-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated XFree86 packages provide security and bug fixes
Advisory ID: RHSA-2003:066-01
Issue date: 2003-06-25
Updated on: 2003-06-25
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2002:068
CVE Names: CAN-2001-1409 CAN-2002-1472 CAN-2002-0164 CAN-2003-0063 CAN-2003-0071
- ---------------------------------------------------------------------
1. Topic:
XFree86 is an implementation of the X Window System providing the
core graphical user interface and video drivers.
Updated XFree86 packages for Red Hat Linux 7.3 are now available which
include several security fixes, bug fixes, enhancements, and driver updates.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
3. Problem description:
Security fixes:
- - Xterm, provides an escape sequence for reporting the current window
title. This escape sequence takes the current title and places it directly
on the command line. An attacker can craft an escape sequence that sets the
victim's Xterm window title to an arbitrary command, and then reports it to
the command line. Since it is not possible to embed a carriage return into
the window title, the attacker would then have to convince the victim to
press Enter for the shell to process the title as a command, although the
attacker could craft other escape sequences that might convince the victim
to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0063 to this issue.
- - It is possible to lock up versions of Xterm by sending an invalid DEC
UDK escape sequence. (CAN-2003-0071)
- - XFree86 4.2.1 also contains an updated fix for CAN-2002-0164, a
vulnerability in the MIT-SHM extension of the X server that allows local
users to read and write arbitrary shared memory. The original fix did not
cover the case where the X server is started from xdm.
- - The X server was setting the /dev/dri directory permissions incorrectly,
which resulted in the directory being world writable. (CAN-2001-1409)
Driver updates and additions:
- - Savage driver updated to Tim Roberts' latest version 1.1.27t
- - New "cyrix" driver which works better on MediaGX hardware.
- - New input drivers for Fujitsu Stylistic (fpit), Palmax
PD1000/PD1100 Input driver (palmax), Union Reality UR-98 head tracker
(ur98)
- - Backported apm driver, DPMS support enhancements, and a few accel fixes
- - Backported chips driver, with hardware mouse cursor and 2D acceleration
fixes
- - Backported cirrus, i740, siliconmotion, and ark drivers
Various bug fixes and enhancements:
- - Stability improvements to RENDER extension and libraries
- - Various fixes to the Xaw library
- - Fix a long standing problem in the X server where the mouse, keyboard, or
video would hang, or the server to go into an endless loop whenever the
system time was changed backwards
- - Fix a crash in the Radeon and Rage 128 drivers using VMware with DGA
when DRI is enabled
- - Work around some multihead and RENDER exention problems in the Matrox
"mga" driver
- - fc-cache is now run upon font package installation in all font
directories containing fonts managed by fontconfig/Xft
- - mkfontdir now forces the permissions of the files it generates to be mode
0644 to ensure they are world readable independant of umask
- - A new option "ForceLegacyCRT" to the radeon driver allows use
of legacy VGA monitors which can not be detected automatically. This
option is only safe to use in single-head setups and may cause serious
problems if used with dual-head.
- - xterm session management is now enabled by default, whereas the stock
XFree86 default in 4.2.0/4.2.1 was accidentally disabled upstream
- - Removed and obsoleted the XFree86-xtrap-clients package, now merged
into the main XFree86 package
- - Added support for previously unsupported ATI Rage 128 video hardware
- - Fixed Polish euro support
- - Added neomagic Xvideo support which may work for some users
- - Added fix for deadkey-quotedbl in ISO8859-15
- - Disabled debug messages in Cirrus Logic driver
- - Fixed a bug in the VESA driver, where the X server would crash with
an FPE when the DisplaySize option was used
- - Fix to ATI Mach64 support which was out of PCI specs causing problems
on some Dell and IBM servers
- - Fix a problem which caused certain combinations of Radeon and Rage 128
hardware and particular motherboards to hang, due to bus mastering
getting disabled when VT switching.
There are various other fixes included which users can review by examining
the RPM package changelog of any of the new XFree86 packages.
