-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated XFree86 4.1.0 packages are available
Advisory ID: RHSA-2003:064-01
Issue date: 2003-06-25
Updated on: 2003-06-25
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHBA-2002:068
CVE Names: CAN-2001-1409 CAN-2002-0164 CAN-2002-1510 CAN-2003-0063 CAN-2003-0071
- ---------------------------------------------------------------------
1. Topic:
Updated XFree86 packages that resolve various security issues and
additionally provide a number of bug fixes and enhancements are now
available for Red Hat Linux 7.1 and 7.2.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
3. Problem description:
XFree86 is an implementation of the X Window System, which provides the
graphical user interface, video drivers, etc. for Linux systems.
Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a number of
security vulnerabilities have been found and fixed. In addition, various
other bug fixes, driver updates, and other enhancements have been made.
Security fixes:
Xterm, provided as part of the XFree86 packages, provides an escape
sequence for reporting the current window title. This escape sequence
essentially takes the current title and places it directly on the command
line. An attacker can craft an escape sequence that sets the victim's Xterm
window title to an arbitrary command, and then reports it to the command
line. Since it is not possible to embed a carriage return into the window
title, the attacker would then have to convince the victim to press Enter
for the shell to process the title as a command, although the attacker
could craft other escape sequences that might convince the victim to do so.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0063 to this issue.
It is possible to lock up versions of Xterm by sending an invalid DEC
UDK escape sequence. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0071 to this issue.
The xdm display manager, with the authComplain variable set to false,
allows arbitrary attackers to connect to the X server if the xdm auth
directory does not exist. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-1510 to this issue.
These erratum packages also contain an updated fix for CAN-2002-0164, a
vulnerability in the MIT-SHM extension of the X server that allows local
users to read and write arbitrary shared memory. The original fix did not
cover the case where the X server is started from xdm.
The X server was setting the /dev/dri directory permissions incorrectly,
which resulted in the directory being world writable. It now sets the
directory permissions to a safe value. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2001-1409 to
this issue.
Driver updates and other fixes:
The Rage 128 video driver (r128) has been updated to provide 2D support
for all previously unsupported ATI Rage 128 hardware. DRI 3D support
should also work on the majority of Rage 128 hardware.
Bad page size assumptions in the ATI Radeon video driver (radeon) have
been fixed to allow the driver to work properly on ia64 and other
architectures where the page size is not fixed.
A long-standing XFree86 bug has been fixed. This bug occurs when any form
of system clock skew (such as NTP clock synchronization, APM suspend/resume
cycling on laptops, daylight savings time changeover, or even manually
setting the system clock forward or backward) could result in odd
application behavior, mouse and keyboard lockups, or even an X server hang
or crash.
The S3 Savage driver (savage) has been updated to the upstream author's
latest version "1.1.27t", which should fix numerous bugs reported by
various users, as well as adding support for some newer savage hardware.
Users are advised to upgrade to these updated packages, which are not
vulnerable to the previously-mentioned security issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/XFree86-4.1.0-49.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/XFree86-4.1.0-49.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-devel-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-doc-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-libs-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-tools-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-twm-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-xdm-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-xfs-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-Xnest-4.1.0-49.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-Xvfb-4.1.0-49.ia64.rpm
6. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
255e508c0444be66aad401f48ec0e6a6 7.1/en/os/SRPMS/XFree86-4.1.0-49.src.rpm
65e1eb830be72af2f7538ee5e1fd0fea 7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm
18cc85bff08f8247c9fea09283ccf45a 7.1/en/os/i386/XFree86-4.1.0-49.i386.rpm
930d4edb4899f1b78cdc1cd2b19ab38c 7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm
0cce2b5afb99c32e926ef43261ff2250 7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
af88742bd8458f8e57cdf6e531457536 7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
e05cf77457ccd3e315e9d3d591782c7a 7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
