Fedora Legacy Test Update Notification: XFree86

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2314
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2314
2005-02-03
---------------------------------------------------------------------

Name        : XFree86
7.3 Version : XFree86-4.2.1-16.73.30.legacy
9 Version   : XFree86-4.3.0-2.90.60.legacy
fc1 Version : XFree86-4.3.0-59.legacy
Summary     : The basic fonts, programs and docs for an X workstation.
Description :
XFree86 is an open source implementation of the X Window System.  It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.

---------------------------------------------------------------------
Update Information:

iDefense discovered two buffer overflows in the parsing of the 'font.alias'
file. A local attacker could exploit this vulnerability by creating a
carefully-crafted file and gaining root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

Additionally David Dawes discovered additional flaws in reading font files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0106 to these issues.

During a source code audit, Chris Evans discovered several stack overflow
flaws and an integer overflow flaw in the X.Org libXpm library used to
decode XPM (X PixMap) images. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687,
CAN-2004-0688, and CAN-2004-0692 to these issues.

Users of XFree86 should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.

---------------------------------------------------------------------
7.3 changelog:

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.2.1-16.73.30.legacy

- apply fix for previous patch

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.2.1-16.73.29.legacy

- apply patch for CAN-2004-0914 (FL #2314)

* Sat Oct 02 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.2.1-28

- Fix for CAN-2004-0687/8 libXpm stack and integer overflows.

* Tue Sep 28 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.2.1-27

- Fixed permissions of a few source files
- Added gcc-c++ BuildRequires

* Fri May 14 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-26

- Disabled parallel building (not fixable?).

* Wed May 12 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-25

- Fixed parallel building (reversed order of two lines in Makefile patches).
- Added conditional BuildRequires for Glide3-devel.
- Commented out rpm -q test for Glide3-devel.

* Tue Feb 24 2004 John P. Dalbec <jpdalbec@xxxxxxx> 4.2.1-24

- [SECURITY] XFree86-4.2.1-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2-430-backport.patch
  added containing fixes for libXfont buffer overflow issues CAN-2004-0083,
  CAN-2004-0084, and CAN-2004-0106 (copied from RH 9 SRPM).
- Added missing BuildRequires for libtool
- Converted all BuildPrereq to BuildRequires

9 changelog:

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.3.0-2.x.60.legacy

- apply fix for previous patch

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.3.0-2.x.59.legacy

- apply patch for CAN-2004-0914 (FL #2314)

* Sat Oct 02 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.3.0-2.x.58.legacy

- Fix for CAN-2004-0687/8 libXpm stack and integer overflows.

* Tue Sep 28 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.3.0-2.x.57.legacy

- Add BuildRequires on gcc-c++

* Tue Jul 06 2004 J.S.Peatfield <J.S.Peatfield@xxxxxxxxxxxxxxx> 4.3.0-2.x.56.legac

- fix CAN-2004-0419 - XDM in XFree86 socket open vulnerability with
  patch based on one from http://bugs.xfree86.org/show_bug.cgi?id=1376

fc1 changelog:

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.3.0.59.legacy

- apply fix for previous patch

* Tue Nov 30 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 4.3.0.58.legacy

- apply patch for CAN-2004-0914 (FL #2314)

* Tue Nov 09 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.3.0.57.legacy

- Add m4 BuildRequires

* Sat Oct 02 2004 Dominic Hargreaves <dom@xxxxxxxx> 4.3.0-56.legacy

- Fix for CAN-2004-0419 - XDM in XFree86 socket open vulnerability
- Fix for CAN-2004-0687/8 libXpm stack and integer overflows.

