[RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes

bugzilla_at_redhat.com
Date: 11/25/03

Next message: Michael Howard: ""Security at Microsoft" document available"

Previous message: Jouko Pynnonen: "Geeklog exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Nov 2003 04:51 -0500
To: redhat-watch-list@redhat.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated XFree86 packages provide security and bug fixes
Advisory ID: RHSA-2003:286-01
Issue date: 2003-11-25
Updated on: 2003-11-25
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:064
CVE Names: CAN-2003-0690 CAN-2003-0730
- ---------------------------------------------------------------------

1. Topic:

Updated XFree86 packages for Red Hat Linux 7.1 and 7.2 provide security
fixes to font libraries and XDM.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64

3. Problem description:

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers in Red Hat Linux. XDM is the X
display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0730 to this issue.

The risk to users from this vulnerability is limited because only clients
can be affected by these bugs, however in some (non default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0690 to this issue.

Users are advised to upgrade to these updated XFree86 4.1.0 packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/XFree86-4.1.0-50.src.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/XFree86-4.1.0-50.src.rpm

6. Verification:

MD5 sum Package Name
- --------------------------------------------------------------------------
7efb4b0fabfdda2ce4c1b373a572bfd1 7.1/en/os/SRPMS/XFree86-4.1.0-50.src.rpm
fd4e32571a13c5abeac8b206d968b689 7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
63c7e312a7ad1a86fbdd4ec4a9adf0c3 7.1/en/os/i386/XFree86-4.1.0-50.i386.rpm
8da27539132b330a8c31395e096d608f 7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
6be72fce1104a5f128be37cbd8cad8b5 7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
00a776519a3f973a5b765caf509e29d1 7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
2fee21094915ebd82d4ae8abe4edbd16 7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
339fd5f8da5bf336516c5e5f9bbc758f 7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
6e32757dd225257b0aa246894f6e8e24 7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
23f38f513ab37bc8a83dce375fdbb802 7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
c0497149120bd251de7edabc8ed325db 7.1/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ae667bca67f4df9180d82e450d61a45b 7.1/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
7185badb6ccb5b3b501f6495a904a9a9 7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
514a2e738887b93cbb3aacdf17917165 7.1/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
27cd532f5e87326132b4ed5ab5eefd2a 7.1/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
0b86ef4d64f189ca92190354a5490f3f 7.1/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
091cb83eeef310889aabd49308878f3b 7.1/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
0d96ad2763f609c683cb53900158ad81 7.1/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ed04b15ee5d410db9de3678f9c245f7f 7.1/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
d98872d9b717d954f60b0e99089a0017 7.1/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
8309b090164a173e4af439fd70b5bfac 7.1/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm
7efb4b0fabfdda2ce4c1b373a572bfd1 7.2/en/os/SRPMS/XFree86-4.1.0-50.src.rpm
fd4e32571a13c5abeac8b206d968b689 7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
63c7e312a7ad1a86fbdd4ec4a9adf0c3 7.2/en/os/i386/XFree86-4.1.0-50.i386.rpm
8da27539132b330a8c31395e096d608f 7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
6be72fce1104a5f128be37cbd8cad8b5 7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
00a776519a3f973a5b765caf509e29d1 7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
2fee21094915ebd82d4ae8abe4edbd16 7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
339fd5f8da5bf336516c5e5f9bbc758f 7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
6e32757dd225257b0aa246894f6e8e24 7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
23f38f513ab37bc8a83dce375fdbb802 7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
c0497149120bd251de7edabc8ed325db 7.2/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ae667bca67f4df9180d82e450d61a45b 7.2/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
7185badb6ccb5b3b501f6495a904a9a9 7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
514a2e738887b93cbb3aacdf17917165 7.2/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
27cd532f5e87326132b4ed5ab5eefd2a 7.2/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
0b86ef4d64f189ca92190354a5490f3f 7.2/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
091cb83eeef310889aabd49308878f3b 7.2/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
0d96ad2763f609c683cb53900158ad81 7.2/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ed04b15ee5d410db9de3678f9c245f7f 7.2/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
d98872d9b717d954f60b0e99089a0017 7.2/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
8309b090164a173e4af439fd70b5bfac 7.2/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm
bc62b3524b6345c789de0bb7854b9764 7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-50.ia64.rpm
7eff39e90e945a43000aa8d25d2cacda 7.2/en/os/ia64/XFree86-4.1.0-50.ia64.rpm
25f7bbbdb2ed35fece85f8c365ac2178 7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-50.ia64.rpm
b6afcf366aa7dda3247cec2bda5144e6 7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.ia64.rpm
70f7d87704b953afc85dda704b601dd8 7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.ia64.rpm
c95a4efbab26c06e26c50f43475bfb2a 7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.ia64.rpm
517bc70e140f328d1f4bb2d068aa1773 7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.ia64.rpm
38874cb6cc0b12bb7e866a2296cd2ad7 7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.ia64.rpm
c1871a3e04b343e01cdef62eae4c2e64 7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.ia64.rpm
8c923b7686a1c8e301a0e80c8e675743 7.2/en/os/ia64/XFree86-Xnest-4.1.0-50.ia64.rpm
52da9ca96b1e1f3f7b74b709d464235a 7.2/en/os/ia64/XFree86-Xvfb-4.1.0-50.ia64.rpm
50338cb8cfba15210fe5f9bd5b7133a7 7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-50.ia64.rpm
fc84db81718a3840d35a26e9bbc29d6b 7.2/en/os/ia64/XFree86-devel-4.1.0-50.ia64.rpm
0f76c791684c9ff42ae28125701cd8a5 7.2/en/os/ia64/XFree86-doc-4.1.0-50.ia64.rpm
e50744592053813ce6eb36a3fee741aa 7.2/en/os/ia64/XFree86-libs-4.1.0-50.ia64.rpm
44e6ce7b970dcb7e35f87b96e3d233db 7.2/en/os/ia64/XFree86-tools-4.1.0-50.ia64.rpm
a1948bdee2293010d85022212d9e0c4a 7.2/en/os/ia64/XFree86-twm-4.1.0-50.ia64.rpm
dd58fc137d671b92ff257482174da8f9 7.2/en/os/ia64/XFree86-xdm-4.1.0-50.ia64.rpm
fe57efa8fa1ed81137f511a71d499b68 7.2/en/os/ia64/XFree86-xfs-4.1.0-50.ia64.rpm

These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

md5sum <filename>

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html

iD8DBQE/wyYyXlSAg2UNWIIRArJKAJ9IX9RF52m/qYXmSFnUyFfTL9EiHACggmoN
g7bG012X2eajTGNTf/jRgzg=
=sSbU
-----END PGP SIGNATURE-----

Next message: Michael Howard: ""Security at Microsoft" document available"

Previous message: Jouko Pynnonen: "Geeklog exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] [RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
... XFree86 is an implementation of the X Window System providing the core ... XDM is the X ... where is a list of the RPMs you wish to upgrade. ... Please note that this update is also available via Red Hat Network. ...
(Full-Disclosure)
[RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
... XFree86 is an implementation of the X Window System providing the core ... XDM is the X ... where is a list of the RPMs you wish to upgrade. ... Please note that this update is also available via Red Hat Network. ...
(Full-Disclosure)
[Full-Disclosure] [RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
... XFree86 is an implementation of the X Window System providing the core ... XDM is the X ... where is a list of the RPMs you wish to upgrade. ... Please note that this update is also available via Red Hat Network. ...
(Full-Disclosure)
[Full-Disclosure] [RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
... XFree86 is an implementation of the X Window System providing the core ... XDM is the X ... where is a list of the RPMs you wish to upgrade. ... Please note that this update is also available via Red Hat Network. ...
(Full-Disclosure)
[Full-Disclosure] [RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
... XFree86 is an implementation of the X Window System providing the core ... XDM is the X ... where is a list of the RPMs you wish to upgrade. ... Please note that this update is also available via Red Hat Network. ...
(Full-Disclosure)