e95df2e86f1d88fe89ef1f14a71fdccd 7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
71ec6519410e65aad2eae4bdfe500975 7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
ffa9344eb347d7d12ab87bba652fa562 7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
e475560e7c1fb62a196993415dfab7de 7.1/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm
dfa2b9213032074d9f08781042ca05f2 7.1/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm
0025f3055761f8ac4b1eb392d076f3fd 7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
987897ce80f44dc702f162e0f0aea0d9 7.1/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm
a46de8247fa2ab6b14b80e37d3604876 7.1/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm
f77a9ccd1b80e73bc281d3a23698d646 7.1/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm
f234a38c406ec59d1797b2261394838c 7.1/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm
270de02f4185ad7071d4ffbe41d21e3e 7.1/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm
1307c2f687fa2885fcf31a5dc6ab8316 7.1/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm
37e289141f240cd67e5592ba5a08576c 7.1/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm
8356bc88316bc141ae069a6035343a67 7.1/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm
255e508c0444be66aad401f48ec0e6a6 7.2/en/os/SRPMS/XFree86-4.1.0-49.src.rpm
65e1eb830be72af2f7538ee5e1fd0fea 7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-49.i386.rpm
18cc85bff08f8247c9fea09283ccf45a 7.2/en/os/i386/XFree86-4.1.0-49.i386.rpm
930d4edb4899f1b78cdc1cd2b19ab38c 7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-49.i386.rpm
0cce2b5afb99c32e926ef43261ff2250 7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
af88742bd8458f8e57cdf6e531457536 7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
e05cf77457ccd3e315e9d3d591782c7a 7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
e95df2e86f1d88fe89ef1f14a71fdccd 7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
71ec6519410e65aad2eae4bdfe500975 7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
ffa9344eb347d7d12ab87bba652fa562 7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
e475560e7c1fb62a196993415dfab7de 7.2/en/os/i386/XFree86-Xnest-4.1.0-49.i386.rpm
dfa2b9213032074d9f08781042ca05f2 7.2/en/os/i386/XFree86-Xvfb-4.1.0-49.i386.rpm
0025f3055761f8ac4b1eb392d076f3fd 7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
987897ce80f44dc702f162e0f0aea0d9 7.2/en/os/i386/XFree86-devel-4.1.0-49.i386.rpm
a46de8247fa2ab6b14b80e37d3604876 7.2/en/os/i386/XFree86-doc-4.1.0-49.i386.rpm
f77a9ccd1b80e73bc281d3a23698d646 7.2/en/os/i386/XFree86-libs-4.1.0-49.i386.rpm
f234a38c406ec59d1797b2261394838c 7.2/en/os/i386/XFree86-tools-4.1.0-49.i386.rpm
270de02f4185ad7071d4ffbe41d21e3e 7.2/en/os/i386/XFree86-twm-4.1.0-49.i386.rpm
1307c2f687fa2885fcf31a5dc6ab8316 7.2/en/os/i386/XFree86-xdm-4.1.0-49.i386.rpm
37e289141f240cd67e5592ba5a08576c 7.2/en/os/i386/XFree86-xf86cfg-4.1.0-49.i386.rpm
8356bc88316bc141ae069a6035343a67 7.2/en/os/i386/XFree86-xfs-4.1.0-49.i386.rpm
3338235d20c3b3b96deda7a7bb09411a 7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-49.ia64.rpm
cec6acd6c87f466e41a61540196de1ff 7.2/en/os/ia64/XFree86-4.1.0-49.ia64.rpm
36def6fde64cd3580df217356b07ffc8 7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-49.ia64.rpm
f9f2c6648a3abba91225769e1c7d3c46 7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.ia64.rpm
a952f30917499b8d82944238863aae35 7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.ia64.rpm
3ddc6202621fa123a148a5d6782279cd 7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.ia64.rpm
fb13416b693b2e1b2b16540a88b40649 7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.ia64.rpm
503f01aa9bffc2f68fbe7201e6ccc3ed 7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.ia64.rpm
67e91206b634e6de793c3e9c6679bd15 7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.ia64.rpm
75f485800cefecf55673f3936e3874a2 7.2/en/os/ia64/XFree86-Xnest-4.1.0-49.ia64.rpm
76f0e50b47ab9acf852b0b80f3713295 7.2/en/os/ia64/XFree86-Xvfb-4.1.0-49.ia64.rpm
b84ddb8960c7785d03e69c6d231f11b1 7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-49.ia64.rpm
e93b07925b011af368a94231d1a5583c 7.2/en/os/ia64/XFree86-devel-4.1.0-49.ia64.rpm
65050c1656f2e42486af9a653ab7c804 7.2/en/os/ia64/XFree86-doc-4.1.0-49.ia64.rpm
f43d26478bf23d7b7a9b05fa35d76d06 7.2/en/os/ia64/XFree86-libs-4.1.0-49.ia64.rpm
cf6c46c53d41081ae4662e17a89b3ab8 7.2/en/os/ia64/XFree86-tools-4.1.0-49.ia64.rpm
8f71e3738a26c29439b7b5abd3499966 7.2/en/os/ia64/XFree86-twm-4.1.0-49.ia64.rpm
491e50e22765f54d04f542c386f5a322 7.2/en/os/ia64/XFree86-xdm-4.1.0-49.ia64.rpm
17df02a97c217e0b507fac05fbe3608c 7.2/en/os/ia64/XFree86-xfs-4.1.0-49.ia64.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from http://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071
8. Contact:
The Red Hat security contact is <secalertat_private>. More contact
details at http://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE++cWSXlSAg2UNWIIRAn7DAKDBxEco2hhIlKI2H5icha/0xN3GfwCgiNOB
FCtmSsoixsyU6iYPoCEEGJ8=
=ENah
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Jun 25 2003 - 09:49:26 PDT