[FLSA-2005:2314] Updated XFree86 packages fix security flaws

From: Dominic Hargreaves (dom_at_earth.li)
Date: 03/02/05

  • Next message: pingywon: "Re: [Full-Disclosure] test"
    Date: Wed, 2 Mar 2005 00:17:02 +0000
    To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    
    
    

    -----------------------------------------------------------------------
                   Fedora Legacy Update Advisory

    Synopsis: Updated XFree86 resolves security vulnerabilities
    Advisory ID: FLSA:2314
    Issue date: 2005-03-01
    Product: Red Hat Linux
    Product: Fedora Core
    Keywords: Security
    Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2314
    CVE Names: CAN-2004-0083, CAN-2004-0084, CAN-2004-0106,
                       CAN-2004-0419, CAN-2004-0687, CAN-2004-0688,
                       CAN-2004-0692, CAN-2004-0914
    -----------------------------------------------------------------------

    -----------------------------------------------------------------------
    1. Topic:

    Updated XFree86 packages that fix multiple security flaws are now
    available.

    XFree86 is an open source implementation of the X Window System. It
    provides the basic low level functionality which full fledged graphical
    user interfaces (GUIs) such as GNOME and KDE are designed upon.

    2. Relevant releases/architectures:

    Red Hat Linux 7.3 - i386
    Red Hat Linux 9 - i386
    Fedora Core 1 - i386

    3. Problem description:

    Note that some of these issues have already been fixed in Redhat 9 and
    Fedora Core 1. Please refer to previous advisories for details.

    iDefense discovered two buffer overflows in the parsing of the 'font.alias'
    file. A local attacker could exploit this vulnerability by creating a
    carefully-crafted file and gaining root privileges.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

    Additionally David Dawes discovered additional flaws in reading font files.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2004-0106 to these issues.

    Steve Rumble discovered that xdm in XFree86 opens a chooserFd TCP socket
    even when DisplayManager.requestPort is 0, which could allow remote
    attackers to connect to the port, in violation of the intended
    restrictions. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2004-0419 to these issues.

    During a source code audit, Chris Evans discovered several stack overflow
    flaws and an integer overflow flaw in the X.Org libXpm library used to
    decode XPM (X PixMap) images. An attacker could create a carefully crafted
    XPM file which would cause an application to crash or potentially execute
    arbitrary code if opened by a victim. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687,
    CAN-2004-0688, CAN-2004-0692 and CAN-2004-0914 to these issues.

    4. Solution:

    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.

    To update all RPMs for your particular architecture, run:

    rpm -Fvh [filenames]

    where [filenames] is a list of the RPMs you wish to upgrade. Only those
    RPMs which are currently installed will be updated. Those RPMs which are
    not installed but included in the list will not be updated. Note that you
    can also use wildcards (*.rpm) if your current directory *only* contains
    the desired RPMs.

    Please note that this update is also available via yum and apt. Many
    people find this an easier way to apply updates. To use yum issue:

    yum update

    or to use apt:

    apt-get update; apt-get upgrade

    This will start an interactive process that will result in the appropriate
    RPMs being upgraded on your system. This assumes that you have yum or
    apt-get configured for obtaining Fedora Legacy content. Please visit
    http://www.fedoralegacy.org/docs/ for directions on how to configure yum
    and apt-get.

    5. Bug IDs fixed:

    http://bugzilla.fedora.us - 1289 -
    XFree86 Font Information File Buffer Overflow
    http://bugzilla.fedora.us - 1831 -
    CAN-2004-0419 - XDM in XFree86 socket open vulnerability
    http://bugzilla.fedora.us - 2075 -
    CAN-2004-0687,0688 libXpm stack and integer overflows
    http://bugzilla.fedora.us - 2314 -
    XFree86 libXpm Multiple Vulnerabilities CAN-2004-0914

    6. RPMs required:

    Red Hat Linux 7.3:

    SRPM:

    http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.30.legacy.src.rpm

    i386:

    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-base-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-cyrillic-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-devel-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-font-utils-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-tools-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-truetype-fonts-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xf86cfg-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-Xnest-4.2.1-16.73.30.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.30.legacy.i386.rpm

    Red Hat Linux 9:

    SRPM:

    http://download.fedoralegacy.org/redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.60.legacy.src.rpm

    i386:

    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-base-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-cyrillic-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-font-utils-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-libs-data-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Mesa-libGL-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Mesa-libGLU-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-syriac-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-truetype-fonts-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.60.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.60.legacy.i386.rpm

    Fedora Core 1:

    SRPM:

    http://download.fedoralegacy.org/fedora/1/updates/SRPMS/XFree86-4.3.0-59.legacy.src.rpm

    i386:

    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-base-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-cyrillic-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-devel-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-doc-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-font-utils-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-data-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-sdk-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-tools-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-truetype-fonts-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-twm-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xauth-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xdm-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xfs-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xnest-4.3.0-59.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xvfb-4.3.0-59.legacy.i386.rpm

    7. Verification:

    SHA1 sum Package Name
    ---------------------------------------------------------------------------

    2c38279e15e8510c85400780da3ee41b57b81ffa redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.30.legacy.src.rpm
    dc1ac97e2f0077915a4f3d56dd32d14c0429faa6 redhat/7.3/updates/i386/XFree86-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    df4fac2134c20410c7df415c7ced94ccc08cf36b redhat/7.3/updates/i386/XFree86-4.2.1-16.73.30.legacy.i386.rpm
    c6e3b08145f73a85be39e301ac2df2015c37a036 redhat/7.3/updates/i386/XFree86-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    f0bec0c03de0c977be1d5b4e34b09dd348f34c14 redhat/7.3/updates/i386/XFree86-base-fonts-4.2.1-16.73.30.legacy.i386.rpm
    794fb0cf67a1b1ef84d247fc90a0138e70d85c4f redhat/7.3/updates/i386/XFree86-cyrillic-fonts-4.2.1-16.73.30.legacy.i386.rpm
    ac82944f56aba63f6d64068ddc5a6bd4e55fae94 redhat/7.3/updates/i386/XFree86-devel-4.2.1-16.73.30.legacy.i386.rpm
    a3b4043417d7069f095471daf2f72153f9a31ea4 redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.30.legacy.i386.rpm
    1c28ae585d90ad3bd73e4cb6eff32035d54dbec9 redhat/7.3/updates/i386/XFree86-font-utils-4.2.1-16.73.30.legacy.i386.rpm
    ab51270528cb8970f19d21c35de093840c9eacc4 redhat/7.3/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    d06490ffd58c498b6c3392a02e2f1f52368c1699 redhat/7.3/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    81c5bb28ee0493c53dbee38f8312f73279481e49 redhat/7.3/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    8a9d4c1ea6f3dddd0787009015e3bf66d194beb3 redhat/7.3/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    b65333c64e90524b437c1c5ffe0a1eded2deab9d redhat/7.3/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    5f0cbdd132954a813d2e4b187d37f9e4e4613a32 redhat/7.3/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
    d4ee4c7adf9e6a6f533a09cabfcfe9b6f11f8628 redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.30.legacy.i386.rpm
    af869d4a76601d739a90c05cac61f2112ad753e5 redhat/7.3/updates/i386/XFree86-tools-4.2.1-16.73.30.legacy.i386.rpm
    629b596d824fb31558eef1eef05dd6b63ce2a15b redhat/7.3/updates/i386/XFree86-truetype-fonts-4.2.1-16.73.30.legacy.i386.rpm
    fe63ec2dd3f402ee2e9f05417969c58f276e3d8a redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.30.legacy.i386.rpm
    95ef4f17e9e282b48979c3b491447738679b5b3e redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.30.legacy.i386.rpm
    a52fa2bebe3f9aa2fa37409ddf4aa57b01abd435 redhat/7.3/updates/i386/XFree86-xf86cfg-4.2.1-16.73.30.legacy.i386.rpm
    7bc973b06812281b3c102a9721cd824747b8b8a8 redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.30.legacy.i386.rpm
    18d0442ed2d6a31eaf870c6ab7d727b2f6696351 redhat/7.3/updates/i386/XFree86-Xnest-4.2.1-16.73.30.legacy.i386.rpm
    77215ad43ad1b77f6f1527af7d642ad6c5dc40ce redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.30.legacy.i386.rpm

