RHSA-2004:479-01: Updated XFree86 packages fix security issues and bugs
Posted on: 10/06/2004 01:51 PM

Red Hat has released updated XFree86 packages for Red Hat Enterprise Linux 2.1

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages fix security issues and bugs
Advisory ID: RHSA-2004:479-01
Issue date: 2004-10-06
Updated on: 2004-10-06
Product: Red Hat Enterprise Linux
Keywords: ATI Radeon 7000m
Obsoletes: RHBA-2004:155
CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0692
----------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0692 to these issues.

These packages also contain a bug fix to lower the RGB output voltage on Dell servers using the ATI Radeon 7000m card.

Users are advised to upgrade to these erratum packages which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

129797 - Radeon driver (7000m) TVDAC output too high for DELL Server
131121 - CAN-2004-0687/8 libXpm stack and integer overflows.

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm

ia64:
aea7045f5c8d04eb38d0b97041d55c66 XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
47a41e5c8cba5a8079b4465092cac04e XFree86-4.1.0-62.EL.ia64.rpm
1b14fddae22bc81fdfbcdc9d2bdfb555 XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
a1f5386949b35900754ec1ee5e1cea03 XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
63d46f97a1c299e78e1533be26d8928e XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
04bc6f8f8a9d37d4196415480b658b91 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
9d2812f74cb1338d797ea0479054c561 XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
919e7a7ec805ab270c054b49903a14b9 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
e5859b013ab1261e07a9bdba001ce74f XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
935eaac390eb39688640bb0786e07b86 XFree86-Xnest-4.1.0-62.EL.ia64.rpm
3d9f3eee7b87d021a92983872e360239 XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
f93e1c20d097f2d0b924f33a56b6d2b6 XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
1b487e8a99a56bb05535ec9946442615 XFree86-devel-4.1.0-62.EL.ia64.rpm
61e302813770eb4c37d7b587180088fd XFree86-doc-4.1.0-62.EL.ia64.rpm
1f745348f8367cfbeb842c30fdb6b3f6 XFree86-libs-4.1.0-62.EL.ia64.rpm
c879bae86bf53a287925d7b3cfd37090 XFree86-tools-4.1.0-62.EL.ia64.rpm
80697a8acd47fefeff093d234660d350 XFree86-twm-4.1.0-62.EL.ia64.rpm
7e3c7f981d80e3af491dd906bcb682cd XFree86-xdm-4.1.0-62.EL.ia64.rpm
4ce5284ba83525462fb37e6b103b2530 XFree86-xfs-4.1.0-62.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm

ia64:
aea7045f5c8d04eb38d0b97041d55c66 XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
47a41e5c8cba5a8079b4465092cac04e XFree86-4.1.0-62.EL.ia64.rpm
1b14fddae22bc81fdfbcdc9d2bdfb555 XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
a1f5386949b35900754ec1ee5e1cea03 XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
63d46f97a1c299e78e1533be26d8928e XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
04bc6f8f8a9d37d4196415480b658b91 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
9d2812f74cb1338d797ea0479054c561 XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
919e7a7ec805ab270c054b49903a14b9 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
e5859b013ab1261e07a9bdba001ce74f XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
935eaac390eb39688640bb0786e07b86 XFree86-Xnest-4.1.0-62.EL.ia64.rpm
3d9f3eee7b87d021a92983872e360239 XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
f93e1c20d097f2d0b924f33a56b6d2b6 XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
1b487e8a99a56bb05535ec9946442615 XFree86-devel-4.1.0-62.EL.ia64.rpm
61e302813770eb4c37d7b587180088fd XFree86-doc-4.1.0-62.EL.ia64.rpm
1f745348f8367cfbeb842c30fdb6b3f6 XFree86-libs-4.1.0-62.EL.ia64.rpm
c879bae86bf53a287925d7b3cfd37090 XFree86-tools-4.1.0-62.EL.ia64.rpm
80697a8acd47fefeff093d234660d350 XFree86-twm-4.1.0-62.EL.ia64.rpm
7e3c7f981d80e3af491dd906bcb682cd XFree86-xdm-4.1.0-62.EL.ia64.rpm
4ce5284ba83525462fb37e6b103b2530 XFree86-xfs-4.1.0-62.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2004479_01_updated_xfree86_packages_fix_security_issues_and_bugs.html)