Users are advised to upgrade to these updated XFree86 4.2.1 packages, which
are not vulnerable to the previously mentioned security issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
64559 - Polish keymap not working
53329 - i810 XVideo limited to 720x576
64970 - default XftConfig prefers substitute fonts over originals
60895 - Screen turns red/magenta with XFree86-4.2.0-32
62820 - suggest Xnest and Xvfb should be User Interfaces/X instead of User Interfaces/X Hardware Support
50282 - Decimal key on Swedish numerical keyboard should be comma, not point
63609 - RFE: add XVideo support for neomagic chipset
65704 - XFree86.0.log filled disk - :-(
66009 - 'vesa' driver gives SIGFPE if you set a DIsplaySize
67323 - xon test of hostname --version fails
69291 - Dell PE2650 ATI Rage XL lockups due to PCI spec violation
58188 - system hard locks on specific video setting
69743 - Fix SysRq / Print Screen
62171 - ATI Radeon (all) lockup/corruption when VT switching
65330 - RedHat 7.3 Virtual Terminals no longer work when Graphical Login is used
62442 - Switching to VTs locks system - Dell Inspiron 4000
65136 - ATI Rage 128 (all) lockup when switching from console to X with DRI enabled.
66187 - XFree86 fails on i810
53231 - (i810) Screen freezes after leaving a Gnome session
40729 - xdm causes SEGVs setting up pam_response structure
63593 - (FPE) 1400x1050 fails with Radeon 7500 QW
6. RPMs required:
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.3.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-devel-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-doc-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-libs-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-tools-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-twm-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.3.i386.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
c6ff6c6d9c8e856f3ceb30ec8fb3148c 7.3/en/os/SRPMS/XFree86-4.2.1-13.73.3.src.rpm
0b9b017475ce7a9d88a9168ea656e19b 7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.3.i386.rpm
adca65328e61db4da4e73583ec4bf9aa 7.3/en/os/i386/XFree86-4.2.1-13.73.3.i386.rpm
563027979b615f099a51ab84a67bdf8e 7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.3.i386.rpm
696135498da5040ee74c620a63fce23f 7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.3.i386.rpm
6b89c364666d5d61278862cee5d493b1 7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.3.i386.rpm
da4f7fa407988abb31be98be7ba684ce 7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.3.i386.rpm
1c4aa5d45eb4b3559d81f8771def8517 7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.3.i386.rpm
7b6aee4b1d011bbb9deb05d4367ff72a 7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.3.i386.rpm
458291226d503f6ecb17f99b42dc711f 7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.3.i386.rpm
8a27f3a8849b4c08e1e68fae547b1cc3 7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.3.i386.rpm
ef18d8c1bdcdb61c632c8f93ebdc0e66 7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.3.i386.rpm
7533b8879b52e48f6890c7338663f104 7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.3.i386.rpm
7f7f2935517f881f0c66efec42e0c1c3 7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.3.i386.rpm
0c1d4304591659d46598d22afc18a1ac 7.3/en/os/i386/XFree86-devel-4.2.1-13.73.3.i386.rpm
19730f4a1b89fcbec9ac1fa0442a05ce 7.3/en/os/i386/XFree86-doc-4.2.1-13.73.3.i386.rpm
266efb5b2ee9497604e6a7b0766fa53c 7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.3.i386.rpm
d08c8d0ff504328f836a679054153403 7.3/en/os/i386/XFree86-libs-4.2.1-13.73.3.i386.rpm
c7c51136e166d8fbe330f33d6584c42a 7.3/en/os/i386/XFree86-tools-4.2.1-13.73.3.i386.rpm
a7b32f8e1e04c161ed1a188efe14e97f 7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.3.i386.rpm
434a969c7c1504696e8707718e94d35f 7.3/en/os/i386/XFree86-twm-4.2.1-13.73.3.i386.rpm
d959bd18dcbaf07d3cef7a4406f9fcee 7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.3.i386.rpm
31aa72de98e81ef6f73508544273a0df 7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.3.i386.rpm
7891b19bd3560b70a8a14da8f4de9fcf 7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.3.i386.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from http://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071
9. Contact:
The Red Hat security contact is <secalertat_private>. More contact
details at http://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE++cVYXlSAg2UNWIIRAp1xAKCy5W0+i3P5a1/jClbTEfQPedGyAgCfQamr
iw51SZizQen2XIJCpBNb4Ro=
=z0OX
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Wed Jun 25 2003 - 10:06:14 PDT