Mandrake alert: Updated XFree86 packages fix multiple vulnerabilities

Posted by dave on Sep 11, 2003 11:03 PM EDT
Mailing list
Mail this story
Print this story

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           XFree86
Advisory ID:            MDKSA-2003:089
Date:                   September 11th, 2003

Affected versions:	9.0, 9.1, Corporate Server 2.1
________________________________________________________________________

Problem Description:

 Several vulnerabilities were discovered by blexim(at)hush.com in the
 font libraries of XFree86 version 4.3.0 and earlier.  These bugs could
 potentially lead to execution of arbitrary code or a DoS by a remote
 user in any way that calls these functions, which are related to the
 transfer and enumeration of fonts from font servers to clients.
 
 As well, some bugs were fixed in XFree86 as released with Mandrake
 Linux 9.2, specifically a problem where X would freeze with a black
 screen at logout or shutdown with DRI enabled on certain ATI Radeon
 cards.
________________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730
  http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2
________________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 b6b82d5616020f748cebd0dc707a8618  corporate/2.1/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
 c3037ff8d8060c8cdba3446a95973761  corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
 eec818571b295130b209251a72e2fca3  corporate/2.1/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
 f9d70f302c1ec8d1a4c5bd96c6ad96b7  corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
 7475166097c14542cd1d664f74684312  corporate/2.1/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
 48df0017b8bf1c302a6f8868ee7f33c7  corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
 500f4de1154b35d1ab05c7e030ffba3a  corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
 768057da9cd4af1e797b6e05d046fa73  corporate/2.1/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
 cf0f0ef4dea48f0c2c444010395a42ec  corporate/2.1/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
 ca56d1c4f5e6e702eb7293ec72f87775  corporate/2.1/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
 78779c5f70b83bedac7aafbb5152c6ea  corporate/2.1/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
 78b6b2ea65938d05de0c92a09e336b04  corporate/2.1/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
 4c58ec54549e49304bbef45d8691f111  corporate/2.1/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
 bd5fccb75e85936e07aad2f863fd1312  corporate/2.1/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
 92333ff999ccceb91ca73680c789fb5c  corporate/2.1/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 22a2ea48c62ed91abd3416ab3216dbe8  x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.5mdk.x86_64.rpm
 f097301439f1ea6710a3c05bfe762589  x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
 28b6047b4e78bf242c121eb575e6ad63  x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.5mdk.x86_64.rpm
 0fcfdad70433f21f3bc4a070e11a6937  x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
 e22324f87a25559aa554267993b7c653  x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.5mdk.x86_64.rpm
 62db7479d78c5df932c20fa8ca9d07ff  x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.5mdk.x86_64.rpm
 83df7387954929a12fdd7c41bcc22074  x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.5mdk.x86_64.rpm
 f7ec6931c6fab25c7879adfa1b6c20d2  x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.5mdk.x86_64.rpm
 587a4d0672d0f1e08f28e8e72329d73c  x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.5mdk.x86_64.rpm
 b6c5a94eac5508c204a5ff9c4633a546  x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.5mdk.x86_64.rpm
 b59596a1f304b7392061ccdf446d63ed  x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.5mdk.x86_64.rpm
 ffb70fc44c7ca06fd91a54644c194725  x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.5mdk.x86_64.rpm
 0a4cef33d2fecadf2b4bd1578c9709eb  x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.5mdk.x86_64.rpm
 da92afa2600c67e9d2a6995ec4dfd172  x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.5mdk.src.rpm

 Mandrake Linux 9.0:
 b6b82d5616020f748cebd0dc707a8618  9.0/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
 c3037ff8d8060c8cdba3446a95973761  9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
 eec818571b295130b209251a72e2fca3  9.0/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
 f9d70f302c1ec8d1a4c5bd96c6ad96b7  9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
 7475166097c14542cd1d664f74684312  9.0/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
 48df0017b8bf1c302a6f8868ee7f33c7  9.0/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
 500f4de1154b35d1ab05c7e030ffba3a  9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
 768057da9cd4af1e797b6e05d046fa73  9.0/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
 cf0f0ef4dea48f0c2c444010395a42ec  9.0/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
 ca56d1c4f5e6e702eb7293ec72f87775  9.0/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
 78779c5f70b83bedac7aafbb5152c6ea  9.0/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
 78b6b2ea65938d05de0c92a09e336b04  9.0/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
 4c58ec54549e49304bbef45d8691f111  9.0/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
 bd5fccb75e85936e07aad2f863fd1312  9.0/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
 92333ff999ccceb91ca73680c789fb5c  9.0/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

