078a4666d27264
corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.i586.rpm
d5a3ad2d14a730b633153bc486f8d043
corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.i586.rpm
b1ac7b51317da42444ea35e5e3e1def3
corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.i586.rpm
0cfaa49e8d722afad7886998121a8ef2
corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
53d838ecedc3d39880e43476cdba933d
x86_64/corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.x86_64.rpm
71df87e1abeb7cbf1dff2d206476f149
x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.x86_64.rpm

93d9708fbbc34f7ea44b40f193a35bf1
x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.x86_64.rpm

4a2d2ace8e2ddf9e29061fff3b0b2e72
x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.x86_64.rpm
7edc440141df40c2dbfb814c7221e511
x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.x86_64.rpm

0cfaa49e8d722afad7886998121a8ef2
x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Mandrakelinux 9.2:
b46e23e49906b9837f8ff8a2f1551a1a
9.2/RPMS/cups-1.1.19-10.1.92mdk.i586.rpm
41882610ebe7ef19c62d0466a3b856bd
9.2/RPMS/cups-common-1.1.19-10.1.92mdk.i586.rpm
80285eaf595e788bf83cb06c3be6399b
9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.i586.rpm
eeb50273236cab134566e4ba9aa19de7
9.2/RPMS/libcups2-1.1.19-10.1.92mdk.i586.rpm
9eebdc74a019cbf01a36e91cb0f2da38
9.2/RPMS/libcups2-devel-1.1.19-10.1.92mdk.i586.rpm
b2badd330ea284850e42f9107bb178cf
9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
bd01da75ac66983321eca2394853eb56
amd64/9.2/RPMS/cups-1.1.19-10.1.92mdk.amd64.rpm
865443156fd350d0b06c1696f923d413
amd64/9.2/RPMS/cups-common-1.1.19-10.1.92mdk.amd64.rpm
78ed4c034ee5fa27b85dd89d909a1a3c
amd64/9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.amd64.rpm
7e868f59baa290fbef9f933ac76156ce
amd64/9.2/RPMS/lib64cups2-1.1.19-10.1.92mdk.amd64.rpm
db3266a647e39805f0b9f36fa87dcac1
amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.1.92mdk.amd64.rpm
b2badd330ea284850e42f9107bb178cf
amd64/9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.