- --------------------------------------------------------------------------
Debian Security Advisory DSA 380-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
September 12th, 2003                     Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : xfree86
Vulnerability  : buffer overflows, denial of service
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0063 CAN-2003-0071 CAN-2002-0164 CAN-2003-0730

Four vulnerabilities have been discovered in XFree86.

CAN-2003-0063 - xterm window title reporting escape sequence can deceive user

  The xterm package provides a terminal escape sequence that reports
  the window title by injecting it into the input buffer of the
  terminal window, as if the user had typed it.  An attacker can craft
  an escape sequence that sets the title of a victim's xterm window to
  an arbitrary string (such as a shell command) and then reports that
  title.  If the victim is at a shell prompt when this is done, the
  injected command will appear on the command line, ready to be run.
  Since it is not possible to embed a carriage return in the window
  title, the attacker would have to convince the victim to press Enter
  (or rely upon the victim's careless or confusion) for the shell or
  other interactive process to interpret the window title as user
  input.  It is conceivable that the attacker could craft other escape
  sequences that might convince the victim to accept the injected
  input, however.  The Common Vulnerabilities and Exposures project at
  cve.mitre.org has assigned the name CAN-2003-0063 to this issue.

  To determine whether your version of xterm is vulnerable to abuse of
  the window title reporting feature, run the following command at a
  shell prompt from within an xterm window:

    echo -e "\e[21t"

  (The terminal bell may ring, and the window title may be prefixed
  with an "l".)

  This flaw is exploitable by anything that can send output to a
  terminal window, such as a text document.  The xterm user has to
  take action to cause the escape sequence to be sent, however (such
  as by viewing a malicious text document with the "cat" command).
  Whether you are likely to be exposed to it depends on how you use
  xterm.  Consider the following:

    echo -e '\e]2;s && echo rm -rf *\a' > /tmp/sploit
    echo -e '\e[21t' >> /tmp/sploit
    cat /tmp/sploit

  Debian has resolved this problem by disabling the window title
  reporting escape sequence in xterm; it is understood but ignored.
  The escape sequence to set the window title has not been disabled.

  A future release of the xterm package will have a configuration
  option to permit the user to turn the window title reporting feature
  back on, but it will default off.

CAN-2003-0071 -  xterm susceptible to DEC UDK escape sequence denial-of-service
   attack

  The xterm package, since it emulates DEC VT-series text terminals,
  emulates a feature of DEC VT terminals known as "User-Defined Keys"
  (UDK for short).  There is a bug in xterm's handling of DEC UDK
  escape sequences, however, and an ill-formed one can cause the xterm
  process to enter a tight loop.  This causes the process to "spin",
  consuming CPU cycles uselessly, and refusing to handle signals (such
  as efforts to kill the process or close the window).

  To determine whether your version of xterm is vulnerable to this
  attack, run the following command at a shell prompt from within a
  "sacrificial" xterm window (i.e., one that doesn't have anything in
  the scrollback buffer you might need to see later):

    echo -e "\eP0;0|0A/17\x9c"

  This flaw is exploitable by anything that can send output to a
  terminal window, such as a text document.  The xterm user has to
  take action to cause the escape sequence to be sent, however (such
  as by viewing a malicious text document with the "cat" command).
  Whether you are likely to be exposed to it depends on how you use
  xterm.

  Debian has resolved this problem by backporting an upstream fix
  to XFree86 4.1.0.

CAN-2002-0164 - flaw in X server's MIT-SHM extension permits user
   owning X session to read and write arbitrary shared memory segments

  Most X servers descended from the MIT/X Consortium/X.Org Sample
  Implementation, including XFree86's X servers, support an extension
  to the X protocol called MIT-SHM, which enables X clients running on
  the same host as the X server to operate more quickly and
  efficiently by taking advantage of an operating system feature
  called shared memory where it is available.  The Linux kernel, for
  example, supports shared memory.

  Because the X server runs with elevated privileges, the operating
  system's built-in access control mechanisms are ineffective to
  police the X server's usage of segments of shared memory.  Th X
  server has to implement its own access control.  This was
  imperfectly done in previous releases of XFree86 (and the MIT/X
  Consortium/X.Org Sample Implementation before it), leaving
  opportunities for malicious X clients to read and alter shared
  memory segments to which they should not have access.  The Common
  Vulnerabilities and Exposures project at cve.mitre.org has assigned
  the name CAN-2002-0164 to this issue.

  Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix
  for the this flaw, only enforcing proper access control for X
  servers that were not started by a display manager (e.g., xdm).
  This update resolves that problem.

  The Debian Project knows of no exploits for this vulnerability.  A
  malicious X client that abused the MIT-SHM extension could
  conceivably be written however, and run (deliberately or
  unwittingly) by a user able to run an X server on a host.  The
  impact of this flaw depends on how shared memory is used on the
  system.  See the ipcs(8) manual page for more information.

  Debian has resolved this problem by backporting an upstream fix to
  XFree86 4.1.0.

CAN-2003-0730 - multiple integer overflows in the font libraries for
   XFree86 allow local or remote attackers to cause a denial of
   service or execute arbitrary code via heap-based and stack-based
   buffer overflow attacks

  Security researcher "blexim" wrote [paraphrased]:

    I have identified several bugs in the font libraries of the
    current version of the XFree86 source code.  These bugs could
    potentially lead to the execution of arbitrary code by a remote
    user in any process which calls the functions in question.  The
    functions are related to the transfer and enumeration of fonts
    from font servers to clients, limiting the range of the exposure
    caused by these bugs.

    Specifically, several sizing variables passed from a font server
    to a client are not adequately checked, causing calculations on
    them to result in erroneous values.  These erroneous calculations
    can lead to buffers on the heap and stack overflowing, potentially
    leading to arbitrary code execution.  As stated before, the risk
    is limited by the fact that only clients can be affected by these
    bugs, but in some (non-default) configurations, both xfs and the X
    server can act as clients to remote font servers.  In these
    configurations, both xfs and the X server could be potentially
    compromised.

  The Common Vulnerabilities and Exposures project at cve.mitre.org
  has assigned the name CAN-2003-0730 to this issue.

  The Debian Project knows of no exploits for this vulnerability.  By
  default in Debian, X servers are configured to listen only to a
  locally-running font server, which is not even used if the xfs
  package is not installed.  The Debian default configuration of xfs
  uses only font directories on the local host, and does not attempt
  to connect to any external font servers.

  Debian has resolved this problem by backporting an upstream fix to
  XFree86 4.1.0.

All of the above problems also affect the xfree86v3 packages (in the
case of the first two flaws, the xterm source code contains the flaws,
but no xterm package is produced).  Due to resource limitations and a
lack of upstream support for this legacy code, Debian is unable to
continue supporting version 3.3.6 of XFree86.  To avoid exposure to
the latter two flaws in this advisory, we recommend that you remove
the following packages if you have them installed:

	xserver-3dlabs
	xserver-8514
	xserver-agx
	xserver-common-v3
	xserver-fbdev
	xserver-i128
	xserver-mach32
	xserver-mach64
	xserver-mach8
	xserver-mono
	xserver-p9000
	xserver-s3
	xserver-s3v
	xserver-svga
	xserver-tga
	xserver-vga16
	xserver-w32

(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,
as support for them is being terminated along with the rest of the
XFree86 3.3.6 packages, though they are not affected by the flaws in
this advisory.)

For the stable distribution (woody) these problems have been fixed in
version 4.1.0-16woody1.

For the unstable distribution (sid) all problems except CAN-2003-0730
are fixed in version 4.2.1-11.  CAN-2003-0730 will be fixed in
4.2.1-12, currently in preparation.

We recommend that you update your xfree86 package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:     1512 944b46135349c20bfcc29e70c48e3134
      
      Size/MD5 checksum:  1596153 502185d1b3e5b517d6a9cda100597014
      
      Size/MD5 checksum: 54433247 ea7a32e6a81a850e9f19428f3104c300

  Architecture independent components:

      
      Size/MD5 checksum:    59660 77a3d33f0adef1482433508fc2fe2572
      
      Size/MD5 checksum:  8332974 61c2a42c2d5e668ab6adbaaff9da4c02
      
      Size/MD5 checksum:  4441766 a1980fa766907cd8c0137769378ce017
      
      Size/MD5 checksum:  7224972 7672c6a1664634a543bee78dbd707f27
      
      Size/MD5 checksum:  3931002 ded7e9cf4ec402311366f3c16cf3b522
      
      Size/MD5 checksum:  1104714 0c310f293d5f18027b4f66d89e8c88a9
      
      Size/MD5 checksum:  5028098 45d2fb54abcbc20a454c54d07fd87275
      
      Size/MD5 checksum:   437850 a4b60c52f618daba56cb59422dca8e1e
      
      Size/MD5 checksum:    68210 9c70aea042a1bb6e3bb32a12f417e335
      
      Size/MD5 checksum:   795574 2b51a0af0d69f6bfc7c9386926d3393b
      
      Size/MD5 checksum:   545426 041abd5637b1dd4adb9461f1db4e8f54
      
      Size/MD5 checksum:    59620 29a21611c82da8b2beac7b77a56c596f
      
      Size/MD5 checksum:    59818 b6ac13562174e6071f8320aeb1abc0a5
      
      Size/MD5 checksum:  4164958 3c984ffa27a444559d0ffae3a1802f14

  Alpha architecture:

