-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2004:138
Date: November 22nd, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
The XPM library which is part of the XFree86/XOrg project is used
by several GUI applications to process XPM image files.
A source code review of the XPM library, done by Thomas Biege of the
SuSE Security-Team revealed several different kinds of bugs. These
bugs include integer overflows, out-of-bounds memory access, shell
command execution, path traversal, and endless loops.
These bugs can be exploited by remote and/or local attackers to gain
access to the system or to escalate their local privileges, by using a
specially crafted xpm image.
Updated packages are patched to correct all these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
2afb474174ceeeb8b9978731ea67b106 10.0/RPMS/libxfree86-4.3-32.3.100mdk.i586.rpm
becdd628fb0a2daba78e8e0052db8973 10.0/RPMS/libxfree86-devel-4.3-32.3.100mdk.i586.rpm
537ffdd77fcf6aaaeaa671d459640266 10.0/RPMS/libxfree86-static-devel-4.3-32.3.100mdk.i586.rpm
d1f90d0e9d92abbd07873f4cabd5c1ca 10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.i586.rpm
b3df7e27cf04bf02aeacfcfb3bb4ebfe 10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.i586.rpm
2d4ec2c81801423fe46e464bbbe76e28 10.0/RPMS/XFree86-4.3-32.3.100mdk.i586.rpm
6833f06a64c81f00b49dc531a5af967e 10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.i586.rpm
80f39632b42dbd34c9683daeafb2a390 10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.i586.rpm
02fb4c3780a69cadc832bb90ecc83cad 10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.i586.rpm
2b1ba9d93d76b5b2fc50bdb510694d47 10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.i586.rpm
bec7c7941d8251aab82bfb29eb4d13c1 10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.i586.rpm
48aeeefd2c4731768c917eeb8e49a848 10.0/RPMS/XFree86-glide-module-4.3-32.3.100mdk.i586.rpm
703e7ae6efb5c5ae0993dfa25d103f89 10.0/RPMS/XFree86-server-4.3-32.3.100mdk.i586.rpm
4df58044b169210f5886fb4e1c8e990f 10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.i586.rpm
0efa3fb00bccfe27094f5814f44debbf 10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
97eb1462d343a0f338a08f76b1f9364b amd64/10.0/RPMS/lib64xfree86-4.3-32.3.100mdk.amd64.rpm
fde070d7e006e804a99567c58681da51 amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.3.100mdk.amd64.rpm
4126b4e4e1257cb7ae0fa6891010a656 amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.3.100mdk.amd64.rpm
cb0116f65cd35f50e7be020c0923bf36 amd64/10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.amd64.rpm
d4f015aaa2f759246b8c453e959df1ef amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.amd64.rpm
e5199a14d89330c33617806e7c800afe amd64/10.0/RPMS/XFree86-4.3-32.3.100mdk.amd64.rpm
7c2c631d77b62d71f0f4de5ebad0c63a amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.amd64.rpm
39819257f528fe778e652e2ae0bed6d8 amd64/10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.amd64.rpm
babc267727355c3e36e4b31ec27ff9a0 amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.amd64.rpm
3d74526247d52b1db1628558023085fd amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.amd64.rpm
364b16bfe97874e4c269ac2662ed13a0 amd64/10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.amd64.rpm
781bc31e2ec070a1b5a02e5fd6021afa amd64/10.0/RPMS/XFree86-server-4.3-32.3.100mdk.amd64.rpm
209acef5a74274a7a18723f805af7341 amd64/10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.amd64.rpm
0efa3fb00bccfe27094f5814f44debbf amd64/10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm
Mandrakelinux 10.1:
837af36fa6f3f740caf63b6d001d377f 10.1/RPMS/libxorg-x11-6.7.0-4.2.101mdk.i586.rpm
3d897b1b9cccd9854ac7956d8298fa06 10.1/RPMS/libxorg-x11-devel-6.7.0-4.2.101mdk.i586.rpm
96aacb669136ea3297749ecd074f75c4 10.1/RPMS/libxorg-x11-static-devel-6.7.0-4.2.101mdk.i586.rpm
07b82c78a8f58f188b20859c5a1f8a54 10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.i586.rpm
6235fd580278f46415143ec2a34d7a9c 10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