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

2c38279e15e8510c85400780da3ee41b57b81ffa  redhat/7.3/updates-testing/SRPMS/XFree86-4.2.1-16.73.30.legacy.src.rpm
dc1ac97e2f0077915a4f3d56dd32d14c0429faa6  redhat/7.3/updates-testing/i386/XFree86-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
df4fac2134c20410c7df415c7ced94ccc08cf36b  redhat/7.3/updates-testing/i386/XFree86-4.2.1-16.73.30.legacy.i386.rpm
c6e3b08145f73a85be39e301ac2df2015c37a036  redhat/7.3/updates-testing/i386/XFree86-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
f0bec0c03de0c977be1d5b4e34b09dd348f34c14  redhat/7.3/updates-testing/i386/XFree86-base-fonts-4.2.1-16.73.30.legacy.i386.rpm
794fb0cf67a1b1ef84d247fc90a0138e70d85c4f  redhat/7.3/updates-testing/i386/XFree86-cyrillic-fonts-4.2.1-16.73.30.legacy.i386.rpm
ac82944f56aba63f6d64068ddc5a6bd4e55fae94  redhat/7.3/updates-testing/i386/XFree86-devel-4.2.1-16.73.30.legacy.i386.rpm
a3b4043417d7069f095471daf2f72153f9a31ea4  redhat/7.3/updates-testing/i386/XFree86-doc-4.2.1-16.73.30.legacy.i386.rpm
1c28ae585d90ad3bd73e4cb6eff32035d54dbec9  redhat/7.3/updates-testing/i386/XFree86-font-utils-4.2.1-16.73.30.legacy.i386.rpm
ab51270528cb8970f19d21c35de093840c9eacc4  redhat/7.3/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
d06490ffd58c498b6c3392a02e2f1f52368c1699  redhat/7.3/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
81c5bb28ee0493c53dbee38f8312f73279481e49  redhat/7.3/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
8a9d4c1ea6f3dddd0787009015e3bf66d194beb3  redhat/7.3/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
b65333c64e90524b437c1c5ffe0a1eded2deab9d  redhat/7.3/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
5f0cbdd132954a813d2e4b187d37f9e4e4613a32  redhat/7.3/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm
d4ee4c7adf9e6a6f533a09cabfcfe9b6f11f8628  redhat/7.3/updates-testing/i386/XFree86-libs-4.2.1-16.73.30.legacy.i386.rpm
af869d4a76601d739a90c05cac61f2112ad753e5  redhat/7.3/updates-testing/i386/XFree86-tools-4.2.1-16.73.30.legacy.i386.rpm
629b596d824fb31558eef1eef05dd6b63ce2a15b  redhat/7.3/updates-testing/i386/XFree86-truetype-fonts-4.2.1-16.73.30.legacy.i386.rpm
fe63ec2dd3f402ee2e9f05417969c58f276e3d8a  redhat/7.3/updates-testing/i386/XFree86-twm-4.2.1-16.73.30.legacy.i386.rpm
95ef4f17e9e282b48979c3b491447738679b5b3e  redhat/7.3/updates-testing/i386/XFree86-xdm-4.2.1-16.73.30.legacy.i386.rpm
a52fa2bebe3f9aa2fa37409ddf4aa57b01abd435  redhat/7.3/updates-testing/i386/XFree86-xf86cfg-4.2.1-16.73.30.legacy.i386.rpm
7bc973b06812281b3c102a9721cd824747b8b8a8  redhat/7.3/updates-testing/i386/XFree86-xfs-4.2.1-16.73.30.legacy.i386.rpm
18d0442ed2d6a31eaf870c6ab7d727b2f6696351  redhat/7.3/updates-testing/i386/XFree86-Xnest-4.2.1-16.73.30.legacy.i386.rpm
77215ad43ad1b77f6f1527af7d642ad6c5dc40ce  redhat/7.3/updates-testing/i386/XFree86-Xvfb-4.2.1-16.73.30.legacy.i386.rpm