      
      Size/MD5 checksum:   164866 1589c2363e16ad5d51e9889a31989945
      
      Size/MD5 checksum:   306128 56c6b42026e1146c4c3e133517f94e58
      
      Size/MD5 checksum:   197878 96e0f225d467aa56cc74523144aa10b8
      
      Size/MD5 checksum:   778272 757acf63b9140c8c3d8a616094010091
      
      Size/MD5 checksum:   203204 de9c0dc495c42356b4d577c09a7ef7be
      
      Size/MD5 checksum:   649012 b511d1bb8f602037d58f99453241f168
      
      Size/MD5 checksum:   389956 2643d5a44baf3fe148fa99fa811c17e2
      
      Size/MD5 checksum:   263568 f5d176e3b64c05ed31b36b6410b88edb
      
      Size/MD5 checksum:   820138 ead43db05d1682dc1cd33c990a85b913
      
      Size/MD5 checksum:   389850 8011f307a4d5cb0aa8bb7db530493772
      
      Size/MD5 checksum:    78564 bc5b9adecfaa4cc78dd24cc3e88774b5
      
      Size/MD5 checksum:   177350 1431799fc554aaea70c7026d2a5d570e
      
      Size/MD5 checksum:    59834 68e917e3a99dc0ec98ecdfe5c0727f80
      
      Size/MD5 checksum:  1990190 ffd857b488710539d35fd2364b3fb772
      
      Size/MD5 checksum:   189472 05639af5c6bed73fb841cf59ae6e40bb
      
      Size/MD5 checksum:   374388 3c6cdee84b2ecf885ed591af5a869149
      
      Size/MD5 checksum:    84420 256b1ac71b1dce646cffda30704e170c
      
      Size/MD5 checksum:   693842 710420c07d20c12ba50900d28a194e4d
      
      Size/MD5 checksum:  4133954 97db3a5d0bfd5dc3991db39573fd5068
      
      Size/MD5 checksum:  1489760 146d8cf832269d7e3d6f39a3fe5925c7
      
      Size/MD5 checksum:   711612 115904a2a0f649d6f455e4561f474b5c
      
      Size/MD5 checksum:   611030 1d9b81263c2eb48b733a9f6420cde676
      
      Size/MD5 checksum:  1603088 b234f6d424434758f7a777ce18ea5ce6
      
      Size/MD5 checksum:  1372460 df00b6ff8d52de15ef15df761b63e2c1
      
      Size/MD5 checksum:  4393618 49d74798e58e143dab843c8ad7ddc581
      
      Size/MD5 checksum:  3225348 41fe5aff2fdfe51677cec138bfa51f73
      
      Size/MD5 checksum:    84026 d3a486e3ad293e6819dc1250d573d30f
      
      Size/MD5 checksum:   150362 6dcafb93fa6ac6e005ab34ec947199f0
      
      Size/MD5 checksum:  1888098 892d99d5af5409c0504e14c8d63f3e94
      
      Size/MD5 checksum:  1474552 8336ea711719c79772e3ecdcff85d872
      
      Size/MD5 checksum:   219794 b20e366322272ac1abf24c905b7416c4
      
      Size/MD5 checksum:  5719450 550c9f5113ddd3805a734c85a8758c09
      
      Size/MD5 checksum:   524804 78830449f57a4cc482c2b29256148014
      
      Size/MD5 checksum:   712538 f198be0721d0fefe3e80de9de8de12b9
      
      Size/MD5 checksum:  2046538 41b18574ece3be00a57c8f2420e194cd

  ARM architecture:

      
      Size/MD5 checksum:   144700 345e837401ae1f48eabe0904aeac4ab0
      
      Size/MD5 checksum:   252596 78c3eaeb69c0744df80a4ea7b82d5c2b
      
      Size/MD5 checksum:   178530 43b2a9d746d9b7aa147a124004620a94
      
      Size/MD5 checksum:   443948 b9f3e2d2d06b98d4f57dbf5f08c9fa3e
      
      Size/MD5 checksum:   188344 011939c2d5c73132dc79eeb16184ec44
      
      Size/MD5 checksum:   377520 47bff42e7d0896c535ecf886c51afbfb
      
      Size/MD5 checksum:   348050 c3994a45c47f2679dc9255b78509f556
      
      Size/MD5 checksum:   240318 a9e51c32915bc6c4779a43046cea7bae
      
      Size/MD5 checksum:   490722 e10d565db8e49f9c1b8795f541dafb0c
      
      Size/MD5 checksum:   347956 08d2176d6754817d50e96ae9bd4cece1
      
      Size/MD5 checksum:    76032 e5de962649328611044720866a85afb3
      
      Size/MD5 checksum:   168668 b93e3ef7e89883728176868f2b06a55f
      
      Size/MD5 checksum:    59848 2d04ec15c027f7709f0396d28cba1282
      
      Size/MD5 checksum:  1623866 25e9fe67b7f750055927f1bb08c0e3b4
      
      Size/MD5 checksum:   175104 d719a073d23a85e0b6ea73b5ac3d431a
      
      Size/MD5 checksum:   324422 3ff4ef758563163134c032e0b21540d7
      
      Size/MD5 checksum:    81586 7455f6073d9385706a92016973e37ce0
      
      Size/MD5 checksum:   606376 af0672909ca333192243bd99c66d8870
      
      Size/MD5 checksum:   351610 de91181edf74112232ddc966afbc02a9
      
      Size/MD5 checksum:   931808 16c6364cfd52a64e4c8565b5c28ec8fd
      
      Size/MD5 checksum:  1314666 8344fd91b283a3180d8db171e9098fbc
      
      Size/MD5 checksum:  2757110 86347d552e46d6588bffff6527891609
      
      Size/MD5 checksum:  3091924 2ecfecaf4d1480f6719161f41b1c57a9
      
      Size/MD5 checksum:    84070 cd1a99cea3618cc2df79d8417a59283e
      
      Size/MD5 checksum:   132958 a4dd99b199475e87d45a7c6b9c244787
      
      Size/MD5 checksum:  1655408 10d1a806b2428d178132e33149b56d9e
      
      Size/MD5 checksum:  1339478 5b79e75ece1e0712cc28fb240f92ecc3
      
      Size/MD5 checksum:   218956 565a64b431fd778ade91de79a11cdd47
      
      Size/MD5 checksum:  4831874 7c5f4bfc08c1e716f61c5b0b4fa5ae51
      
      Size/MD5 checksum:   494176 8f3d1fe933cd1eae269e82c36ded5bd9
      
      Size/MD5 checksum:   620578 472603867d1421d01e6c692e767eb032
      
      Size/MD5 checksum:  1786420 635e9b4396a3a20f17db98337e91b685

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   131868 4e6a729ecedd2d792f545b95ef8808e2
      
      Size/MD5 checksum:   229100 013b9f545a8bf7b4614b5ebfc00617db
      
      Size/MD5 checksum:   167876 b9f7444698c022fdc76142fba2924a73
      
      Size/MD5 checksum:   408864 bf7ba3cafc0c6029b2e5fd99875c792f
      
      Size/MD5 checksum:   165824 d6eeae92cccce977c08a41322c9e2ae0
      
      Size/MD5 checksum:   333700 c239af4fd8f9f46334b29c6238f4027e
      
      Size/MD5 checksum:   292050 ff62c702b756263a3086ba61c8253fd5
      
      Size/MD5 checksum:   212696 9531fd87f93ff956508e216137345d33
      
      Size/MD5 checksum:   433272 d0c09cc477a275c1c2a4623aed08c55c
      
      Size/MD5 checksum:   291924 8a6ae5427bd486a3742217b2baa8e704
      
      Size/MD5 checksum:    75768 bb365449a41c50f4325cfbfa2d29d224
      
      Size/MD5 checksum:   151086 6f58a0ce83eb1f08a6aa902bdd0a4bbc
      
      Size/MD5 checksum:    59832 99de5573bd52e68023e1747f6099574b
      
      Size/MD5 checksum:  1455808 ac5514563aa1be8ab2a50f1a845d5c87
      
      Size/MD5 checksum:   170514 6013f8eb6e7c78aa7e1f7ff439852e7f
      
      Size/MD5 checksum:   274984 210ddc3dbdc15329709b887e3f516ac0
      
      Size/MD5 checksum:    80368 646d0ad46906cc7ab109949702b1d68f
      
      Size/MD5 checksum:   552130 c345b869bda72ea9e81dedbe5c957b6a
      
      Size/MD5 checksum:  3421956 bfe9428425b2867657328174d1038cc5
      
      Size/MD5 checksum:   865318 bc4fcfed268ab378c4e611c51ab844eb
      
      Size/MD5 checksum:   521954 8e1a132af4f7d8bf03e7c4aebe6f68ed
      
      Size/MD5 checksum:   462062 0284e02b24c5bc1c6ea0619cdf3e3176
      
      Size/MD5 checksum:   963620 23b9e018dd3a2f3b57c0e9e25e083fcc
      
      Size/MD5 checksum:  1223940 aa0cc49a4d7ba1967ca29c1ec1b786a1
      
      Size/MD5 checksum:  2534236 51ec646bc89eeca7c3f727673958d051
      
      Size/MD5 checksum:  2724850 28a3ead8c6cbcaa064f05daff4c1dd9f
      
      Size/MD5 checksum:    72806 aeee0ddfff582183898337624a6e5a0f
      
      Size/MD5 checksum:   123924 b77989c1a5314e8274d13821f1fea13b
      
      Size/MD5 checksum:  1392972 328ea5d378d96e83323091822760a853
      
      Size/MD5 checksum:  1122518 07ac6616cb6c84a11923a9bc94718dab
      
      Size/MD5 checksum:   219050 9a99505ef78921269793dd75edc8cda2
      
      Size/MD5 checksum:  4334876 805e2b2e2ae08edb479a7b5ee52f4823
      
      Size/MD5 checksum:   483978 9ac9e1ef4cbed922661e69f4e5d2b068
      
      Size/MD5 checksum:   601676 7f8dee0ac3974e55046f5ffc3396f184
      
      Size/MD5 checksum:  1495932 e0b2e685945a924a2c454518e9cb8765

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   191052 79823d7ec74e9b4120c2a26cec34d780
      
      Size/MD5 checksum:   321506 b5c3dcdc87f282f517ed18d1b6a09262
      
      Size/MD5 checksum:   240868 3ba4a3f5bf0d6575363cd77d7eeac165
      
      Size/MD5 checksum:   824490 7f8129dd9a812ae380c11a772c40e02a
      
      Size/MD5 checksum:   257462 de039254c0b162ec9347b1ed8ee8ce59
      
      Size/MD5 checksum:  1166896 547186763b3370fc7da723a36aaad5e1
      
      Size/MD5 checksum:   443612 3340375c091b952fa659a001c778c06c
      
      Size/MD5 checksum:   339718 cf23cb9a8b1584f36f2aa20124194274
      
      Size/MD5 checksum:  1333316 88b88ef01a767216f33b4ad7af8bcae2
      
      Size/MD5 checksum:   443508 45468bc6469d2a9000eccfbea2bae74d
      
      Size/MD5 checksum:    83312 c379fe38cd17a665819c6a88506f4068
      
      Size/MD5 checksum:   207136 69ae84939b0d052efb2939a339ba6064
      
      Size/MD5 checksum:    59836 062a0e576d0286cd38330550464c7b58
      
      Size/MD5 checksum:  2409600 4f8519fe609780cda1036e867b9a99e4
      
      Size/MD5 checksum:   210322 abcc2f3d14d6a59777a72091c0e9f864
      
      Size/MD5 checksum:   472904 8ebd374a3fdc9229a4d2b529cbc66f25
      
      Size/MD5 checksum:    90522 17ebcdf66c36b2b8a972e38f44a9278d
      
      Size/MD5 checksum:   742964 47356a0370608644a49a20c44731bb2b
      
      Size/MD5 checksum:  5184974 9dbf5b85af5dc5b787fc49a11a8e150d
      
      Size/MD5 checksum:  2394146 58ce91432619dcea37f4bdea032662ee
      
      Size/MD5 checksum:   831202 1710d9b86fe0ac1a8c2d8f066e298957
      
      Size/MD5 checksum:   755344 e59ac8fff400c722f33da5e22f663e36
      
      Size/MD5 checksum:  3198822 564e9fb30c4ae252072c824ab99ef63d
      
      Size/MD5 checksum:  1651928 fe029ff2145d14e6f5de6dd8cd58bf90
      
      Size/MD5 checksum: 18060132 9c029ed22bdb90650064d6bb5ca836b1
      
      Size/MD5 checksum:  3512430 306a9b2df41fe39bc3d3a552e1b8d1af
      
      Size/MD5 checksum:    88644 2448ab3fc771fbb6bc0dfd17714029bb
      
      Size/MD5 checksum:   169816 dfbe0d27616854586ab10a76fdbe7150
      
      Size/MD5 checksum:  2369928 d234d286498d08fad843f5214fe03a51
      
      Size/MD5 checksum:  1894400 ab19d6258158894b704bc1abe145a288
      
      Size/MD5 checksum:   220980 3639dac0d5e21e7148f56409f62f58ec
      
      Size/MD5 checksum:  6900550 44d66f86f743a7da5d0457de449ba446
      
      Size/MD5 checksum:   566226 05635ac4c0026ad63f0cf90128daf92a
      
      Size/MD5 checksum:   814896 e48c8276b5e880dbc6cca21fdd6527cd
      
      Size/MD5 checksum:  2570950 ded41248f56a4aa50d8b162233d0914e

  HP Precision architecture:

      
      Size/MD5 checksum:   153970 282d3d56f5bb262ee43dd195c8c64ac3
      
      Size/MD5 checksum:   277818 2ad015cf6fd0d61d3309f1597749b941
      
      Size/MD5 checksum:   201844 106ce97413bd06905d08343772ed81bb
      
      Size/MD5 checksum:   488336 09fc528826e2a43f81b9c81f25247490
      
      Size/MD5 checksum:   203396 ff63d2458d9d2be8a6730b0e63254e9d
      
      Size/MD5 checksum:   397250 f143cc3ffdd65f980cc0e1f8b46b5b74
      
      Size/MD5 checksum:   357932 57b67b20bc31be5adfb2777c2814493c
      
      Size/MD5 checksum:   263802 526ae9aeb9eff5d3b44a8b524da28afd
      
      Size/MD5 checksum:   516890 87e2d9ba2f01b5ff025e2abe5a20ebc0
      
      Size/MD5 checksum:   357810 f55c9ab6e9dd0ba084019919d9dd2aa1
      
      Size/MD5 checksum:    77990 f7a8a2ea68081a58faca3451df7f6b5c
      
      Size/MD5 checksum:   171862 a7443c9db94d3e537cf68f00f6426e84
      
      Size/MD5 checksum:    59828 541a95464444759a8441ac8ea8b434f0
      
      Size/MD5 checksum:  1699284 2a8039d220647328f6a983b50b707e0e
      
      Size/MD5 checksum:   180434 11d9a2e4538b54897bb13a047af9b78c
      
      Size/MD5 checksum:   337770 89756d38d2524a1e360546f1b2e59e94
      
      Size/MD5 checksum:    83002 ca058399ba6a124f813ce75fe9a48f8c
      
      Size/MD5 checksum:   680980 704a1ef0f5f54821bbe997cb43681eba
      
      Size/MD5 checksum:   434142 9fe8e70f6cfdc53f35e9d1ac41138d9d
      
      Size/MD5 checksum:   995116 d262b4f194f76355e4c3aa53feb19b52
      
      Size/MD5 checksum:  1456222 3609976a0b3facbab8b9f338a5f5360b
      
      Size/MD5 checksum:  2977164 22afbf53fba3442713d17ee8b63588c4
      
      Size/MD5 checksum:  3191114 88a304ccb8f96f21593043ae907b4bdb
      
      Size/MD5 checksum:    80530 08bc4cd00ad008c6362b2cdcfacc01f4
      
      Size/MD5 checksum:   137256 6b5a563ef922d653aa1e9e7b541bca9b
      
      Size/MD5 checksum:  1923244 5730d34a84e93760933ccdb14a226579
      
      Size/MD5 checksum:  1498606 511f15524b42ef50b311217f817a1691
      
      Size/MD5 checksum:   219536 94b448d2443ca9e37f90600ea4b6ab09
      
      Size/MD5 checksum:  3591730 f028df776b92cf7939f92c69bcbdba33
      
      Size/MD5 checksum:   509590 4b1513550084710c18b810ba738b204b
      
      Size/MD5 checksum:   664394 70ff31e23438f40bbc882415daab2b8a
      
      Size/MD5 checksum:  2069434 0a840cb6a2ad4b800c19e0ccfebb7225

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   127008 dbe5ce6140c4867cdcd8c19e16cafd7c
      
      Size/MD5 checksum:   231820 ab45bf783d22460b17e7bec16083a7bb
      
      Size/MD5 checksum:   176174 3df97696ae3bf267e127a604bee474c5
      
      Size/MD5 checksum:   432602 9c55fd39dd48c6acae5447a4a76a463d
      
      Size/MD5 checksum:   162988 d3c24329255f11838a9c880eca9b388b
      
      Size/MD5 checksum:   340310 38e7b70d621e11d7509c05fea5aa0499
      
      Size/MD5 checksum:   282708 f292b664b1c534b4eaeb9e091cac49ed
      
      Size/MD5 checksum:   207472 689ce43213019ae32acb3a7b12ccbee6
      
      Size/MD5 checksum:   442826 ffc3121a9fae59ce0b51a1e990c35c7a
      
      Size/MD5 checksum:   282600 02486152f99e4bd77df4d57a291a296f
      
      Size/MD5 checksum:    74866 47aeaa1825535861410b295f8f6df659
      
      Size/MD5 checksum:   147248 e76441fe6e830b1f97a7577fac88c116
      
      Size/MD5 checksum:    59842 61aba227ab1fd8e50af023c8acc4e330
      
      Size/MD5 checksum:  1375040 06079bbb9cf37f2e5dbb53889193493f
      
      Size/MD5 checksum:   167718 e9b474eebb48ac6f2cff62eaf41e1cbf
      
      Size/MD5 checksum:   255870 3142c834fa0d1ce281c803294ce5aa6b
      
      Size/MD5 checksum:    79272 0aec62a2fe0fe5ecbf757b3c6a4db715
      
      Size/MD5 checksum:   519110 8cb70e074a1e632c651bd68cb38378e9
      
      Size/MD5 checksum:   335086 edf50388426c5b579226a679cff5a5cc
      
      Size/MD5 checksum:   863944 cba183f599ae2ca957f36e48261396e1
      
      Size/MD5 checksum:  1181742 62ae21dff505723f3d11fb5c17d8ea66
      
      Size/MD5 checksum:  2574676 c306abc6aef2942b5995d94f900490a4
      
      Size/MD5 checksum:  2646876 d4e7a7cd7c4c13f810052c8b643e08bd
      
      Size/MD5 checksum:    72148 49a5e29a05a4406cc11431f0f1b20ba0
      
      Size/MD5 checksum:   121936 6374116d7cdbb6efa5f707b83ae19641
      
      Size/MD5 checksum:  1234076 8824c964fb2d53a21104a51f3e396dd8
      
      Size/MD5 checksum:  1005382 4ffa681cb6036a792273442a2b7288c3
      
      Size/MD5 checksum:   218960 fae95e5facb8e35bcdd18b10c34eb5e8
      
      Size/MD5 checksum:  3534668 fedfec67b52253517b6297ff0cce147a
      
      Size/MD5 checksum:   477948 ecf8278610d1c35b689da84fed1a1795
      
      Size/MD5 checksum:   550590 1347810170b9560db0ea98ad5e835b81
      
      Size/MD5 checksum:  1324804 e64204608996a661cb439c6b99583879

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   152696 58307ae6023161f4e70f6db8e9c0881a
      
      Size/MD5 checksum:   276756 55e1366e21a1797214f9d24725b4ebc3
      
      Size/MD5 checksum:   173464 84be8782692b320dbb481bc3f544867c
      
      Size/MD5 checksum:   575694 656a05ac46d9a5fbe1ffe794573b77c4
      
      Size/MD5 checksum:   182104 56830e22490f5cbcc587ad0bc3740792
      
      Size/MD5 checksum:   550560 2c18454e544519525634a331b59dde78
      
      Size/MD5 checksum:   349704 deca77fa44505a6b68f6fc8478a164f5
      
      Size/MD5 checksum:   232746 7507e667fbd7df69d40ef2f550628a29
      
      Size/MD5 checksum:   690662 41a9e9aac54cd265269fa962cc0a943b
      
      Size/MD5 checksum:   349586 bf5fe8a34e182eb026f8f95815b99693
      
      Size/MD5 checksum:    77178 12566dc9e83db107099c084a70926220
      
      Size/MD5 checksum:   167598 10ff1ea073a48ea20bc97b3275cdb576
      
      Size/MD5 checksum:    59836 dac6e74a3014ab11fa0a538207931cb2
      
      Size/MD5 checksum:  1652590 c40da32a5ae517ec38285788a26c4761
      
      Size/MD5 checksum:   176612 40219c45448bde5c69e6aabdffb6cb7b
      
      Size/MD5 checksum:   337446 6f373a574a73761eea3ec24ec66a738d
      
      Size/MD5 checksum:    82704 0bd57463cfcb29a7b383acbd2859b8cb
      
      Size/MD5 checksum:   633136 24a4ffe9b9d464efa1f16d678b7db59a
      
      Size/MD5 checksum:   357364 44c324f45b32566c418ed04407ae7ea4
      
      Size/MD5 checksum:  1077144 27700fa762bb2d85e10a3ee6b3f9faff
      
      Size/MD5 checksum:  1309070 7655459919286fd611181ce13c90a5ba
      
      Size/MD5 checksum:  3733628 bb8deb898cf291ad5403eaa073a5a713
      
      Size/MD5 checksum:  3124642 07186a0f70295fb3501cf6d6dae01b2b
      
      Size/MD5 checksum:    78068 a4740bd259dcb8f31be89e8413f91c1c
      
      Size/MD5 checksum:   140362 b00fc2fbf8b922f1a7b2893913a549ec
      
      Size/MD5 checksum:  1774730 d394771a7a1ab1955373a0009f5f561c
      
      Size/MD5 checksum:  1440038 a4cff2ba160c4703ca7c17facc648a5d
      
      Size/MD5 checksum:   218902 9324678772065ae2b41e5fea376499bf
      
      Size/MD5 checksum:  3385496 80cb9414b4b9b225f8f261b4207af888
      
      Size/MD5 checksum:   505810 af3bc564c5da2dd9ada9ee39dddcf96e
      
      Size/MD5 checksum:   661608 968d1738abcb6f3cf1ec258d051290e9
      
      Size/MD5 checksum:  1910010 bc534cd077c4bfcff3f45cc521866d4d

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   152248 7ec5232c3d668ec2d52bddad0cdf91f9
      
