RHSA-2004:610-01: Updated XFree86 packages fix security issues
Posted on: 12/20/2004 06:05 AM

Updated XFree86 packages are available for Red Hat Enterprise Linux 2.1

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages fix security issues
Advisory ID: RHSA-2004:610-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-610.html
Issue date: 2004-12-20
Updated on: 2004-12-20
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0914
----------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs), such as GNOME and KDE are designed upon.

Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XP file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain backported security patches and other bug fixes.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

136164 - CAN-2004-0914 libXpm integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72 XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3 XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34 XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9 XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64 XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4 XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2 XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0 XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790 XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9 XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9 XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357 XFree86-xfs-4.1.0-64.EL.i386.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5 XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074 XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6 XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6 XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3 XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969 XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970 XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2 XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80 XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1 XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72 XFree86-4.1.0-64.EL.src.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5 XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074 XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6 XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6 XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3 XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969 XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970 XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2 XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80 XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1 XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72 XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3 XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34 XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9 XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64 XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4 XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2 XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0 XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790 XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9 XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9 XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357 XFree86-xfs-4.1.0-64.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72 XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3 XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34 XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9 XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64 XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4 XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2 XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0 XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790 XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9 XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9 XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357 XFree86-xfs-4.1.0-64.EL.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2004610_01_updated_xfree86_packages_fix_security_issues.html)