ff7072e0b55decdd13453ce3532588c32597de61  redhat/9/updates-testing/SRPMS/XFree86-4.3.0-2.90.60.legacy.src.rpm
ed4d03ede26a89422825ad18ce6e14a7831927eb  redhat/9/updates-testing/i386/XFree86-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
f4f99ff79a7d1eeca726cb61a536c5884bbdadac  redhat/9/updates-testing/i386/XFree86-4.3.0-2.90.60.legacy.i386.rpm
dc9b89287ea04b5acafac200f8c8483cbdb74cce  redhat/9/updates-testing/i386/XFree86-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
f8210a9eb148259a1d402dfdd7f58075dfd022a6  redhat/9/updates-testing/i386/XFree86-base-fonts-4.3.0-2.90.60.legacy.i386.rpm
caad110605ae0aaa91f93cd79d9bea5d3ae73431  redhat/9/updates-testing/i386/XFree86-cyrillic-fonts-4.3.0-2.90.60.legacy.i386.rpm
6502feec18a9e2f325551f90c8a2a3e260f1915a  redhat/9/updates-testing/i386/XFree86-devel-4.3.0-2.90.60.legacy.i386.rpm
b9c797cc7202aa43c824474713b1fee447039b1f  redhat/9/updates-testing/i386/XFree86-doc-4.3.0-2.90.60.legacy.i386.rpm
b4efa8b07bfc3c5a4441b89acd02266c1618d138  redhat/9/updates-testing/i386/XFree86-font-utils-4.3.0-2.90.60.legacy.i386.rpm
db7c826e976913123caae9bc20303655c758a047  redhat/9/updates-testing/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
23f5c9db2e532aabdc6f47f629458d69da92d303  redhat/9/updates-testing/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
14d720d254b1f26633ebee78b76273f38b8ee46b  redhat/9/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
dffce9814a821f9d4b4703bfb98e5aa04ef221bc  redhat/9/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
70b0606839ef7c14eff38851e2fab6a7896992dc  redhat/9/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
01fa202f3915e2d6a123f150e367feff82d42d1f  redhat/9/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
e640fe73f9f6769d38d59fa01bdce78e2ef71bdd  redhat/9/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
f253cb5b83610f7168762978335beef8b45a3f59  redhat/9/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm
694f32b8c7a4be52008de92f41347e3af51ee9e7  redhat/9/updates-testing/i386/XFree86-libs-4.3.0-2.90.60.legacy.i386.rpm
95f6355f42e885ff21d87788975c28adbc2b75e9  redhat/9/updates-testing/i386/XFree86-libs-data-4.3.0-2.90.60.legacy.i386.rpm
1b88a4c736fd2aa5409d4ee23ad626aa95c9c816  redhat/9/updates-testing/i386/XFree86-Mesa-libGL-4.3.0-2.90.60.legacy.i386.rpm
18d4247c77182cd7cd569b949a5483a968043723  redhat/9/updates-testing/i386/XFree86-Mesa-libGLU-4.3.0-2.90.60.legacy.i386.rpm
3335a0096695baa109f35c64c9ead7a3072fc28c  redhat/9/updates-testing/i386/XFree86-sdk-4.3.0-2.90.60.legacy.i386.rpm
d069175adc265f31b0ff48ea78cdd59203146ab9  redhat/9/updates-testing/i386/XFree86-syriac-fonts-4.3.0-2.90.60.legacy.i386.rpm
0a6ae9b0f3b640ce528ef153e33536c6ba4b9d2f  redhat/9/updates-testing/i386/XFree86-tools-4.3.0-2.90.60.legacy.i386.rpm
b78bfd843f2c6a9cb31957ad6ab2dbf6c4d25632  redhat/9/updates-testing/i386/XFree86-truetype-fonts-4.3.0-2.90.60.legacy.i386.rpm
f72ff04509739828871044b8e246bbb98cb26500  redhat/9/updates-testing/i386/XFree86-twm-4.3.0-2.90.60.legacy.i386.rpm
b1043925fffe7bd714d025372242778a6f03e7ed  redhat/9/updates-testing/i386/XFree86-xauth-4.3.0-2.90.60.legacy.i386.rpm
3ed9fb9f0de675fe92b671e1d0432bda531daa41  redhat/9/updates-testing/i386/XFree86-xdm-4.3.0-2.90.60.legacy.i386.rpm
6aff7d5ff0e5f5e22c471c9113bffa25fd6b5478  redhat/9/updates-testing/i386/XFree86-xfs-4.3.0-2.90.60.legacy.i386.rpm
42f8c36e72ae33cdc98b4a2e78771fa3f121351c  redhat/9/updates-testing/i386/XFree86-Xnest-4.3.0-2.90.60.legacy.i386.rpm
67c6176f5d673238b58ae3f79d446ab0da258607  redhat/9/updates-testing/i386/XFree86-Xvfb-4.3.0-2.90.60.legacy.i386.rpm

f506c7f1286ed9d252840d56e5bfd3e10323f260  fedora/1/updates-testing/SRPMS/XFree86-4.3.0-59.legacy.src.rpm
41dc2c5e92530ee276092e7a6ef0711242a6d802  fedora/1/updates-testing/i386/XFree86-100dpi-fonts-4.3.0-59.legacy.i386.rpm
e0e6865d27c7ef62fff9cae59adc0d241901435f  fedora/1/updates-testing/i386/XFree86-4.3.0-59.legacy.i386.rpm
21e69dd9ba1e1561b2d13be7d992975dca4326e0  fedora/1/updates-testing/i386/XFree86-75dpi-fonts-4.3.0-59.legacy.i386.rpm
19089ae7b10a16531a050f26e924ff7afd6cab84  fedora/1/updates-testing/i386/XFree86-base-fonts-4.3.0-59.legacy.i386.rpm
5ef293ae847c995d39f41c57821739e3cc3bb74b  fedora/1/updates-testing/i386/XFree86-cyrillic-fonts-4.3.0-59.legacy.i386.rpm
97bd48f5887c5b8c2a5a6739e0a931af4f99e6af  fedora/1/updates-testing/i386/XFree86-devel-4.3.0-59.legacy.i386.rpm
8d254544eed188d5c2fbc5fa303dceda6886d3cb  fedora/1/updates-testing/i386/XFree86-doc-4.3.0-59.legacy.i386.rpm
2c1974d8dc69f98957358724c72d36c2d74eb0b7  fedora/1/updates-testing/i386/XFree86-font-utils-4.3.0-59.legacy.i386.rpm
b43e195b60add11ebed29c840655986aefae4bdb  fedora/1/updates-testing/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-59.legacy.i386.rpm
93d3b1c7f1ccb4774b2db353dd031767c3389c58  fedora/1/updates-testing/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-59.legacy.i386.rpm
8a3b08dfea526be7655f7f3f2bfe0935167ca326  fedora/1/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-59.legacy.i386.rpm
50c0018cd62b5a09c0becc2c7fb125cb11aaed86  fedora/1/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-59.legacy.i386.rpm
50691dd23bd82ac66f894561d52ae4f30d9e6be4  fedora/1/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-59.legacy.i386.rpm
f1e8391db079f6479c47b31f02d283eb64e1b372  fedora/1/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-59.legacy.i386.rpm
b4f1a8aaab2168d801239de9ec4631b5f5f952c5  fedora/1/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-59.legacy.i386.rpm
c90c9f1086ade943c819159e1e9c4da609ee20bc  fedora/1/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-59.legacy.i386.rpm
6969c834e092c7f17d736ae4ab7d13020446b088  fedora/1/updates-testing/i386/XFree86-libs-4.3.0-59.legacy.i386.rpm
40401fae64837023cf5ad321914ed35b0569e1fb  fedora/1/updates-testing/i386/XFree86-libs-data-4.3.0-59.legacy.i386.rpm
c77ae20f5e95c2013ab5b79c747c50a1aeb2ff9f  fedora/1/updates-testing/i386/XFree86-Mesa-libGL-4.3.0-59.legacy.i386.rpm
6acb61f2ccb56125b8bb6b0bbb33aca393b41bfa  fedora/1/updates-testing/i386/XFree86-Mesa-libGLU-4.3.0-59.legacy.i386.rpm
b5ed6846d3c5267890f75bb2967719a77251077b  fedora/1/updates-testing/i386/XFree86-sdk-4.3.0-59.legacy.i386.rpm
a2593f5ad70cf863bc1a50065d4cf959c396b290  fedora/1/updates-testing/i386/XFree86-syriac-fonts-4.3.0-59.legacy.i386.rpm
77ef806dd3a962e13300cfaafc5761cd453e42fd  fedora/1/updates-testing/i386/XFree86-tools-4.3.0-59.legacy.i386.rpm
004636b99489d8d9d0da9a89d112fbca85b51e7b  fedora/1/updates-testing/i386/XFree86-truetype-fonts-4.3.0-59.legacy.i386.rpm
61442fea052c2c9bb4cd52b836f83be39dd51645  fedora/1/updates-testing/i386/XFree86-twm-4.3.0-59.legacy.i386.rpm
adee8168ca51a34a7f33a1af4e51ad2409a244fb  fedora/1/updates-testing/i386/XFree86-xauth-4.3.0-59.legacy.i386.rpm
60bc51efdcfa0e4062404ba4e7083e9927f16e33  fedora/1/updates-testing/i386/XFree86-xdm-4.3.0-59.legacy.i386.rpm
ffbeaab8ac66e40cac0eeac685a8567bda43517b  fedora/1/updates-testing/i386/XFree86-xfs-4.3.0-59.legacy.i386.rpm
23b0cdbf749a8eadb3dce701ab4bfd57e65777fe  fedora/1/updates-testing/i386/XFree86-Xnest-4.3.0-59.legacy.i386.rpm
7ee79dd5f9a1efd0d2881c0d426951b9c9eac44f  fedora/1/updates-testing/i386/XFree86-Xvfb-4.3.0-59.legacy.i386.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: Digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux