MDKSA-2004:012 - Updated XFree86 packages fix buffer overflow vulnerabilities

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 02/13/04

  • Next message: André Malo: "Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")"
    Date: 13 Feb 2004 16:55:00 -0000
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                    Mandrake Linux Security Update Advisory
     _______________________________________________________________________

     Package name: XFree86
     Advisory ID: MDKSA-2004:012
     Date: February 14th, 2004

     Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1
     ______________________________________________________________________

     Problem Description:

     Two buffer overflow vulnerabilities were found by iDEFENSE in
     XFree86's parsing of the font.alias file. The X server, which runs as
     root, fails to check the length of user-provided input; as a result a
     malicious user could craft a malformed font.alias file causing a
     buffer overflow upon parsing, which could eventually lead to the
     execution of arbitrary code.
     
     Additional vulnerabilities were found by David Dawes, also in the
     reading of font files.
     
     The updated packages have a patch from David Dawes to correct these
     vulnerabilities.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
     ______________________________________________________________________

     Updated Packages:
      
     Corporate Server 2.1:
     310bf1924c3fdbd269d9c914f968d1cd corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.i586.rpm
     3b2b89dd7589526eae6177cb58b5dd91 corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
     34614fe5b8ab99d2608b239ee5500c3a corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.i586.rpm
     d852fdcce019792d37d50b6f5ee38989 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
     3f41bdd95e10467f414a162d2089b752 corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.i586.rpm
     d67588f7a6e661de3f782e06d39f8f81 corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.i586.rpm
     e3f6a152399a9a1f67ca28d4966c65ef corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.i586.rpm
     dade71c115567fe978659ef72f522d7b corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.i586.rpm
     c8653fbefcb470f2aaa61d84bc59c0f4 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.9.C21mdk.i586.rpm
     394b33ac9446410b9edd4232d19bc6ab corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.i586.rpm
     1e05f8bc2d9b94b85c4634f8d817c5b5 corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.i586.rpm
     4b682b76797a17e1e9ad9c9240bfb85d corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.i586.rpm
     88a3f60a155efcf194ba06121d875437 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.i586.rpm
     64d5862c81b6ea69ed356f625e25675b corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm

     Corporate Server 2.1/x86_64:
     5942d60536bb1db7bd9a93d0f28be9ed x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.x86_64.rpm
     801c19834b03405f060d9bef65446be5 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
     77b5d33963c2fddda275c5f2dd177f08 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.x86_64.rpm
     101fb938f6cce32ae3fcd5c66402d5ab x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
     e4a311ae7c258c8f087a8b1204147967 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.x86_64.rpm
     d6716951786d8c4fc960b9e2d7bcca24 x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.x86_64.rpm
     c492edc75d42aca8ac16db358b03136a x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
     805ff923d28c3d293c78535525b4a8a6 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.x86_64.rpm
     9f3559a2df592c93e0302c5eb93b67ab x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.x86_64.rpm
     df3a62dcdd118235ff6894e9f19e45fb x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.x86_64.rpm
     da2e00f28e82324788900dc2b7565571 x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.x86_64.rpm
     4336f401c3aef287d959f7fda5ab7b3e x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.x86_64.rpm
     64d5862c81b6ea69ed356f625e25675b x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm

     Mandrake Linux 9.0:
     98e5b738b3dbc829d21256fbdc78710c 9.0/RPMS/X11R6-contrib-4.2.1-3.5.90mdk.i586.rpm
     ad1674508a8296ba90bbfe993d76ca27 9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
     147ebe26aab5a24de5aa9f1a4fc07994 9.0/RPMS/XFree86-4.2.1-3.5.90mdk.i586.rpm
     99390424e23bac5773a78b42da2baf9a 9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
     66ff679df82d4cedc0d2e471e8e3a1ca 9.0/RPMS/XFree86-Xnest-4.2.1-3.5.90mdk.i586.rpm
     37625aea0104d591018564022b48c94a 9.0/RPMS/XFree86-Xvfb-4.2.1-3.5.90mdk.i586.rpm
     4372c1156eb29891a15cdd2d82632631 9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.5.90mdk.i586.rpm
     df791cabfa0835d8cbc1eef4098284d6 9.0/RPMS/XFree86-devel-4.2.1-3.5.90mdk.i586.rpm
     1f44bf236351c2c6c88b749bd9243632 9.0/RPMS/XFree86-glide-module-4.2.1-3.5.90mdk.i586.rpm
     12ae6507db13b1cf57d83b4b2486c8d2 9.0/RPMS/XFree86-libs-4.2.1-3.5.90mdk.i586.rpm
     c31e106485fe806408c3f00a3ba3d5f5 9.0/RPMS/XFree86-server-4.2.1-3.5.90mdk.i586.rpm
     62830c01b5172df5ec704645c92b3d8d 9.0/RPMS/XFree86-static-libs-4.2.1-3.5.90mdk.i586.rpm
     367d6a87b91f6f305affd748a1c3d696 9.0/RPMS/XFree86-xfs-4.2.1-3.5.90mdk.i586.rpm
     982a452683aa71d835c6e7119d19ec81 9.0/SRPMS/XFree86-4.2.1-3.5.90mdk.src.rpm

     Mandrake Linux 9.1:
     7c01363aaeb5c743f38c0ea34214efa0 9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.i586.rpm
     cc4a1010fb7f6edeaa8c207894fd17db 9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.i586.rpm
     0b755a0bdf0004c85e1ae855796c386b 9.1/RPMS/XFree86-4.3-8.7.91mdk.i586.rpm
     a7082c2ef309c3f96d8cd57f2dc1d5ee 9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.i586.rpm
     a57a95691a365fef73ae099d263e37f3 9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.i586.rpm
     d56381b27356ea984c3529fc18a8f553 9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.i586.rpm
     c28e40d257929015ce51a44025b73419 9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.i586.rpm
     f59caeb2e0cd6b2cd1252ce68a5a3701 9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.i586.rpm
     5b5a89f147662d0733365ffed3ca4b07 9.1/RPMS/XFree86-glide-module-4.3-8.7.91mdk.i586.rpm
     87b3a9cc5fc382d70be92f0c8af34f4e 9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.i586.rpm
     8ef96d1888ed2a996a60dcffd6ee3e55 9.1/RPMS/XFree86-server-4.3-8.7.91mdk.i586.rpm
     ffcfab37ec7b83e25a9910500d391922 9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.i586.rpm
     ea7bc11b621a5c7cff21620cbe4a1081 9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.i586.rpm
     37d7552011e007629985a83984181652 9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm

     Mandrake Linux 9.1/PPC:
     7cde9aac236b245d80f0d3cadc871463 ppc/9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.ppc.rpm
     67d584f5ddcce49542b7f1cc60416593 ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.ppc.rpm
     411850a4073715db74484ea1524d15f2 ppc/9.1/RPMS/XFree86-4.3-8.7.91mdk.ppc.rpm
     7ce455db242384aed219dee3c3b935ef ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.ppc.rpm
     a56324a6c603be47d5a0f5a5bdf44b4d ppc/9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.ppc.rpm
     97b19edcced65286219adff178504118 ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.ppc.rpm
     a49c35faa8f481ff46323ecaaeeafe9f ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.ppc.rpm
     4e51c103bd2da9f1f484a5a73b29fe44 ppc/9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.ppc.rpm
     12374d121016366e9b872e9d67ea5f91 ppc/9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.ppc.rpm
     6802b19db8ec11b77876f4c81647db45 ppc/9.1/RPMS/XFree86-server-4.3-8.7.91mdk.ppc.rpm
     e9e17607d11880f5d269727c7b1964de ppc/9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.ppc.rpm
     9e8c26387681e9e542f7588db6eaacb6 ppc/9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.ppc.rpm
     37d7552011e007629985a83984181652 ppc/9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm

     Mandrake Linux 9.2:
     2465e00205fc34d78a72545d1a00a24f 9.2/RPMS/libxfree86-4.3-24.4.92mdk.i586.rpm
     a987962fce9ec85d4c02b051d8dcbce6 9.2/RPMS/libxfree86-devel-4.3-24.4.92mdk.i586.rpm
     a51b3d691999436babf85845a3720c34 9.2/RPMS/libxfree86-static-devel-4.3-24.4.92mdk.i586.rpm
     245dfe0ff1d7618c59ccc8052fdfe040 9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.i586.rpm
     7ed2f5ec2b8e087209b19f7bc6b24424 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.i586.rpm
     24f2119308cc500300fc55e7413b05ee 9.2/RPMS/XFree86-4.3-24.4.92mdk.i586.rpm
     74421ed1018908a55294e46ca90e5a73 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.i586.rpm
     f9388e7cd146f6968071c1df70813b03 9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.i586.rpm
     0f92071b9ce2a8544cca226c07c3aba4 9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.i586.rpm
     66e4f0adb9a81ce0c54faef126911059 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.i586.rpm
     3c619cfaabf95c50869fc4ca686cfe1b 9.2/RPMS/XFree86-glide-module-4.3-24.4.92mdk.i586.rpm
     5168c34488df4186101bb9aa5cda7ce5 9.2/RPMS/XFree86-server-4.3-24.4.92mdk.i586.rpm
     1b97520e7219ac05ac864ff3f336e431 9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.i586.rpm
     8bbaa775d0a642d99b068601f203b4bc 9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm

     Mandrake Linux 9.2/AMD64:
     a517c17424ee8a02cc4a8f9a51c553da amd64/9.2/RPMS/lib64xfree86-4.3-24.4.92mdk.amd64.rpm
     973a672b0d4b66e0d5970d146935bdce amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.4.92mdk.amd64.rpm
     ee7dbd21dd074829fe102551c89d0d3c amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.4.92mdk.amd64.rpm
     0a46865142bf0282ec6b041aa5fc80de amd64/9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.amd64.rpm
     421a3ad3412a76ef54b6febdcfd73f8c amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.amd64.rpm
     f5e13d6c1d7d16cccf5eff388bcf01d7 amd64/9.2/RPMS/XFree86-4.3-24.4.92mdk.amd64.rpm
     7edb2bcdbdf513078f1702c9da678781 amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.amd64.rpm
     e789fc9ab14324f8f9ae83d4ab0ef2f8 amd64/9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.amd64.rpm
     4f2a3540097f82f759fd2107c21d3339 amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.amd64.rpm
     995c3918c1dc7a318e5cb72a2848a447 amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.amd64.rpm
     94dbb6dd2611beb53fea56761deda581 amd64/9.2/RPMS/XFree86-server-4.3-24.4.92mdk.amd64.rpm
     76237a5914c788ea985eb2aed7655204 amd64/9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.amd64.rpm
     8bbaa775d0a642d99b068601f203b4bc amd64/9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     A list of FTP mirrors can be obtained from:

      http://www.mandrakesecure.net/en/ftp.php

     All packages are signed by MandrakeSoft for security. You can obtain
     the GPG public key of the Mandrake Linux Security Team by executing:

      gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

     Please be aware that sometimes it takes the mirrors a few hours to
     update.

     You can view other update advisories for Mandrake Linux at:

      http://www.mandrakesecure.net/en/advisories/

     MandrakeSoft has several security-related mailing list services that
     anyone can subscribe to. Information on these lists can be obtained by
     visiting:

      http://www.mandrakesecure.net/en/mlist.php

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFALQFkmqjQ0CJFipgRAg9XAJ43izhebJHMQ5jRwaCjXMSd8hOnVwCdG1id
    Us3Cs+Od2S9fjtYmY0ckTyE=
    =fDTU
    -----END PGP SIGNATURE-----


  • Next message: André Malo: "Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")"

    Relevant Pages

    • MDKSA-2002:016-1 - squid update
      ... Three security issues were found in the 2.x versions of the Squid proxy ... Denial of Service attack on ther server if the SNMP interface is ... The squid updates for all versions other than Mandrake Linux were ... All packages are signed by MandrakeSoft for security. ...
      (Bugtraq)
    • MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities
      ... prevent access to authenticated content when a threaded server is used. ... which is not the default for Mandrake Linux. ... vulnerabilities and MandrakeSoft encourages all users to upgrade ... All packages are signed by MandrakeSoft for security. ...
      (Bugtraq)
    • [Full-Disclosure] MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities
      ... prevent access to authenticated content when a threaded server is used. ... which is not the default for Mandrake Linux. ... vulnerabilities and MandrakeSoft encourages all users to upgrade ... All packages are signed by MandrakeSoft for security. ...
      (Full-Disclosure)
    • [Full-Disclosure] MDKSA-2003:085 - Updated gdm packages fix vulnerabilities
      ... Several vulnerabilities were discovered in versions of gdm prior to ... Another two vulnerabilities were found in the XDMCP code that could be ... Mandrake Linux 9.0: ... All packages are signed by MandrakeSoft for security. ...
      (Full-Disclosure)
    • MDKSA-2003:010 - Updated printer-drivers packages fix local vulnerabilities
      ... Karol Wiesek and iDefense disovered three vulnerabilities in the ... This is only possible when esputil is suid or sgid; in Mandrake Linux ... If you want to upgrade manually, download the updated package from one ... All packages are signed by MandrakeSoft for security. ...
      (Bugtraq)