 Mandrake Linux 9.1:
 b71d5294e6017e77722e5f78c72a910c  9.1/RPMS/X11R6-contrib-4.3-8.2mdk.i586.rpm
 3dfdf7b100f83824595a223fddfced35  9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.i586.rpm
 30095dbd12ce97c5eefb9a8b527b5e52  9.1/RPMS/XFree86-4.3-8.2mdk.i586.rpm
 61ecdc4dc1d05eb5bcb22247dec478cb  9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.i586.rpm
 d3554b5b68e405bca67021b85fd37869  9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.i586.rpm
 2ebffbcd48bc3c6e6a76cf7e3d81aa46  9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.i586.rpm
 b32f90d1611326ae4495303d6561076f  9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.i586.rpm
 6328a66ac5ff3ccdd8fe946c96842061  9.1/RPMS/XFree86-devel-4.3-8.2mdk.i586.rpm
 f316f8b4889b3b259f095e935277acff  9.1/RPMS/XFree86-doc-4.3-8.2mdk.i586.rpm
 fcd822ba375492f84f394099ec804d16  9.1/RPMS/XFree86-glide-module-4.3-8.2mdk.i586.rpm
 f57330dbd60738eab19e5e42080697e5  9.1/RPMS/XFree86-libs-4.3-8.2mdk.i586.rpm
 1b632cd73f8143d82baa9cdf9648b8dd  9.1/RPMS/XFree86-server-4.3-8.2mdk.i586.rpm
 582715411b806eb6248192d2db23f79e  9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.i586.rpm
 be7ce95709aa7e757fd51d765399a457  9.1/RPMS/XFree86-xfs-4.3-8.2mdk.i586.rpm
 28411743be8f5f1f05e819a63e091a18  9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 9f1b69d618825865a8cdef95f3aecfb9  ppc/9.1/RPMS/X11R6-contrib-4.3-8.2mdk.ppc.rpm
 2ceff4f871f07bbcdad696380ab9ae5e  ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.ppc.rpm
 4983703738ef3b4867b43d2529f50f9a  ppc/9.1/RPMS/XFree86-4.3-8.2mdk.ppc.rpm
 d01c586bd35004ea54337947d80c1769  ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.ppc.rpm
 4275992e50cc330980540a782e82b941  ppc/9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.ppc.rpm
 4c098691c64be4c1e4c7ac590b606b51  ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.ppc.rpm
 ec3c3cbeff15c78d1b99c5fd525a1425  ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.ppc.rpm
 6d36dfdc2e680807ff34b326a4a17ce4  ppc/9.1/RPMS/XFree86-devel-4.3-8.2mdk.ppc.rpm
 2d5ef47dd57d6ae65d455c47df99f4ae  ppc/9.1/RPMS/XFree86-doc-4.3-8.2mdk.ppc.rpm
 c7de33f6110057b6ca082e0cbb54ef4f  ppc/9.1/RPMS/XFree86-libs-4.3-8.2mdk.ppc.rpm
 5d7cacc104264b378a8c1a15eec7a1d2  ppc/9.1/RPMS/XFree86-server-4.3-8.2mdk.ppc.rpm
 dbcf8d7ebe9c33c7e704fef3b795c30e  ppc/9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.ppc.rpm
 f115f1b52a3fa8ed4025ebbbeb7ec6e6  ppc/9.1/RPMS/XFree86-xfs-4.3-8.2mdk.ppc.rpm
 28411743be8f5f1f05e819a63e091a18  ppc/9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  1307 - XFree86 freezes on logout or shutdown with DRI on Radeon Mobility 7500
  2741 - XFree fails to restart after logout
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/YW0HmqjQ0CJFipgRAjouAJ4x4O2/E4eJNH5ARAj+jnVILlVnDACgwhV4
Mxto42EAQfoO8+BluZXMR3Y=
=WA48
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.