a8bfffbf221ae11e95c0cac48e3b27ca 10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.i586.rpm
8f7c9eae1e5ae8cd0eb615e01a049aca 10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
153a372ef44ef9da459164701fcad597 10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.i586.rpm
d0349486fb42aa852f1c26d07c87ba2b 10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.i586.rpm
139bb7e0f6a4974d174c7cef6bdc78ec 10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.i586.rpm
987c77256d9d2b549b7f2fd8d90c5c37 10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.i586.rpm
31b76cce2577ffaabaa87494cd2df5cf 10.1/RPMS/xorg-x11-glide-module-6.7.0-4.2.101mdk.i586.rpm
d3d2bd63e2ad0a70aff148481efc7e05 10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.i586.rpm
1909f6390330b8e34758027577a6a498 10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.i586.rpm
42d2df18a8958c81d5e3c561b0ec6dd8 10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
673e76c6bae242fb331d0545e52dbb74 x86_64/10.1/RPMS/lib64xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
4350f24f96a85650e116b7800fa81723 x86_64/10.1/RPMS/lib64xorg-x11-devel-6.7.0-4.2.101mdk.x86_64.rpm
08574ebda1a728e5c973e4c42b4dff84 x86_64/10.1/RPMS/lib64xorg-x11-static-devel-6.7.0-4.2.101mdk.x86_64.rpm
386b6986637674d35872fcdf86ac23f1 x86_64/10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.x86_64.rpm
85219e70a535989addf8e47a01746b61 x86_64/10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
d9419b62ef12d4b12fedc64eaa7b077a x86_64/10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
2a21aa5e512ce659f051accac86280bd x86_64/10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
3bb9d4d960d5de8791ae3b921bcb49d4 x86_64/10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.x86_64.rpm
55412a69764ab9a5104b6d19a0c65c0a x86_64/10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.x86_64.rpm
22fddf5bd800a0cee6152ef8a63af1eb x86_64/10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.x86_64.rpm
9fcc3c5231066b5b146a28962c7e28a3 x86_64/10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.x86_64.rpm
36574ebda371599d5083ced52e08401e x86_64/10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.x86_64.rpm
113bf0f396a4d6ed8ddb149b88b21b38 x86_64/10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.x86_64.rpm
42d2df18a8958c81d5e3c561b0ec6dd8 x86_64/10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm
Corporate Server 2.1:
fe1bbb7d6f6d3fb00cca14224483a4bd corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.i586.rpm
57b8587970f7e8de6dbc9a12ba63dca0 corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
3d895a499c1c7d0c2e7d010df686c106 corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.i586.rpm
401c12a145975b77d52124a5a5d50f74 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
24d174823b2f859b351dc28038c5445d corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.i586.rpm
7abc5b779da62bb2cb2932c4c95714e7 corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.i586.rpm
3e1000129934b9a9a073b0213f16dbe6 corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.i586.rpm
e7255e48e85cbecd6262d51f32989014 corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.i586.rpm
a962d0df6dd09eb6854523d84fec4e86 corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.i586.rpm
682d742583e0810687b55308724bc157 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.11.C21mdk.i586.rpm
780030d5367fcc89d0953c9b044b8529 corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.i586.rpm
8896ce432c93d01d475ae33461735667 corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.i586.rpm
53cd2172e775cbf216ea75f02020e4d4 corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.i586.rpm
b853b4244edd9932f11d11ea2820a739 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.i586.rpm
9c8d0d9b80b51598a403af219e9a0e2c corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
dffc68b2636997b396abc62a34cd6dab x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.x86_64.rpm
0a5072e381c1f92099df34c62944629c x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
c3bb343202b6e4fd8407204f275a1533 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.x86_64.rpm
f55e947c57306a93731fdd3c1c5f145f x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
65298c67e1b19bd8bdf516c84ef7eaec x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.x86_64.rpm
adc6f86d68acd23d38773ab8f0f29f71 x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.x86_64.rpm
87ac9ab90759b9edee919fcc47ff2eeb x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
29abb2e493d3b17898c6dc2aacf41439 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.x86_64.rpm
312cbac5a7fde15d896d57166bc9b76c x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.x86_64.rpm
b84fa36e4e5531e8b661924621b8c5e6 x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.x86_64.rpm
072a8d9e3d058ca5e4dd5acb93108e82 x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.x86_64.rpm
be7ea83bbf39396d176784fd075539be x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.x86_64.rpm
4ede9683a99c187df328af315217c337 x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.x86_64.rpm
9c8d0d9b80b51598a403af219e9a0e2c x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm
Mandrakelinux 9.2:
5c332161d55e7eebd2360303601dfadb 9.2/RPMS/libxfree86-4.3-24.6.92mdk.i586.rpm
c450c2e22005e97350f3fb29d5ea20ae 9.2/RPMS/libxfree86-devel-4.3-24.6.92mdk.i586.rpm
41bcf9b6bd846a23b89de2e990b26533 9.2/RPMS/libxfree86-static-devel-4.3-24.6.92mdk.i586.rpm
0b2c7bf72e6327e6c6bd93c2aa5f37d6 9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.i586.rpm
3b66f817c250f2bd7085413206509025 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.i586.rpm
26cb98d0fb72082dc853f5646c067578 9.2/RPMS/XFree86-4.3-24.6.92mdk.i586.rpm
82394b97c9a71a719af0e2c7b01ba77b 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.i586.rpm
6df3de4f21e16d2751ede3f25874aebe 9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.i586.rpm
616e1e3b8c6ebe6bbb0a76ee72270d98 9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.i586.rpm
d228bc7b643465201bc9400588dcde24 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.i586.rpm
037afc7cdf1849aeb4854a4d4af29214 9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.i586.rpm
a317f00f84226f4a307d8134a2fc237e 9.2/RPMS/XFree86-glide-module-4.3-24.6.92mdk.i586.rpm
f16720d379d6eacdf2a20fa576ed61dc 9.2/RPMS/XFree86-server-4.3-24.6.92mdk.i586.rpm
b1f380a049bcb2e1f7c2dc06ab44c431 9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.i586.rpm
8d78775e3a349b127e38891fabf65255 9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
7edd01fc836fc645c05e491f86a9d6a6 amd64/9.2/RPMS/lib64xfree86-4.3-24.6.92mdk.amd64.rpm
52c87fee470e394c7e4d0d617c5bb475 amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.6.92mdk.amd64.rpm
2a241721a939736a6ed6d25928518c73 amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.6.92mdk.amd64.rpm
c20d2ffd87f829413f7c0bb279c00171 amd64/9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.amd64.rpm
27e5788d874a503305d4f2eff281ed49 amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.amd64.rpm
c1fe36f7de0bfc47e60519e0fd399a0e amd64/9.2/RPMS/XFree86-4.3-24.6.92mdk.amd64.rpm
3d9959e78352bc4468da2b9983d334c7 amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.amd64.rpm
40fb31d5324397dab3794a274c9c0827 amd64/9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.amd64.rpm
64111dae07d4e6b1745e56f3e97e46a6 amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.amd64.rpm
8ea864fc4f0289399010b4155652aa9a amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.amd64.rpm
b3c734540a22b56da8ba64577a0579d1 amd64/9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.amd64.rpm
5b48ff86468c5ced0f5d450bc34e55da amd64/9.2/RPMS/XFree86-server-4.3-24.6.92mdk.amd64.rpm
dcb6917cf251d27cb91e1e187a9c6265 amd64/9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.amd64.rpm
8d78775e3a349b127e38891fabf65255 amd64/9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBorq4mqjQ0CJFipgRAjmlAKDbEK7jXC+whY+rJ9i/wjoy9GUkUQCeLLUu
rt2y3GpxtcUSk//ItVz6G9Q=
=de3z
-----END PGP SIGNATURE-----
