Date: 13 Feb 2004 16:55:00 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:012 - Updated XFree86 packages fix buffer overflow vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrake Linux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2004:012
Date: February 14th, 2004
Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Two buffer overflow vulnerabilities were found by iDEFENSE in
XFree86's parsing of the font.alias file. The X server, which runs as
root, fails to check the length of user-provided input; as a result a
malicious user could craft a malformed font.alias file causing a
buffer overflow upon parsing, which could eventually lead to the
execution of arbitrary code.
Additional vulnerabilities were found by David Dawes, also in the
reading of font files.
The updated packages have a patch from David Dawes to correct these
vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
310bf1924c3fdbd269d9c914f968d1cd corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.i586.rpm
3b2b89dd7589526eae6177cb58b5dd91 corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
34614fe5b8ab99d2608b239ee5500c3a corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.i586.rpm
d852fdcce019792d37d50b6f5ee38989 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
3f41bdd95e10467f414a162d2089b752 corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.i586.rpm
d67588f7a6e661de3f782e06d39f8f81 corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.i586.rpm
e3f6a152399a9a1f67ca28d4966c65ef corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.i586.rpm
dade71c115567fe978659ef72f522d7b corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.i586.rpm
c8653fbefcb470f2aaa61d84bc59c0f4 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.9.C21mdk.i586.rpm
394b33ac9446410b9edd4232d19bc6ab corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.i586.rpm
1e05f8bc2d9b94b85c4634f8d817c5b5 corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.i586.rpm
4b682b76797a17e1e9ad9c9240bfb85d corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.i586.rpm
88a3f60a155efcf194ba06121d875437 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.i586.rpm
64d5862c81b6ea69ed356f625e25675b corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
5942d60536bb1db7bd9a93d0f28be9ed x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.x86_64.rpm
801c19834b03405f060d9bef65446be5 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
77b5d33963c2fddda275c5f2dd177f08 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.x86_64.rpm
101fb938f6cce32ae3fcd5c66402d5ab x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
e4a311ae7c258c8f087a8b1204147967 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.x86_64.rpm
d6716951786d8c4fc960b9e2d7bcca24 x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.x86_64.rpm
c492edc75d42aca8ac16db358b03136a x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
805ff923d28c3d293c78535525b4a8a6 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.x86_64.rpm
9f3559a2df592c93e0302c5eb93b67ab x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.x86_64.rpm
df3a62dcdd118235ff6894e9f19e45fb x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.x86_64.rpm
da2e00f28e82324788900dc2b7565571 x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.x86_64.rpm
4336f401c3aef287d959f7fda5ab7b3e x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.x86_64.rpm
64d5862c81b6ea69ed356f625e25675b x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm
Mandrake Linux 9.0:
98e5b738b3dbc829d21256fbdc78710c 9.0/RPMS/X11R6-contrib-4.2.1-3.5.90mdk.i586.rpm
ad1674508a8296ba90bbfe993d76ca27 9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
147ebe26aab5a24de5aa9f1a4fc07994 9.0/RPMS/XFree86-4.2.1-3.5.90mdk.i586.rpm
99390424e23bac5773a78b42da2baf9a 9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
66ff679df82d4cedc0d2e471e8e3a1ca 9.0/RPMS/XFree86-Xnest-4.2.1-3.5.90mdk.i586.rpm
37625aea0104d591018564022b48c94a 9.0/RPMS/XFree86-Xvfb-4.2.1-3.5.90mdk.i586.rpm
4372c1156eb29891a15cdd2d82632631 9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.5.90mdk.i586.rpm
df791cabfa0835d8cbc1eef4098284d6 9.0/RPMS/XFree86-devel-4.2.1-3.5.90mdk.i586.rpm
1f44bf236351c2c6c88b749bd9243632 9.0/RPMS/XFree86-glide-module-4.2.1-3.5.90mdk.i586.rpm
12ae6507db13b1cf57d83b4b2486c8d2 9.0/RPMS/XFree86-libs-4.2.1-3.5.90mdk.i586.rpm
c31e106485fe806408c3f00a3ba3d5f5 9.0/RPMS/XFree86-server-4.2.1-3.5.90mdk.i586.rpm
62830c01b5172df5ec704645c92b3d8d 9.0/RPMS/XFree86-static-libs-4.2.1-3.5.90mdk.i586.rpm
367d6a87b91f6f305affd748a1c3d696 9.0/RPMS/XFree86-xfs-4.2.1-3.5.90mdk.i586.rpm
982a452683aa71d835c6e7119d19ec81 9.0/SRPMS/XFree86-4.2.1-3.5.90mdk.src.rpm
Mandrake Linux 9.1:
7c01363aaeb5c743f38c0ea34214efa0 9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.i586.rpm
cc4a1010fb7f6edeaa8c207894fd17db 9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.i586.rpm
0b755a0bdf0004c85e1ae855796c386b 9.1/RPMS/XFree86-4.3-8.7.91mdk.i586.rpm