    ff7072e0b55decdd13453ce3532588c32597de61 redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.60.legacy.src.rpm
    ed4d03ede26a89422825ad18ce6e14a7831927eb redhat/9/updates/i386/XFree86-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    f4f99ff79a7d1eeca726cb61a536c5884bbdadac redhat/9/updates/i386/XFree86-4.3.0-2.90.60.legacy.i386.rpm
    dc9b89287ea04b5acafac200f8c8483cbdb74cce redhat/9/updates/i386/XFree86-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    f8210a9eb148259a1d402dfdd7f58075dfd022a6 redhat/9/updates/i386/XFree86-base-fonts-4.3.0-2.90.60.legacy.i386.rpm
    caad110605ae0aaa91f93cd79d9bea5d3ae73431 redhat/9/updates/i386/XFree86-cyrillic-fonts-4.3.0-2.90.60.legacy.i386.rpm
    6502feec18a9e2f325551f90c8a2a3e260f1915a redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.60.legacy.i386.rpm
    b9c797cc7202aa43c824474713b1fee447039b1f redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.60.legacy.i386.rpm
    b4efa8b07bfc3c5a4441b89acd02266c1618d138 redhat/9/updates/i386/XFree86-font-utils-4.3.0-2.90.60.legacy.i386.rpm
    db7c826e976913123caae9bc20303655c758a047 redhat/9/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    23f5c9db2e532aabdc6f47f629458d69da92d303 redhat/9/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    14d720d254b1f26633ebee78b76273f38b8ee46b redhat/9/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    dffce9814a821f9d4b4703bfb98e5aa04ef221bc redhat/9/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    70b0606839ef7c14eff38851e2fab6a7896992dc redhat/9/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    01fa202f3915e2d6a123f150e367feff82d42d1f redhat/9/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    e640fe73f9f6769d38d59fa01bdce78e2ef71bdd redhat/9/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    f253cb5b83610f7168762978335beef8b45a3f59 redhat/9/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
    694f32b8c7a4be52008de92f41347e3af51ee9e7 redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.60.legacy.i386.rpm
    95f6355f42e885ff21d87788975c28adbc2b75e9 redhat/9/updates/i386/XFree86-libs-data-4.3.0-2.90.60.legacy.i386.rpm
    1b88a4c736fd2aa5409d4ee23ad626aa95c9c816 redhat/9/updates/i386/XFree86-Mesa-libGL-4.3.0-2.90.60.legacy.i386.rpm
    18d4247c77182cd7cd569b949a5483a968043723 redhat/9/updates/i386/XFree86-Mesa-libGLU-4.3.0-2.90.60.legacy.i386.rpm
    3335a0096695baa109f35c64c9ead7a3072fc28c redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.60.legacy.i386.rpm
    d069175adc265f31b0ff48ea78cdd59203146ab9 redhat/9/updates/i386/XFree86-syriac-fonts-4.3.0-2.90.60.legacy.i386.rpm
    0a6ae9b0f3b640ce528ef153e33536c6ba4b9d2f redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.60.legacy.i386.rpm
    b78bfd843f2c6a9cb31957ad6ab2dbf6c4d25632 redhat/9/updates/i386/XFree86-truetype-fonts-4.3.0-2.90.60.legacy.i386.rpm
    f72ff04509739828871044b8e246bbb98cb26500 redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.60.legacy.i386.rpm
    b1043925fffe7bd714d025372242778a6f03e7ed redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.60.legacy.i386.rpm
    3ed9fb9f0de675fe92b671e1d0432bda531daa41 redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.60.legacy.i386.rpm
    6aff7d5ff0e5f5e22c471c9113bffa25fd6b5478 redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.60.legacy.i386.rpm
    42f8c36e72ae33cdc98b4a2e78771fa3f121351c redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.60.legacy.i386.rpm
    67c6176f5d673238b58ae3f79d446ab0da258607 redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.60.legacy.i386.rpm

    f506c7f1286ed9d252840d56e5bfd3e10323f260 fedora/1/updates/SRPMS/XFree86-4.3.0-59.legacy.src.rpm
    41dc2c5e92530ee276092e7a6ef0711242a6d802 fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    e0e6865d27c7ef62fff9cae59adc0d241901435f fedora/1/updates/i386/XFree86-4.3.0-59.legacy.i386.rpm
    21e69dd9ba1e1561b2d13be7d992975dca4326e0 fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    19089ae7b10a16531a050f26e924ff7afd6cab84 fedora/1/updates/i386/XFree86-base-fonts-4.3.0-59.legacy.i386.rpm
    5ef293ae847c995d39f41c57821739e3cc3bb74b fedora/1/updates/i386/XFree86-cyrillic-fonts-4.3.0-59.legacy.i386.rpm
    97bd48f5887c5b8c2a5a6739e0a931af4f99e6af fedora/1/updates/i386/XFree86-devel-4.3.0-59.legacy.i386.rpm
    8d254544eed188d5c2fbc5fa303dceda6886d3cb fedora/1/updates/i386/XFree86-doc-4.3.0-59.legacy.i386.rpm
    2c1974d8dc69f98957358724c72d36c2d74eb0b7 fedora/1/updates/i386/XFree86-font-utils-4.3.0-59.legacy.i386.rpm
    b43e195b60add11ebed29c840655986aefae4bdb fedora/1/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    93d3b1c7f1ccb4774b2db353dd031767c3389c58 fedora/1/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    8a3b08dfea526be7655f7f3f2bfe0935167ca326 fedora/1/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    50c0018cd62b5a09c0becc2c7fb125cb11aaed86 fedora/1/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    50691dd23bd82ac66f894561d52ae4f30d9e6be4 fedora/1/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    f1e8391db079f6479c47b31f02d283eb64e1b372 fedora/1/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    b4f1a8aaab2168d801239de9ec4631b5f5f952c5 fedora/1/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-59.legacy.i386.rpm
    c90c9f1086ade943c819159e1e9c4da609ee20bc fedora/1/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-59.legacy.i386.rpm
    6969c834e092c7f17d736ae4ab7d13020446b088 fedora/1/updates/i386/XFree86-libs-4.3.0-59.legacy.i386.rpm
    40401fae64837023cf5ad321914ed35b0569e1fb fedora/1/updates/i386/XFree86-libs-data-4.3.0-59.legacy.i386.rpm
    c77ae20f5e95c2013ab5b79c747c50a1aeb2ff9f fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-59.legacy.i386.rpm
    6acb61f2ccb56125b8bb6b0bbb33aca393b41bfa fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-59.legacy.i386.rpm
    b5ed6846d3c5267890f75bb2967719a77251077b fedora/1/updates/i386/XFree86-sdk-4.3.0-59.legacy.i386.rpm
    a2593f5ad70cf863bc1a50065d4cf959c396b290 fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-59.legacy.i386.rpm
    77ef806dd3a962e13300cfaafc5761cd453e42fd fedora/1/updates/i386/XFree86-tools-4.3.0-59.legacy.i386.rpm
    004636b99489d8d9d0da9a89d112fbca85b51e7b fedora/1/updates/i386/XFree86-truetype-fonts-4.3.0-59.legacy.i386.rpm
    61442fea052c2c9bb4cd52b836f83be39dd51645 fedora/1/updates/i386/XFree86-twm-4.3.0-59.legacy.i386.rpm
    adee8168ca51a34a7f33a1af4e51ad2409a244fb fedora/1/updates/i386/XFree86-xauth-4.3.0-59.legacy.i386.rpm
    60bc51efdcfa0e4062404ba4e7083e9927f16e33 fedora/1/updates/i386/XFree86-xdm-4.3.0-59.legacy.i386.rpm
    ffbeaab8ac66e40cac0eeac685a8567bda43517b fedora/1/updates/i386/XFree86-xfs-4.3.0-59.legacy.i386.rpm
    23b0cdbf749a8eadb3dce701ab4bfd57e65777fe fedora/1/updates/i386/XFree86-Xnest-4.3.0-59.legacy.i386.rpm
    7ee79dd5f9a1efd0d2881c0d426951b9c9eac44f fedora/1/updates/i386/XFree86-Xvfb-4.3.0-59.legacy.i386.rpm

    These packages are GPG signed by Fedora Legacy for security. Our key is
    available from http://www.fedoralegacy.org/about/security.php

    You can verify each package with the following command:

        rpm --checksig -v <filename>

    If you only wish to verify that each package has not been corrupted or
    tampered with, examine only the sha1sum with the following command:

        sha1sum <filename>

    8. References:

    https://rhn.redhat.com/errata/RHSA-2004-060.html
    https://rhn.redhat.com/errata/RHSA-2004-478.html
    https://rhn.redhat.com/errata/RHSA-2004-610.html

    9. Contact:

    The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
    project details at http://www.fedoralegacy.org

    ---------------------------------------------------------------------

    
    



  • Next message: pingywon: "Re: [Full-Disclosure] test"

    Relevant Pages

    • [FLSA-2005:2314] Updated XFree86 packages fix security flaws
      ... XFree86 is an open source implementation of the X Window System. ... The Common Vulnerabilities and Exposures project has ... Additionally David Dawes discovered additional flaws in reading font files. ... where is a list of the RPMs you wish to upgrade. ...
      (Bugtraq)
    • [Full-Disclosure] [FLSA-2005:2314] Updated XFree86 packages fix security flaws
      ... XFree86 is an open source implementation of the X Window System. ... The Common Vulnerabilities and Exposures project has ... Additionally David Dawes discovered additional flaws in reading font files. ... where is a list of the RPMs you wish to upgrade. ...
      (Full-Disclosure)