Please test these packages and report to bugzilla. Note these packages are for Redhat 7.3; the previous test update was for Redhat 9. --------------------------------------------------------------------- Fedora Test Update Notification FEDORALEGACY-2004-1289 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1289 2004-09-30 --------------------------------------------------------------------- Name : XFree86 Version : 4.2.1-16.73.27 Summary : The basic fonts, programs and docs for an X workstation. Description : XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. --------------------------------------------------------------------- Update Information: iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0106 to these issues. --------------------------------------------------------------------- Changelog: * Tue Sep 28 2004 Dominic Hargrewaves <dom@xxxxxxxx> 4.2.1-27 - Fixed permissions of a few source files - Added gcc-c++ BuildRequires * Fri May 14 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-26 - Disabled parallel building (not fixable?). * Wed May 12 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-25 - Fixed parallel building (reversed order of two lines in Makefile patches). - Added conditional BuildRequires for Glide3-devel. - Commented out rpm -q test for Glide3-devel. * Tue Feb 24 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-24 - [SECURITY] XFree86-4.2.1-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2-430-backport.patch added containing fixes for libXfont buffer overflow issues CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 (copied from RH 9 SRPM). - Added missing BuildRequires for libtool - Converted all BuildPrereq to BuildRequires --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ b311b22fe4d6d4e08f99ea7e59d4be7a6158d66d 7.3/updates-testing/SRPMS/XFree86-4.2. 1-16.73.27.src.rpm 8a5738fc0d2aeff3b98e3cfdf28135eeee4385f0 7.3/updates-testing/i386/XFree86-100dp i-fonts-4.2.1-16.73.27.i386.rpm 77ae3b1c10ce7a001f5822c66f6b91f58c94a475 7.3/updates-testing/i386/XFree86-4.2.1 -16.73.27.i386.rpm 9c899aab10f09516a9003199620d0fc2e04dd014 7.3/updates-testing/i386/XFree86-75dpi -fonts-4.2.1-16.73.27.i386.rpm 7e365574c9d4c4e56ed042f7119423bc6114dbb5 7.3/updates-testing/i386/XFree86-base- fonts-4.2.1-16.73.27.i386.rpm 477b6fa1d9bec3a1bb9f285c8c57622d4d131656 7.3/updates-testing/i386/XFree86-cyril lic-fonts-4.2.1-16.73.27.i386.rpm 704f039490bb3a0e56400f7ec71a9cfb43de129b 7.3/updates-testing/i386/XFree86-devel -4.2.1-16.73.27.i386.rpm 56f083d57e4fd5048d5a0548193c03ecb39332f9 7.3/updates-testing/i386/XFree86-doc-4 .2.1-16.73.27.i386.rpm cef766b8f14f497279905516cc0743ca0b484a6a 7.3/updates-testing/i386/XFree86-font-utils-4.2.1-16.73.27.i386.rpm 9dbf4535e9499d5e3ca21ce44b14859d88a45ac7 7.3/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.27.i386.rpm 50782370c7d3a524649085b039cb704e1361754b 7.3/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.27.i386.rpm 28f087c281057110a3dd1ca84c564033b5510c67 7.3/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.27.i386.rpm 074a8115455791cbfc09c02c4796533c2d00fa57 7.3/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.27.i386.rpm 1f23b76f196979b8ae5d91cda87f1eb7905be0e7 7.3/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.27.i386.rpm 65d0f074cade8ac011ec881e91862541f2b7de63 7.3/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.27.i386.rpm fa8d73c984479350425bda006a168d19a4f724a5 7.3/updates-testing/i386/XFree86-libs-4.2.1-16.73.27.i386.rpm f4e2d367b3ac930e68d4c2dae3d4fa78e45eb7e9 7.3/updates-testing/i386/XFree86-tools-4.2.1-16.73.27.i386.rpm 8dd9a32c44beb8110897adeaeac66e10a02e5ec2 7.3/updates-testing/i386/XFree86-truetype-fonts-4.2.1-16.73.27.i386.rpm 0083535709b3e46c646551e48d3c6793a0797c6c 7.3/updates-testing/i386/XFree86-twm-4.2.1-16.73.27.i386.rpm 889acef55be6e8cc1fa67d1133b03e68d6e4a2b3 7.3/updates-testing/i386/XFree86-xdm-4.2.1-16.73.27.i386.rpm e0f95f9a79dcb83b73bfc284714f1ea9b8f8eeba 7.3/updates-testing/i386/XFree86-xf86cfg-4.2.1-16.73.27.i386.rpm d963b8d19b4cef53c70e60597a57ff2b215af244 7.3/updates-testing/i386/XFree86-xfs-4.2.1-16.73.27.i386.rpm 708d06c728c2df4eb526403eb132630b027da0f2 7.3/updates-testing/i386/XFree86-Xnest-4.2.1-16.73.27.i386.rpm 74ba7b4eaae9ca8d44c053afbc18fba9e163f59d 7.3/updates-testing/i386/XFree86-Xvfb-4.2.1-16.73.27.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. --------------------------------------------------------------------- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