      Size/MD5 checksum:   276114 6146cadf896005dfb7bfa3831ecf6d13
      
      Size/MD5 checksum:   171976 b675d1f9353d77d6b364c0b946a7d985
      
      Size/MD5 checksum:   558832 06b9c9736951d7b47768a7d903847bc9
      
      Size/MD5 checksum:   180496 6842c0b93da4081cdd61e7b641036fca
      
      Size/MD5 checksum:   535446 93431115055a6470f4cf6d8aa255ac8a
      
      Size/MD5 checksum:   348804 9d68bbe1e79c690166e5fa80e24e6cbb
      
      Size/MD5 checksum:   230484 df60b766f7006a8251fbde607129a98c
      
      Size/MD5 checksum:   668626 1e55de8b45657c96867873bcab98e719
      
      Size/MD5 checksum:   348698 16ff0e605956891dedaabcdfca36676b
      
      Size/MD5 checksum:    77148 1a256a4a355949b27393132bc13af33a
      
      Size/MD5 checksum:   167060 7e0653120f27be58a8bf73e940e610f2
      
      Size/MD5 checksum:    59838 92bc21c03fb99575e13d848ec2de9619
      
      Size/MD5 checksum:  1649074 92ed8c24e85f11bedf7e71c5649b4745
      
      Size/MD5 checksum:   176442 84efce020df023b9c47382b4e17d88e4
      
      Size/MD5 checksum:   336880 222e0469582b625b93b77fad8fe80a55
      
      Size/MD5 checksum:    82762 d5961a631d0cdae5c9ce10fa6cde4d0e
      
      Size/MD5 checksum:   623882 79a50212b1aaaaccfbebd2967fbf99eb
      
      Size/MD5 checksum:   353670 517b26c37fffa966bdfe5a3234d5c05f
      
      Size/MD5 checksum:  1043962 167697a057e11279d10b6fd56e96ceb3
      
      Size/MD5 checksum:  1303890 c26cf3174fff378380810d0569a1bbd2
      
      Size/MD5 checksum:  3609098 9345252b0262a85c35f2e7841572410d
      
      Size/MD5 checksum:  3112818 170638c162e74e40edbb14435ec7773f
      
      Size/MD5 checksum:    78002 841e634e71cda56e148ace9290c9b36c
      
      Size/MD5 checksum:   140248 f1ffbea11892e7045f49bfc094dc4b9f
      
      Size/MD5 checksum:  1772834 b9adef15a1861f09bdcb4c1b2c8a6b80
      
      Size/MD5 checksum:  1438862 bb5c0085cd38699996ca4968902aad5d
      
      Size/MD5 checksum:   218900 4fd0614bb78afc53c07b184ea69111fc
      
      Size/MD5 checksum:  3383226 bc26f05e74b91c5144c7921f43ea271b
      
      Size/MD5 checksum:   505200 93461004335593f9020857ff4bb5f426
      
      Size/MD5 checksum:   661534 b7159e48186ae613a8c88b5191e6a70c
      
      Size/MD5 checksum:  1906082 c6446dfcd7ffdbd5c9ba231df3fa0f89

  PowerPC architecture:

      
      Size/MD5 checksum:   140856 cff62cda8037370ed8d2855a9c13a8a2
      
      Size/MD5 checksum:   259506 39d8b42620092d2ea7f9db15d2080c1d
      
      Size/MD5 checksum:   187356 0bab1863617cb2be405082feb5b542e4
      
      Size/MD5 checksum:   445466 600a1c5c647d8e069c6612ef19d7134d
      
      Size/MD5 checksum:   178344 d356234e25d58426727f396283af1601
      
      Size/MD5 checksum:   355670 f50f5d58a5ce5b21a8d5ec4accdedce1
      
      Size/MD5 checksum:   330432 8a8728d24a8d24fc2a91aa53737d2467
      
      Size/MD5 checksum:   231894 fb3ea3d8b9ac7885cdb3d776a73df5f2
      
      Size/MD5 checksum:   468828 e2216a4ac014f7ef86dd9ffbb704eae1
      
      Size/MD5 checksum:   330318 3035dd3ee0918b64d9d117c60985c382
      
      Size/MD5 checksum:    76348 900b1dc23dd7172fd583580bac6c9966
      
      Size/MD5 checksum:   159860 a8af399963df2748db052329fa5356a5
      
      Size/MD5 checksum:    59832 777642929cae8fb09cec8923411b39a0
      
      Size/MD5 checksum:  1609036 f01b9e60d35142a752d900f9b837e570
      
      Size/MD5 checksum:   171858 0b1924068fbaaf443587cff7e8214265
      
      Size/MD5 checksum:   303994 65efabc5bce1f411d63148a3ecf52912
      
      Size/MD5 checksum:    81796 058bafcf058cd740dca12b0be9d49fac
      
      Size/MD5 checksum:   605772 c2ac0b4bfcf1265e3a3e04365c17a94f
      
      Size/MD5 checksum:  2448394 13ede7269683a0023a0870f61b162788
      
      Size/MD5 checksum:   923256 08add16bd826cd43c6eb80a237b732ec
      
      Size/MD5 checksum:   622812 bbd9412bc1afafdf256c2d8260bc03b4
      
      Size/MD5 checksum:   529810 f51a5bf8f83e1373d5f894913dddf4f8
      
      Size/MD5 checksum:  1086818 e2f980f38b98267386bb6901d2860e28
      
      Size/MD5 checksum:  1299246 be2336f5fd92075172f9a2eccc506a50
      
      Size/MD5 checksum:  2701380 4a0db8d2de23db9c42c1ec97f88cf775
      
      Size/MD5 checksum:  2984616 63cf5b6a130da604bb37d4d735a5224e
      
      Size/MD5 checksum:    76056 e3b357204d6605ea0ec3d83b04a01871
      
      Size/MD5 checksum:   131878 bf0e9e39023198c1c89e3f36720d6c7a
      
      Size/MD5 checksum:  1579354 1118c7f3cf81e9f2de035d3751750fd9
      
      Size/MD5 checksum:  1274394 3483121378d1d2c2d2f5d69a05c4abd9
      
      Size/MD5 checksum:   218938 4b2953bbff6f58904e69363e89971dcf
      
      Size/MD5 checksum:  4617160 763ec729da2d3ca6f79e432efe25db24
      
      Size/MD5 checksum:   492640 852e848f8f5a4c21f35c79144530e04a
      
      Size/MD5 checksum:   603546 a5d4f4129c4d55797d034bf747325285
      
      Size/MD5 checksum:  1707414 bee0e9fee2b844bb02b0b5c5fdbbeca9

  IBM S/390 architecture:

      
      Size/MD5 checksum:   139202 4d2444dc345e92a9097334dfcea1a548
      
      Size/MD5 checksum:   234492 4615a1e721d9ab657116c4111ff49788
      
      Size/MD5 checksum:   176232 2009035d89073d140aece6ba1ab00271
      
      Size/MD5 checksum:   446942 1bf29aca766e1f3aa751cd1d410720d8
      
      Size/MD5 checksum:   183286 48647d25e4a97a218e392ecb3a67d46b
      
      Size/MD5 checksum:   368062 036457958fc45acac1a1c20c87238d09
      
      Size/MD5 checksum:   308140 b6241ab9be34e54161b93e5b3c3d8a0d
      
      Size/MD5 checksum:   234440 038e7d094f80da86098e2f3f89b790aa
      
      Size/MD5 checksum:   480094 8bb9187cd9832079f0aee6c36b5f275a
      
      Size/MD5 checksum:   308016 a354d4bddb8d9f9eaf7d18ca03631d38
      
      Size/MD5 checksum:    76524 d9c8251b36489fb7e64920f27ab2ff4c
      
      Size/MD5 checksum:   163348 3510a8e10112c3204181841cb74d1b9c
      
      Size/MD5 checksum:    59824 2e960f34451ae212f85a0e20b8bbcd33
      
      Size/MD5 checksum:  1254724 de8b6f2bac1de1a4768bfd2b18eac2a8
      
      Size/MD5 checksum:   174064 d408eab05d8f6af4135d0823235bf241
      
      Size/MD5 checksum:   292054 1c58d690de86cc55ec577b748a36bdac
      
      Size/MD5 checksum:    82002 82d9d0054ce7b02cc95a29ee6f66b0a4
      
      Size/MD5 checksum:   550310 9ef4444028de21a8069f310176eefd59
      
      Size/MD5 checksum:   360228 df2f4e562c566ef1143a7372faf147be
      
      Size/MD5 checksum:   911784 e46e160bf4c008a29ac85ede0a974a5a
      
      Size/MD5 checksum:  1194690 57229a9ed63ca2dbab612553e1277365
      
      Size/MD5 checksum:  2482792 0ad01dae08a86804e9aee43d2ffd847c
      
      Size/MD5 checksum:  2620830 3c5cf6bd2c6ff852a0e53334beb7cdb9
      
      Size/MD5 checksum:    74862 19fd0d0703cdd85a5dc73026b67ffd42
      
      Size/MD5 checksum:   127902 c8a8432c990da1207bbe1aa5b34d3f65
      
      Size/MD5 checksum:  1179868 88a8dcfccbd4f6b68d8b8ecaf0f198c1
      
      Size/MD5 checksum:   870698 e136f0530ce7ba5f95cba93f06412ea6
      
      Size/MD5 checksum:   219498 339659a9c0e731d673900a67ca942249
      
      Size/MD5 checksum:   492124 ceb0658d8478724f7ab842068c3034ea
      
      Size/MD5 checksum:   579628 042ecebd29e631cfbfcf525f0f43db9f
      
      Size/MD5 checksum:  1292006 c069d6c652060377930f1168c61a1eab

  Sun Sparc architecture:

      
      Size/MD5 checksum:   139446 106b788380a9b1fa4ba541013cfbc146
      
      Size/MD5 checksum:   246648 dc6136933ff17ebc7a55bd1df748c983
      
      Size/MD5 checksum:   182234 2ee03cc307cca31d949173c7355080b5
      
      Size/MD5 checksum:   443994 fd6d1ca43ad067d90bb408c8b1596d79
      
      Size/MD5 checksum:   171760 c0529add728bbdd3b9a05ae34569c7e4
      
      Size/MD5 checksum:   347110 6f18ba80459a8b7db8067d4258d560d3
      
      Size/MD5 checksum:   308312 9c64df737851dbb285c97c8976a258bd
      
      Size/MD5 checksum:   221040 9811b497f7342362d8c330c4d5e93a17
      
      Size/MD5 checksum:   453412 f82dd9593feae20d1861646c7221f536
      
      Size/MD5 checksum:   308184 f46dab3dbd3acb82c01684b2e77da3c9
      
      Size/MD5 checksum:    78414 bdfce1719012c413f22e734f8183be16
      
      Size/MD5 checksum:   162666 83e2e8bc88b1cde62ea3ae22a24ca4d3
      
      Size/MD5 checksum:    59838 a673c21e2a8e4d0b4081eb782d48c5b3
      
      Size/MD5 checksum:  1710126 3a1307643e204b0a46d9350e7f54d742
      
      Size/MD5 checksum:   173016 012fd6e67af87ee07906074d54af3bf5
      
      Size/MD5 checksum:   301704 339b18005943d5ff8f34b55b8c8da0f2
      
      Size/MD5 checksum:    83546 e5bfb480b7df9adf03407c13adfbde7e
      
      Size/MD5 checksum:   586074 693633684786309eb74e6a07a729d635
      
      Size/MD5 checksum:   885302 6f70d5dbe7537ac8578bee9ad96e67c6
      
      Size/MD5 checksum:   907794 247d0788269c04693020eaa17c476ff9
      
      Size/MD5 checksum:   612136 a2dc9b3127ed19a50e78a2a70f4a0fd2
      
      Size/MD5 checksum:   552918 373e63088fea725e6ee638f26743842c
      
      Size/MD5 checksum:  1103404 d77957a91655b93a0011116ed3dc9d4a
      
      Size/MD5 checksum:  1261944 e911ce78e98c43d852a5e9244f0efc92
      
      Size/MD5 checksum:  2646532 0b7ad3c005191356ca8e594f58f714c9
      
      Size/MD5 checksum:  2865794 43865b2731458ae12664eacb024adf48
      
      Size/MD5 checksum:    75046 0e6ee7083f0eea2229dc892a41675ba8
      
      Size/MD5 checksum:   130014 476e6ca85217b03c78d0ce7e97528c2f
      
      Size/MD5 checksum:  1536206 fe5aa54c4bb62718d2e8a807d4514618
      
      Size/MD5 checksum:  1202178 1c4ba87a43082e76a13db794b6f2b300
      
      Size/MD5 checksum:   222258 971dccac12030b8e4cc197b8302e52d2
      
      Size/MD5 checksum:  4049526 91aef4bc93275b1f4b6b2f94be55800d
      
      Size/MD5 checksum:   491118 aeca08d4f1d6ec40c2bb8b7114af3e98
      
      Size/MD5 checksum:   644266 2fea94acb1d733c67991422aef192b55
      
      Size/MD5 checksum:  1648504 0155bde2b496d30292bfda05ef0c6c7a

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/YhaBArxCt0PiXR4RAnqwAJ49C8MlKJYVdsdQrm2n0hWTzQ72fgCeJtO/
VgUtoGGhwt/wTcXxns2S17o=x0AX
-----END PGP SIGNATURE-----

Debian: xfree86 Multiple vulnerabilities DSA-380-1

September 12, 2003
Four vulnerabilities have been identified and fixed in XFree86 including potential denial of service vulnerability.