a7082c2ef309c3f96d8cd57f2dc1d5ee 9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.i586.rpm
a57a95691a365fef73ae099d263e37f3 9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.i586.rpm
d56381b27356ea984c3529fc18a8f553 9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.i586.rpm
c28e40d257929015ce51a44025b73419 9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.i586.rpm
f59caeb2e0cd6b2cd1252ce68a5a3701 9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.i586.rpm
5b5a89f147662d0733365ffed3ca4b07 9.1/RPMS/XFree86-glide-module-4.3-8.7.91mdk.i586.rpm
87b3a9cc5fc382d70be92f0c8af34f4e 9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.i586.rpm
8ef96d1888ed2a996a60dcffd6ee3e55 9.1/RPMS/XFree86-server-4.3-8.7.91mdk.i586.rpm
ffcfab37ec7b83e25a9910500d391922 9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.i586.rpm
ea7bc11b621a5c7cff21620cbe4a1081 9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.i586.rpm
37d7552011e007629985a83984181652 9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm
Mandrake Linux 9.1/PPC:
7cde9aac236b245d80f0d3cadc871463 ppc/9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.ppc.rpm
67d584f5ddcce49542b7f1cc60416593 ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.ppc.rpm
411850a4073715db74484ea1524d15f2 ppc/9.1/RPMS/XFree86-4.3-8.7.91mdk.ppc.rpm
7ce455db242384aed219dee3c3b935ef ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.ppc.rpm
a56324a6c603be47d5a0f5a5bdf44b4d ppc/9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.ppc.rpm
97b19edcced65286219adff178504118 ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.ppc.rpm
a49c35faa8f481ff46323ecaaeeafe9f ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.ppc.rpm
4e51c103bd2da9f1f484a5a73b29fe44 ppc/9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.ppc.rpm
12374d121016366e9b872e9d67ea5f91 ppc/9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.ppc.rpm
6802b19db8ec11b77876f4c81647db45 ppc/9.1/RPMS/XFree86-server-4.3-8.7.91mdk.ppc.rpm
e9e17607d11880f5d269727c7b1964de ppc/9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.ppc.rpm
9e8c26387681e9e542f7588db6eaacb6 ppc/9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.ppc.rpm
37d7552011e007629985a83984181652 ppc/9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm
Mandrake Linux 9.2:
2465e00205fc34d78a72545d1a00a24f 9.2/RPMS/libxfree86-4.3-24.4.92mdk.i586.rpm
a987962fce9ec85d4c02b051d8dcbce6 9.2/RPMS/libxfree86-devel-4.3-24.4.92mdk.i586.rpm
a51b3d691999436babf85845a3720c34 9.2/RPMS/libxfree86-static-devel-4.3-24.4.92mdk.i586.rpm
245dfe0ff1d7618c59ccc8052fdfe040 9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.i586.rpm
7ed2f5ec2b8e087209b19f7bc6b24424 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.i586.rpm
24f2119308cc500300fc55e7413b05ee 9.2/RPMS/XFree86-4.3-24.4.92mdk.i586.rpm
74421ed1018908a55294e46ca90e5a73 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.i586.rpm
f9388e7cd146f6968071c1df70813b03 9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.i586.rpm
0f92071b9ce2a8544cca226c07c3aba4 9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.i586.rpm
66e4f0adb9a81ce0c54faef126911059 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.i586.rpm
3c619cfaabf95c50869fc4ca686cfe1b 9.2/RPMS/XFree86-glide-module-4.3-24.4.92mdk.i586.rpm
5168c34488df4186101bb9aa5cda7ce5 9.2/RPMS/XFree86-server-4.3-24.4.92mdk.i586.rpm
1b97520e7219ac05ac864ff3f336e431 9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.i586.rpm
8bbaa775d0a642d99b068601f203b4bc 9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
a517c17424ee8a02cc4a8f9a51c553da amd64/9.2/RPMS/lib64xfree86-4.3-24.4.92mdk.amd64.rpm
973a672b0d4b66e0d5970d146935bdce amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.4.92mdk.amd64.rpm
ee7dbd21dd074829fe102551c89d0d3c amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.4.92mdk.amd64.rpm
0a46865142bf0282ec6b041aa5fc80de amd64/9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.amd64.rpm
421a3ad3412a76ef54b6febdcfd73f8c amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.amd64.rpm
f5e13d6c1d7d16cccf5eff388bcf01d7 amd64/9.2/RPMS/XFree86-4.3-24.4.92mdk.amd64.rpm
7edb2bcdbdf513078f1702c9da678781 amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.amd64.rpm
e789fc9ab14324f8f9ae83d4ab0ef2f8 amd64/9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.amd64.rpm
4f2a3540097f82f759fd2107c21d3339 amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.amd64.rpm
995c3918c1dc7a318e5cb72a2848a447 amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.amd64.rpm
94dbb6dd2611beb53fea56761deda581 amd64/9.2/RPMS/XFree86-server-4.3-24.4.92mdk.amd64.rpm
76237a5914c788ea985eb2aed7655204 amd64/9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.amd64.rpm
8bbaa775d0a642d99b068601f203b4bc amd64/9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFALQFkmqjQ0CJFipgRAg9XAJ43izhebJHMQ5jRwaCjXMSd8hOnVwCdG1id
Us3Cs+Od2S9fjtYmY0ckTyE=
=fDTU
-----END PGP SIGNATURE-----