Summary

Four vulnerabilities have been discovered in XFree86.

CAN-2003-0063 - xterm window title reporting escape sequence can deceive user

The xterm package provides a terminal escape sequence that reports
the window title by injecting it into the input buffer of the
terminal window, as if the user had typed it. An attacker can craft
an escape sequence that sets the title of a victim's xterm window to
an arbitrary string (such as a shell command) and then reports that
title. If the victim is at a shell prompt when this is done, the
injected command will appear on the command line, ready to be run.
Since it is not possible to embed a carriage return in the window
title, the attacker would have to convince the victim to press Enter
(or rely upon the victim's careless or confusion) for the shell or
other interactive process to interpret the window title as user
input. It is conceivable that the attacker could craft other escape
sequences that might convince the victim to accept the injected
input, however. The Common Vulnerabilities and Exposures project at
cve.mitre.org has assigned the name CAN-2003-0063 to this issue.

To determine whether your version of xterm is vulnerable to abuse of
the window title reporting feature, run the following command at a
shell prompt from within an xterm window:

echo -e "\e[21t"

(The terminal bell may ring, and the window title may be prefixed
with an "l".)

This flaw is exploitable by anything that can send output to a
terminal window, such as a text document. The xterm user has to
take action to cause the escape sequence to be sent, however (such
as by viewing a malicious text document with the "cat" command).
Whether you are likely to be exposed to it depends on how you use
xterm. Consider the following:

echo -e '\e]2;s && echo rm -rf *\a' > /tmp/sploit
echo -e '\e[21t' >> /tmp/sploit
cat /tmp/sploit

Debian has resolved this problem by disabling the window title
reporting escape sequence in xterm; it is understood but ignored.
The escape sequence to set the window title has not been disabled.

A future release of the xterm package will have a configuration
option to permit the user to turn the window title reporting feature
back on, but it will default off.

CAN-2003-0071 - xterm susceptible to DEC UDK escape sequence denial-of-service
attack

The xterm package, since it emulates DEC VT-series text terminals,
emulates a feature of DEC VT terminals known as "User-Defined Keys"
(UDK for short). There is a bug in xterm's handling of DEC UDK
escape sequences, however, and an ill-formed one can cause the xterm
process to enter a tight loop. This causes the process to "spin",
consuming CPU cycles uselessly, and refusing to handle signals (such
as efforts to kill the process or close the window).

To determine whether your version of xterm is vulnerable to this
attack, run the following command at a shell prompt from within a
"sacrificial" xterm window (i.e., one that doesn't have anything in
the scrollback buffer you might need to see later):

echo -e "\eP0;0|0A/17\x9c"

This flaw is exploitable by anything that can send output to a
terminal window, such as a text document. The xterm user has to
take action to cause the escape sequence to be sent, however (such
as by viewing a malicious text document with the "cat" command).
Whether you are likely to be exposed to it depends on how you use
xterm.

Debian has resolved this problem by backporting an upstream fix
to XFree86 4.1.0.

CAN-2002-0164 - flaw in X server's MIT-SHM extension permits user
owning X session to read and write arbitrary shared memory segments

Most X servers descended from the MIT/X Consortium/X.Org Sample
Implementation, including XFree86's X servers, support an extension
to the X protocol called MIT-SHM, which enables X clients running on
the same host as the X server to operate more quickly and
efficiently by taking advantage of an operating system feature
called shared memory where it is available. The Linux kernel, for
example, supports shared memory.

Because the X server runs with elevated privileges, the operating
system's built-in access control mechanisms are ineffective to
police the X server's usage of segments of shared memory. Th X
server has to implement its own access control. This was
imperfectly done in previous releases of XFree86 (and the MIT/X
Consortium/X.Org Sample Implementation before it), leaving
opportunities for malicious X clients to read and alter shared
memory segments to which they should not have access. The Common
Vulnerabilities and Exposures project at cve.mitre.org has assigned
the name CAN-2002-0164 to this issue.

Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix
for the this flaw, only enforcing proper access control for X
servers that were not started by a display manager (e.g., xdm).
This update resolves that problem.

The Debian Project knows of no exploits for this vulnerability. A
malicious X client that abused the MIT-SHM extension could
conceivably be written however, and run (deliberately or
unwittingly) by a user able to run an X server on a host. The
impact of this flaw depends on how shared memory is used on the
system. See the ipcs(8) manual page for more information.

Debian has resolved this problem by backporting an upstream fix to
XFree86 4.1.0.

CAN-2003-0730 - multiple integer overflows in the font libraries for
XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based
buffer overflow attacks

Security researcher "blexim" wrote [paraphrased]:

I have identified several bugs in the font libraries of the
current version of the XFree86 source code. These bugs could
potentially lead to the execution of arbitrary code by a remote
user in any process which calls the functions in question. The
functions are related to the transfer and enumeration of fonts
from font servers to clients, limiting the range of the exposure
caused by these bugs.

Specifically, several sizing variables passed from a font server
to a client are not adequately checked, causing calculations on
them to result in erroneous values. These erroneous calculations
can lead to buffers on the heap and stack overflowing, potentially
leading to arbitrary code execution. As stated before, the risk
is limited by the fact that only clients can be affected by these
bugs, but in some (non-default) configurations, both xfs and the X
server can act as clients to remote font servers. In these
configurations, both xfs and the X server could be potentially
compromised.

The Common Vulnerabilities and Exposures project at cve.mitre.org
has assigned the name CAN-2003-0730 to this issue.

The Debian Project knows of no exploits for this vulnerability. By
default in Debian, X servers are configured to listen only to a
locally-running font server, which is not even used if the xfs
package is not installed. The Debian default configuration of xfs
uses only font directories on the local host, and does not attempt
to connect to any external font servers.

Debian has resolved this problem by backporting an upstream fix to
XFree86 4.1.0.

All of the above problems also affect the xfree86v3 packages (in the
case of the first two flaws, the xterm source code contains the flaws,
but no xterm package is produced). Due to resource limitations and a
lack of upstream support for this legacy code, Debian is unable to
continue supporting version 3.3.6 of XFree86. To avoid exposure to
the latter two flaws in this advisory, we recommend that you remove
the following packages if you have them installed:

xserver-3dlabs
xserver-8514
xserver-agx
xserver-common-v3
xserver-fbdev
xserver-i128
xserver-mach32
xserver-mach64
xserver-mach8
xserver-mono
xserver-p9000
xserver-s3
xserver-s3v
xserver-svga
xserver-tga
xserver-vga16
xserver-w32

(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,
as support for them is being terminated along with the rest of the
XFree86 3.3.6 packages, though they are not affected by the flaws in
this advisory.)

For the stable distribution (woody) these problems have been fixed in
version 4.1.0-16woody1.

For the unstable distribution (sid) all problems except CAN-2003-0730
are fixed in version 4.2.1-11. CAN-2003-0730 will be fixed in
4.2.1-12, currently in preparation.

We recommend that you update your xfree86 package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 1512 944b46135349c20bfcc29e70c48e3134

Size/MD5 checksum: 1596153 502185d1b3e5b517d6a9cda100597014

Size/MD5 checksum: 54433247 ea7a32e6a81a850e9f19428f3104c300

Architecture independent components:


Size/MD5 checksum: 59660 77a3d33f0adef1482433508fc2fe2572

Size/MD5 checksum: 8332974 61c2a42c2d5e668ab6adbaaff9da4c02

Size/MD5 checksum: 4441766 a1980fa766907cd8c0137769378ce017

Size/MD5 checksum: 7224972 7672c6a1664634a543bee78dbd707f27

Size/MD5 checksum: 3931002 ded7e9cf4ec402311366f3c16cf3b522

Size/MD5 checksum: 1104714 0c310f293d5f18027b4f66d89e8c88a9

Size/MD5 checksum: 5028098 45d2fb54abcbc20a454c54d07fd87275

Size/MD5 checksum: 437850 a4b60c52f618daba56cb59422dca8e1e

Size/MD5 checksum: 68210 9c70aea042a1bb6e3bb32a12f417e335

Size/MD5 checksum: 795574 2b51a0af0d69f6bfc7c9386926d3393b

Size/MD5 checksum: 545426 041abd5637b1dd4adb9461f1db4e8f54

Size/MD5 checksum: 59620 29a21611c82da8b2beac7b77a56c596f

Size/MD5 checksum: 59818 b6ac13562174e6071f8320aeb1abc0a5

Size/MD5 checksum: 4164958 3c984ffa27a444559d0ffae3a1802f14

Alpha architecture:


Size/MD5 checksum: 164866 1589c2363e16ad5d51e9889a31989945

Size/MD5 checksum: 306128 56c6b42026e1146c4c3e133517f94e58

Size/MD5 checksum: 197878 96e0f225d467aa56cc74523144aa10b8

Size/MD5 checksum: 778272 757acf63b9140c8c3d8a616094010091

Size/MD5 checksum: 203204 de9c0dc495c42356b4d577c09a7ef7be

Size/MD5 checksum: 649012 b511d1bb8f602037d58f99453241f168

Size/MD5 checksum: 389956 2643d5a44baf3fe148fa99fa811c17e2

Size/MD5 checksum: 263568 f5d176e3b64c05ed31b36b6410b88edb

Size/MD5 checksum: 820138 ead43db05d1682dc1cd33c990a85b913

Size/MD5 checksum: 389850 8011f307a4d5cb0aa8bb7db530493772

Size/MD5 checksum: 78564 bc5b9adecfaa4cc78dd24cc3e88774b5

Size/MD5 checksum: 177350 1431799fc554aaea70c7026d2a5d570e

Size/MD5 checksum: 59834 68e917e3a99dc0ec98ecdfe5c0727f80

Size/MD5 checksum: 1990190 ffd857b488710539d35fd2364b3fb772

Size/MD5 checksum: 189472 05639af5c6bed73fb841cf59ae6e40bb

Size/MD5 checksum: 374388 3c6cdee84b2ecf885ed591af5a869149

Size/MD5 checksum: 84420 256b1ac71b1dce646cffda30704e170c

Size/MD5 checksum: 693842 710420c07d20c12ba50900d28a194e4d

Size/MD5 checksum: 4133954 97db3a5d0bfd5dc3991db39573fd5068

Size/MD5 checksum: 1489760 146d8cf832269d7e3d6f39a3fe5925c7

Size/MD5 checksum: 711612 115904a2a0f649d6f455e4561f474b5c

Size/MD5 checksum: 611030 1d9b81263c2eb48b733a9f6420cde676

Size/MD5 checksum: 1603088 b234f6d424434758f7a777ce18ea5ce6

Size/MD5 checksum: 1372460 df00b6ff8d52de15ef15df761b63e2c1

Size/MD5 checksum: 4393618 49d74798e58e143dab843c8ad7ddc581

Size/MD5 checksum: 3225348 41fe5aff2fdfe51677cec138bfa51f73

Size/MD5 checksum: 84026 d3a486e3ad293e6819dc1250d573d30f

Size/MD5 checksum: 150362 6dcafb93fa6ac6e005ab34ec947199f0

Size/MD5 checksum: 1888098 892d99d5af5409c0504e14c8d63f3e94

Size/MD5 checksum: 1474552 8336ea711719c79772e3ecdcff85d872

Size/MD5 checksum: 219794 b20e366322272ac1abf24c905b7416c4

Size/MD5 checksum: 5719450 550c9f5113ddd3805a734c85a8758c09

Size/MD5 checksum: 524804 78830449f57a4cc482c2b29256148014

Size/MD5 checksum: 712538 f198be0721d0fefe3e80de9de8de12b9

Size/MD5 checksum: 2046538 41b18574ece3be00a57c8f2420e194cd

ARM architecture:


Size/MD5 checksum: 144700 345e837401ae1f48eabe0904aeac4ab0

Size/MD5 checksum: 252596 78c3eaeb69c0744df80a4ea7b82d5c2b

Size/MD5 checksum: 178530 43b2a9d746d9b7aa147a124004620a94

Size/MD5 checksum: 443948 b9f3e2d2d06b98d4f57dbf5f08c9fa3e

Size/MD5 checksum: 188344 011939c2d5c73132dc79eeb16184ec44

Size/MD5 checksum: 377520 47bff42e7d0896c535ecf886c51afbfb

Size/MD5 checksum: 348050 c3994a45c47f2679dc9255b78509f556

Size/MD5 checksum: 240318 a9e51c32915bc6c4779a43046cea7bae

Size/MD5 checksum: 490722 e10d565db8e49f9c1b8795f541dafb0c

Size/MD5 checksum: 347956 08d2176d6754817d50e96ae9bd4cece1

Size/MD5 checksum: 76032 e5de962649328611044720866a85afb3

Size/MD5 checksum: 168668 b93e3ef7e89883728176868f2b06a55f

Size/MD5 checksum: 59848 2d04ec15c027f7709f0396d28cba1282

Size/MD5 checksum: 1623866 25e9fe67b7f750055927f1bb08c0e3b4

Size/MD5 checksum: 175104 d719a073d23a85e0b6ea73b5ac3d431a

Size/MD5 checksum: 324422 3ff4ef758563163134c032e0b21540d7

Size/MD5 checksum: 81586 7455f6073d9385706a92016973e37ce0

Size/MD5 checksum: 606376 af0672909ca333192243bd99c66d8870

Size/MD5 checksum: 351610 de91181edf74112232ddc966afbc02a9

Size/MD5 checksum: 931808 16c6364cfd52a64e4c8565b5c28ec8fd

Size/MD5 checksum: 1314666 8344fd91b283a3180d8db171e9098fbc

Size/MD5 checksum: 2757110 86347d552e46d6588bffff6527891609

Size/MD5 checksum: 3091924 2ecfecaf4d1480f6719161f41b1c57a9

Size/MD5 checksum: 84070 cd1a99cea3618cc2df79d8417a59283e

Size/MD5 checksum: 132958 a4dd99b199475e87d45a7c6b9c244787

Size/MD5 checksum: 1655408 10d1a806b2428d178132e33149b56d9e

Size/MD5 checksum: 1339478 5b79e75ece1e0712cc28fb240f92ecc3

Size/MD5 checksum: 218956 565a64b431fd778ade91de79a11cdd47

Size/MD5 checksum: 4831874 7c5f4bfc08c1e716f61c5b0b4fa5ae51

Size/MD5 checksum: 494176 8f3d1fe933cd1eae269e82c36ded5bd9

Size/MD5 checksum: 620578 472603867d1421d01e6c692e767eb032

Size/MD5 checksum: 1786420 635e9b4396a3a20f17db98337e91b685

Intel IA-32 architecture:


Size/MD5 checksum: 131868 4e6a729ecedd2d792f545b95ef8808e2

Size/MD5 checksum: 229100 013b9f545a8bf7b4614b5ebfc00617db

Size/MD5 checksum: 167876 b9f7444698c022fdc76142fba2924a73

Size/MD5 checksum: 408864 bf7ba3cafc0c6029b2e5fd99875c792f

Size/MD5 checksum: 165824 d6eeae92cccce977c08a41322c9e2ae0

Size/MD5 checksum: 333700 c239af4fd8f9f46334b29c6238f4027e

Size/MD5 checksum: 292050 ff62c702b756263a3086ba61c8253fd5

Size/MD5 checksum: 212696 9531fd87f93ff956508e216137345d33

Size/MD5 checksum: 433272 d0c09cc477a275c1c2a4623aed08c55c

Size/MD5 checksum: 291924 8a6ae5427bd486a3742217b2baa8e704

Size/MD5 checksum: 75768 bb365449a41c50f4325cfbfa2d29d224

Size/MD5 checksum: 151086 6f58a0ce83eb1f08a6aa902bdd0a4bbc

Size/MD5 checksum: 59832 99de5573bd52e68023e1747f6099574b

Size/MD5 checksum: 1455808 ac5514563aa1be8ab2a50f1a845d5c87

Size/MD5 checksum: 170514 6013f8eb6e7c78aa7e1f7ff439852e7f

Size/MD5 checksum: 274984 210ddc3dbdc15329709b887e3f516ac0

Size/MD5 checksum: 80368 646d0ad46906cc7ab109949702b1d68f

Size/MD5 checksum: 552130 c345b869bda72ea9e81dedbe5c957b6a

Size/MD5 checksum: 3421956 bfe9428425b2867657328174d1038cc5

Size/MD5 checksum: 865318 bc4fcfed268ab378c4e611c51ab844eb

Size/MD5 checksum: 521954 8e1a132af4f7d8bf03e7c4aebe6f68ed

Size/MD5 checksum: 462062 0284e02b24c5bc1c6ea0619cdf3e3176

Size/MD5 checksum: 963620 23b9e018dd3a2f3b57c0e9e25e083fcc

Size/MD5 checksum: 1223940 aa0cc49a4d7ba1967ca29c1ec1b786a1

Size/MD5 checksum: 2534236 51ec646bc89eeca7c3f727673958d051

Size/MD5 checksum: 2724850 28a3ead8c6cbcaa064f05daff4c1dd9f

Size/MD5 checksum: 72806 aeee0ddfff582183898337624a6e5a0f

Size/MD5 checksum: 123924 b77989c1a5314e8274d13821f1fea13b

Size/MD5 checksum: 1392972 328ea5d378d96e83323091822760a853

Size/MD5 checksum: 1122518 07ac6616cb6c84a11923a9bc94718dab

Size/MD5 checksum: 219050 9a99505ef78921269793dd75edc8cda2

Size/MD5 checksum: 4334876 805e2b2e2ae08edb479a7b5ee52f4823

Size/MD5 checksum: 483978 9ac9e1ef4cbed922661e69f4e5d2b068

Size/MD5 checksum: 601676 7f8dee0ac3974e55046f5ffc3396f184

Size/MD5 checksum: 1495932 e0b2e685945a924a2c454518e9cb8765

Intel IA-64 architecture:


Size/MD5 checksum: 191052 79823d7ec74e9b4120c2a26cec34d780

Size/MD5 checksum: 321506 b5c3dcdc87f282f517ed18d1b6a09262

Size/MD5 checksum: 240868 3ba4a3f5bf0d6575363cd77d7eeac165

Size/MD5 checksum: 824490 7f8129dd9a812ae380c11a772c40e02a

Size/MD5 checksum: 257462 de039254c0b162ec9347b1ed8ee8ce59

Size/MD5 checksum: 1166896 547186763b3370fc7da723a36aaad5e1

Size/MD5 checksum: 443612 3340375c091b952fa659a001c778c06c

Size/MD5 checksum: 339718 cf23cb9a8b1584f36f2aa20124194274

Size/MD5 checksum: 1333316 88b88ef01a767216f33b4ad7af8bcae2

Size/MD5 checksum: 443508 45468bc6469d2a9000eccfbea2bae74d

Size/MD5 checksum: 83312 c379fe38cd17a665819c6a88506f4068

Size/MD5 checksum: 207136 69ae84939b0d052efb2939a339ba6064

Size/MD5 checksum: 59836 062a0e576d0286cd38330550464c7b58

Size/MD5 checksum: 2409600 4f8519fe609780cda1036e867b9a99e4

Size/MD5 checksum: 210322 abcc2f3d14d6a59777a72091c0e9f864

Size/MD5 checksum: 472904 8ebd374a3fdc9229a4d2b529cbc66f25

Size/MD5 checksum: 90522 17ebcdf66c36b2b8a972e38f44a9278d

Size/MD5 checksum: 742964 47356a0370608644a49a20c44731bb2b

Size/MD5 checksum: 5184974 9dbf5b85af5dc5b787fc49a11a8e150d

Size/MD5 checksum: 2394146 58ce91432619dcea37f4bdea032662ee

Size/MD5 checksum: 831202 1710d9b86fe0ac1a8c2d8f066e298957

Size/MD5 checksum: 755344 e59ac8fff400c722f33da5e22f663e36

Size/MD5 checksum: 3198822 564e9fb30c4ae252072c824ab99ef63d

Size/MD5 checksum: 1651928 fe029ff2145d14e6f5de6dd8cd58bf90

Size/MD5 checksum: 18060132 9c029ed22bdb90650064d6bb5ca836b1

Size/MD5 checksum: 3512430 306a9b2df41fe39bc3d3a552e1b8d1af

Size/MD5 checksum: 88644 2448ab3fc771fbb6bc0dfd17714029bb

Size/MD5 checksum: 169816 dfbe0d27616854586ab10a76fdbe7150

Size/MD5 checksum: 2369928 d234d286498d08fad843f5214fe03a51

Size/MD5 checksum: 1894400 ab19d6258158894b704bc1abe145a288

Size/MD5 checksum: 220980 3639dac0d5e21e7148f56409f62f58ec

Size/MD5 checksum: 6900550 44d66f86f743a7da5d0457de449ba446

Size/MD5 checksum: 566226 05635ac4c0026ad63f0cf90128daf92a

Size/MD5 checksum: 814896 e48c8276b5e880dbc6cca21fdd6527cd

Size/MD5 checksum: 2570950 ded41248f56a4aa50d8b162233d0914e

HP Precision architecture:


Size/MD5 checksum: 153970 282d3d56f5bb262ee43dd195c8c64ac3

Size/MD5 checksum: 277818 2ad015cf6fd0d61d3309f1597749b941

Size/MD5 checksum: 201844 106ce97413bd06905d08343772ed81bb

Size/MD5 checksum: 488336 09fc528826e2a43f81b9c81f25247490

Size/MD5 checksum: 203396 ff63d2458d9d2be8a6730b0e63254e9d

Size/MD5 checksum: 397250 f143cc3ffdd65f980cc0e1f8b46b5b74

Size/MD5 checksum: 357932 57b67b20bc31be5adfb2777c2814493c

Size/MD5 checksum: 263802 526ae9aeb9eff5d3b44a8b524da28afd

Size/MD5 checksum: 516890 87e2d9ba2f01b5ff025e2abe5a20ebc0

Size/MD5 checksum: 357810 f55c9ab6e9dd0ba084019919d9dd2aa1

Size/MD5 checksum: 77990 f7a8a2ea68081a58faca3451df7f6b5c

Size/MD5 checksum: 171862 a7443c9db94d3e537cf68f00f6426e84

Size/MD5 checksum: 59828 541a95464444759a8441ac8ea8b434f0

Size/MD5 checksum: 1699284 2a8039d220647328f6a983b50b707e0e

Size/MD5 checksum: 180434 11d9a2e4538b54897bb13a047af9b78c

Size/MD5 checksum: 337770 89756d38d2524a1e360546f1b2e59e94

Size/MD5 checksum: 83002 ca058399ba6a124f813ce75fe9a48f8c

Size/MD5 checksum: 680980 704a1ef0f5f54821bbe997cb43681eba

Size/MD5 checksum: 434142 9fe8e70f6cfdc53f35e9d1ac41138d9d

Size/MD5 checksum: 995116 d262b4f194f76355e4c3aa53feb19b52

Size/MD5 checksum: 1456222 3609976a0b3facbab8b9f338a5f5360b

Size/MD5 checksum: 2977164 22afbf53fba3442713d17ee8b63588c4

Size/MD5 checksum: 3191114 88a304ccb8f96f21593043ae907b4bdb

Size/MD5 checksum: 80530 08bc4cd00ad008c6362b2cdcfacc01f4

Size/MD5 checksum: 137256 6b5a563ef922d653aa1e9e7b541bca9b

Size/MD5 checksum: 1923244 5730d34a84e93760933ccdb14a226579

Size/MD5 checksum: 1498606 511f15524b42ef50b311217f817a1691

Size/MD5 checksum: 219536 94b448d2443ca9e37f90600ea4b6ab09

Size/MD5 checksum: 3591730 f028df776b92cf7939f92c69bcbdba33

Size/MD5 checksum: 509590 4b1513550084710c18b810ba738b204b

Size/MD5 checksum: 664394 70ff31e23438f40bbc882415daab2b8a

Size/MD5 checksum: 2069434 0a840cb6a2ad4b800c19e0ccfebb7225

Motorola 680x0 architecture:


Size/MD5 checksum: 127008 dbe5ce6140c4867cdcd8c19e16cafd7c

Size/MD5 checksum: 231820 ab45bf783d22460b17e7bec16083a7bb

Size/MD5 checksum: 176174 3df97696ae3bf267e127a604bee474c5

Size/MD5 checksum: 432602 9c55fd39dd48c6acae5447a4a76a463d

Size/MD5 checksum: 162988 d3c24329255f11838a9c880eca9b388b

Size/MD5 checksum: 340310 38e7b70d621e11d7509c05fea5aa0499

Size/MD5 checksum: 282708 f292b664b1c534b4eaeb9e091cac49ed

Size/MD5 checksum: 207472 689ce43213019ae32acb3a7b12ccbee6

Size/MD5 checksum: 442826 ffc3121a9fae59ce0b51a1e990c35c7a

Size/MD5 checksum: 282600 02486152f99e4bd77df4d57a291a296f

Size/MD5 checksum: 74866 47aeaa1825535861410b295f8f6df659

Size/MD5 checksum: 147248 e76441fe6e830b1f97a7577fac88c116

Size/MD5 checksum: 59842 61aba227ab1fd8e50af023c8acc4e330

Size/MD5 checksum: 1375040 06079bbb9cf37f2e5dbb53889193493f

Size/MD5 checksum: 167718 e9b474eebb48ac6f2cff62eaf41e1cbf

Size/MD5 checksum: 255870 3142c834fa0d1ce281c803294ce5aa6b

Size/MD5 checksum: 79272 0aec62a2fe0fe5ecbf757b3c6a4db715

Size/MD5 checksum: 519110 8cb70e074a1e632c651bd68cb38378e9

Size/MD5 checksum: 335086 edf50388426c5b579226a679cff5a5cc

Size/MD5 checksum: 863944 cba183f599ae2ca957f36e48261396e1

Size/MD5 checksum: 1181742 62ae21dff505723f3d11fb5c17d8ea66

Size/MD5 checksum: 2574676 c306abc6aef2942b5995d94f900490a4

Size/MD5 checksum: 2646876 d4e7a7cd7c4c13f810052c8b643e08bd

Size/MD5 checksum: 72148 49a5e29a05a4406cc11431f0f1b20ba0

Size/MD5 checksum: 121936 6374116d7cdbb6efa5f707b83ae19641

Size/MD5 checksum: 1234076 8824c964fb2d53a21104a51f3e396dd8

Size/MD5 checksum: 1005382 4ffa681cb6036a792273442a2b7288c3

Size/MD5 checksum: 218960 fae95e5facb8e35bcdd18b10c34eb5e8

Size/MD5 checksum: 3534668 fedfec67b52253517b6297ff0cce147a

Size/MD5 checksum: 477948 ecf8278610d1c35b689da84fed1a1795

Size/MD5 checksum: 550590 1347810170b9560db0ea98ad5e835b81

Size/MD5 checksum: 1324804 e64204608996a661cb439c6b99583879

Big endian MIPS architecture:


Size/MD5 checksum: 152696 58307ae6023161f4e70f6db8e9c0881a

Size/MD5 checksum: 276756 55e1366e21a1797214f9d24725b4ebc3

Size/MD5 checksum: 173464 84be8782692b320dbb481bc3f544867c

Size/MD5 checksum: 575694 656a05ac46d9a5fbe1ffe794573b77c4

Size/MD5 checksum: 182104 56830e22490f5cbcc587ad0bc3740792

Size/MD5 checksum: 550560 2c18454e544519525634a331b59dde78

Size/MD5 checksum: 349704 deca77fa44505a6b68f6fc8478a164f5

Size/MD5 checksum: 232746 7507e667fbd7df69d40ef2f550628a29

Size/MD5 checksum: 690662 41a9e9aac54cd265269fa962cc0a943b

Size/MD5 checksum: 349586 bf5fe8a34e182eb026f8f95815b99693

Size/MD5 checksum: 77178 12566dc9e83db107099c084a70926220

Size/MD5 checksum: 167598 10ff1ea073a48ea20bc97b3275cdb576

Size/MD5 checksum: 59836 dac6e74a3014ab11fa0a538207931cb2

Size/MD5 checksum: 1652590 c40da32a5ae517ec38285788a26c4761

Size/MD5 checksum: 176612 40219c45448bde5c69e6aabdffb6cb7b

Size/MD5 checksum: 337446 6f373a574a73761eea3ec24ec66a738d

Size/MD5 checksum: 82704 0bd57463cfcb29a7b383acbd2859b8cb

Size/MD5 checksum: 633136 24a4ffe9b9d464efa1f16d678b7db59a

Size/MD5 checksum: 357364 44c324f45b32566c418ed04407ae7ea4

Size/MD5 checksum: 1077144 27700fa762bb2d85e10a3ee6b3f9faff

Size/MD5 checksum: 1309070 7655459919286fd611181ce13c90a5ba

Size/MD5 checksum: 3733628 bb8deb898cf291ad5403eaa073a5a713

Size/MD5 checksum: 3124642 07186a0f70295fb3501cf6d6dae01b2b

Size/MD5 checksum: 78068 a4740bd259dcb8f31be89e8413f91c1c

Size/MD5 checksum: 140362 b00fc2fbf8b922f1a7b2893913a549ec

Size/MD5 checksum: 1774730 d394771a7a1ab1955373a0009f5f561c

Size/MD5 checksum: 1440038 a4cff2ba160c4703ca7c17facc648a5d

Size/MD5 checksum: 218902 9324678772065ae2b41e5fea376499bf

Size/MD5 checksum: 3385496 80cb9414b4b9b225f8f261b4207af888

Size/MD5 checksum: 505810 af3bc564c5da2dd9ada9ee39dddcf96e

Size/MD5 checksum: 661608 968d1738abcb6f3cf1ec258d051290e9

Size/MD5 checksum: 1910010 bc534cd077c4bfcff3f45cc521866d4d

Little endian MIPS architecture:


Size/MD5 checksum: 152248 7ec5232c3d668ec2d52bddad0cdf91f9

Size/MD5 checksum: 276114 6146cadf896005dfb7bfa3831ecf6d13

Size/MD5 checksum: 171976 b675d1f9353d77d6b364c0b946a7d985

Size/MD5 checksum: 558832 06b9c9736951d7b47768a7d903847bc9

Size/MD5 checksum: 180496 6842c0b93da4081cdd61e7b641036fca

Size/MD5 checksum: 535446 93431115055a6470f4cf6d8aa255ac8a

Size/MD5 checksum: 348804 9d68bbe1e79c690166e5fa80e24e6cbb

Size/MD5 checksum: 230484 df60b766f7006a8251fbde607129a98c

Size/MD5 checksum: 668626 1e55de8b45657c96867873bcab98e719

Size/MD5 checksum: 348698 16ff0e605956891dedaabcdfca36676b

Size/MD5 checksum: 77148 1a256a4a355949b27393132bc13af33a

Size/MD5 checksum: 167060 7e0653120f27be58a8bf73e940e610f2

Size/MD5 checksum: 59838 92bc21c03fb99575e13d848ec2de9619

Size/MD5 checksum: 1649074 92ed8c24e85f11bedf7e71c5649b4745

Size/MD5 checksum: 176442 84efce020df023b9c47382b4e17d88e4

Size/MD5 checksum: 336880 222e0469582b625b93b77fad8fe80a55

Size/MD5 checksum: 82762 d5961a631d0cdae5c9ce10fa6cde4d0e

Size/MD5 checksum: 623882 79a50212b1aaaaccfbebd2967fbf99eb

Size/MD5 checksum: 353670 517b26c37fffa966bdfe5a3234d5c05f

Size/MD5 checksum: 1043962 167697a057e11279d10b6fd56e96ceb3

Size/MD5 checksum: 1303890 c26cf3174fff378380810d0569a1bbd2

Size/MD5 checksum: 3609098 9345252b0262a85c35f2e7841572410d

Size/MD5 checksum: 3112818 170638c162e74e40edbb14435ec7773f

Size/MD5 checksum: 78002 841e634e71cda56e148ace9290c9b36c

Size/MD5 checksum: 140248 f1ffbea11892e7045f49bfc094dc4b9f

Size/MD5 checksum: 1772834 b9adef15a1861f09bdcb4c1b2c8a6b80

Size/MD5 checksum: 1438862 bb5c0085cd38699996ca4968902aad5d

Size/MD5 checksum: 218900 4fd0614bb78afc53c07b184ea69111fc

Size/MD5 checksum: 3383226 bc26f05e74b91c5144c7921f43ea271b

Size/MD5 checksum: 505200 93461004335593f9020857ff4bb5f426

Size/MD5 checksum: 661534 b7159e48186ae613a8c88b5191e6a70c

Size/MD5 checksum: 1906082 c6446dfcd7ffdbd5c9ba231df3fa0f89

PowerPC architecture:


Size/MD5 checksum: 140856 cff62cda8037370ed8d2855a9c13a8a2

Size/MD5 checksum: 259506 39d8b42620092d2ea7f9db15d2080c1d

Size/MD5 checksum: 187356 0bab1863617cb2be405082feb5b542e4

Size/MD5 checksum: 445466 600a1c5c647d8e069c6612ef19d7134d

Size/MD5 checksum: 178344 d356234e25d58426727f396283af1601

Size/MD5 checksum: 355670 f50f5d58a5ce5b21a8d5ec4accdedce1

Size/MD5 checksum: 330432 8a8728d24a8d24fc2a91aa53737d2467

Size/MD5 checksum: 231894 fb3ea3d8b9ac7885cdb3d776a73df5f2

Size/MD5 checksum: 468828 e2216a4ac014f7ef86dd9ffbb704eae1

Size/MD5 checksum: 330318 3035dd3ee0918b64d9d117c60985c382

Size/MD5 checksum: 76348 900b1dc23dd7172fd583580bac6c9966

Size/MD5 checksum: 159860 a8af399963df2748db052329fa5356a5

Size/MD5 checksum: 59832 777642929cae8fb09cec8923411b39a0

Size/MD5 checksum: 1609036 f01b9e60d35142a752d900f9b837e570

Size/MD5 checksum: 171858 0b1924068fbaaf443587cff7e8214265

Size/MD5 checksum: 303994 65efabc5bce1f411d63148a3ecf52912

Size/MD5 checksum: 81796 058bafcf058cd740dca12b0be9d49fac

Size/MD5 checksum: 605772 c2ac0b4bfcf1265e3a3e04365c17a94f

Size/MD5 checksum: 2448394 13ede7269683a0023a0870f61b162788

Size/MD5 checksum: 923256 08add16bd826cd43c6eb80a237b732ec

Size/MD5 checksum: 622812 bbd9412bc1afafdf256c2d8260bc03b4

Size/MD5 checksum: 529810 f51a5bf8f83e1373d5f894913dddf4f8

Size/MD5 checksum: 1086818 e2f980f38b98267386bb6901d2860e28

Size/MD5 checksum: 1299246 be2336f5fd92075172f9a2eccc506a50

Size/MD5 checksum: 2701380 4a0db8d2de23db9c42c1ec97f88cf775

Size/MD5 checksum: 2984616 63cf5b6a130da604bb37d4d735a5224e

Size/MD5 checksum: 76056 e3b357204d6605ea0ec3d83b04a01871

Size/MD5 checksum: 131878 bf0e9e39023198c1c89e3f36720d6c7a

Size/MD5 checksum: 1579354 1118c7f3cf81e9f2de035d3751750fd9

Size/MD5 checksum: 1274394 3483121378d1d2c2d2f5d69a05c4abd9

Size/MD5 checksum: 218938 4b2953bbff6f58904e69363e89971dcf

Size/MD5 checksum: 4617160 763ec729da2d3ca6f79e432efe25db24

Size/MD5 checksum: 492640 852e848f8f5a4c21f35c79144530e04a

Size/MD5 checksum: 603546 a5d4f4129c4d55797d034bf747325285

Size/MD5 checksum: 1707414 bee0e9fee2b844bb02b0b5c5fdbbeca9

IBM S/390 architecture:


Size/MD5 checksum: 139202 4d2444dc345e92a9097334dfcea1a548

Size/MD5 checksum: 234492 4615a1e721d9ab657116c4111ff49788

Size/MD5 checksum: 176232 2009035d89073d140aece6ba1ab00271

Size/MD5 checksum: 446942 1bf29aca766e1f3aa751cd1d410720d8

Size/MD5 checksum: 183286 48647d25e4a97a218e392ecb3a67d46b

Size/MD5 checksum: 368062 036457958fc45acac1a1c20c87238d09

Size/MD5 checksum: 308140 b6241ab9be34e54161b93e5b3c3d8a0d

Size/MD5 checksum: 234440 038e7d094f80da86098e2f3f89b790aa

Size/MD5 checksum: 480094 8bb9187cd9832079f0aee6c36b5f275a

Size/MD5 checksum: 308016 a354d4bddb8d9f9eaf7d18ca03631d38

Size/MD5 checksum: 76524 d9c8251b36489fb7e64920f27ab2ff4c

Size/MD5 checksum: 163348 3510a8e10112c3204181841cb74d1b9c

Size/MD5 checksum: 59824 2e960f34451ae212f85a0e20b8bbcd33

Size/MD5 checksum: 1254724 de8b6f2bac1de1a4768bfd2b18eac2a8

Size/MD5 checksum: 174064 d408eab05d8f6af4135d0823235bf241

Size/MD5 checksum: 292054 1c58d690de86cc55ec577b748a36bdac

Size/MD5 checksum: 82002 82d9d0054ce7b02cc95a29ee6f66b0a4

Size/MD5 checksum: 550310 9ef4444028de21a8069f310176eefd59

Size/MD5 checksum: 360228 df2f4e562c566ef1143a7372faf147be

Size/MD5 checksum: 911784 e46e160bf4c008a29ac85ede0a974a5a

Size/MD5 checksum: 1194690 57229a9ed63ca2dbab612553e1277365

Size/MD5 checksum: 2482792 0ad01dae08a86804e9aee43d2ffd847c

Size/MD5 checksum: 2620830 3c5cf6bd2c6ff852a0e53334beb7cdb9

Size/MD5 checksum: 74862 19fd0d0703cdd85a5dc73026b67ffd42

Size/MD5 checksum: 127902 c8a8432c990da1207bbe1aa5b34d3f65

Size/MD5 checksum: 1179868 88a8dcfccbd4f6b68d8b8ecaf0f198c1

Size/MD5 checksum: 870698 e136f0530ce7ba5f95cba93f06412ea6

Size/MD5 checksum: 219498 339659a9c0e731d673900a67ca942249

Size/MD5 checksum: 492124 ceb0658d8478724f7ab842068c3034ea

Size/MD5 checksum: 579628 042ecebd29e631cfbfcf525f0f43db9f

Size/MD5 checksum: 1292006 c069d6c652060377930f1168c61a1eab

Sun Sparc architecture:


Size/MD5 checksum: 139446 106b788380a9b1fa4ba541013cfbc146

Size/MD5 checksum: 246648 dc6136933ff17ebc7a55bd1df748c983

Size/MD5 checksum: 182234 2ee03cc307cca31d949173c7355080b5

Size/MD5 checksum: 443994 fd6d1ca43ad067d90bb408c8b1596d79

Size/MD5 checksum: 171760 c0529add728bbdd3b9a05ae34569c7e4

Size/MD5 checksum: 347110 6f18ba80459a8b7db8067d4258d560d3

Size/MD5 checksum: 308312 9c64df737851dbb285c97c8976a258bd

Size/MD5 checksum: 221040 9811b497f7342362d8c330c4d5e93a17

Size/MD5 checksum: 453412 f82dd9593feae20d1861646c7221f536

Size/MD5 checksum: 308184 f46dab3dbd3acb82c01684b2e77da3c9

Size/MD5 checksum: 78414 bdfce1719012c413f22e734f8183be16

Size/MD5 checksum: 162666 83e2e8bc88b1cde62ea3ae22a24ca4d3

Size/MD5 checksum: 59838 a673c21e2a8e4d0b4081eb782d48c5b3

Size/MD5 checksum: 1710126 3a1307643e204b0a46d9350e7f54d742

Size/MD5 checksum: 173016 012fd6e67af87ee07906074d54af3bf5

Size/MD5 checksum: 301704 339b18005943d5ff8f34b55b8c8da0f2

Size/MD5 checksum: 83546 e5bfb480b7df9adf03407c13adfbde7e

Size/MD5 checksum: 586074 693633684786309eb74e6a07a729d635

Size/MD5 checksum: 885302 6f70d5dbe7537ac8578bee9ad96e67c6

Size/MD5 checksum: 907794 247d0788269c04693020eaa17c476ff9

Size/MD5 checksum: 612136 a2dc9b3127ed19a50e78a2a70f4a0fd2

Size/MD5 checksum: 552918 373e63088fea725e6ee638f26743842c

Size/MD5 checksum: 1103404 d77957a91655b93a0011116ed3dc9d4a

Size/MD5 checksum: 1261944 e911ce78e98c43d852a5e9244f0efc92

Size/MD5 checksum: 2646532 0b7ad3c005191356ca8e594f58f714c9

Size/MD5 checksum: 2865794 43865b2731458ae12664eacb024adf48

Size/MD5 checksum: 75046 0e6ee7083f0eea2229dc892a41675ba8

Size/MD5 checksum: 130014 476e6ca85217b03c78d0ce7e97528c2f

Size/MD5 checksum: 1536206 fe5aa54c4bb62718d2e8a807d4514618

Size/MD5 checksum: 1202178 1c4ba87a43082e76a13db794b6f2b300

Size/MD5 checksum: 222258 971dccac12030b8e4cc197b8302e52d2

Size/MD5 checksum: 4049526 91aef4bc93275b1f4b6b2f94be55800d

Size/MD5 checksum: 491118 aeca08d4f1d6ec40c2bb8b7114af3e98

Size/MD5 checksum: 644266 2fea94acb1d733c67991422aef192b55

Size/MD5 checksum: 1648504 0155bde2b496d30292bfda05ef0c6c7a

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/YhaBArxCt0PiXR4RAnqwAJ49C8MlKJYVdsdQrm2n0hWTzQ72fgCeJtO/
VgUtoGGhwt/wTcXxns2S17o=x0AX
-----END PGP SIGNATURE-----






Severity
Package : xfree86
Vulnerability : buffer overflows, denial of service
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0063 CAN-2003-0071 CAN-2002-0164 CAN-2003-0730

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved