RedHat: Moderate: XFree86 security update

    Date06 Apr 2005
    CategoryRed Hat
    4639
    Posted ByJoe Shakespeare
    Updated XFree86 packages that fix a libXpm integer overflow flaw and a number of bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: XFree86 security update
    Advisory ID:       RHSA-2005:044-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-044.html
    Issue date:        2005-04-06
    Updated on:        2005-04-06
    Product:           Red Hat Enterprise Linux
    Keywords:          Xpm legacy keyboard controller memory leak SEGV segfault crash
    CVE Names:         CAN-2005-0605
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated XFree86 packages that fix a libXpm integer overflow flaw and a
    number of bugs are now available.
    
    This update has been rated as having moderate security impact by the Red Hat
    Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
    Red Hat Linux Advanced Workstation 2.1 - ia64
    Red Hat Enterprise Linux ES version 2.1 - i386
    Red Hat Enterprise Linux WS version 2.1 - i386
    
    3. Problem description:
    
    XFree86 is an open source implementation of the X Window System.  It
    provides the basic low level functionality which full-fledged graphical
    user interfaces (GUIs) such as GNOME and KDE are designed upon.
    
    An integer overflow flaw was found in libXpm, which is used by some
    applications for loading of XPM images.  An attacker could create a
    malicious XPM file that would execute arbitrary code if opened by a victim
    using an application linked to the vulnerable library.  The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
    CAN-2005-0605 to this issue.
    
    XFree86 4.1.0 was not functional on systems that did not have a legacy
    keyboard controller (8042).  During startup, the X server would attempt to
    update registers on the 8042 controller, but if that chip was not present,
    the X server would hang during startup.  This new release has a workaround
    so that the access to those registers time out if they are not present.
    
    A bug in libXaw could cause applications to segfault on 64-bit systems
    under certain circumstances.  This has been fixed with a patch backported
    from XFree86 4.3.0.
    
    Xlib contained a memory leak caused by double allocation, which has been
    fixed in XFree86 4.3.0 using backported patch.
    
    All users of XFree86 should upgrade to these updated packages, which
    resolve these issues.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    150038 - CAN-2005-0605 XPM buffer overflow
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
    0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm
    
    i386:
    e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
    cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
    182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
    2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
    9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
    8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
    6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
    439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
    a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
    c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
    26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
    cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
    e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
    f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
    a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
    9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
    ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
    27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm
    
    ia64:
    ace0691b089cc424945b118071a7a8c9  XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    33a876d683ad988e13007f7bb2908193  XFree86-4.1.0-71.EL.ia64.rpm
    755157ba244a462e4fd3e07b6a2db275  XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    9d10412d6bda791a11554c660319f010  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    977a033b155e1386d32ee4ede524ac0f  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    af4621efc40f5cea331727729755af69  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    81495baca5ebe29af2eb37a9bb0d96e0  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    170e310833a6f8f9e9bbd75e2838ef8b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    ecfc7e5337276ac690f75eb802e57e06  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    2f4a2252320e36593a078e22fec9d2b1  XFree86-Xnest-4.1.0-71.EL.ia64.rpm
    462a5ebdbdbc90669d575e12dea1fe14  XFree86-Xvfb-4.1.0-71.EL.ia64.rpm
    0a3f4d30395f408f0b5008e6864aa567  XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm
    a6678a2489fb1f6d4098ce523366a69b  XFree86-devel-4.1.0-71.EL.ia64.rpm
    71de4899c3aa12a29baeba308b00d073  XFree86-doc-4.1.0-71.EL.ia64.rpm
    ab87a37e06ade10ba4287d8f857032ed  XFree86-libs-4.1.0-71.EL.ia64.rpm
    5832143085762fc53e894b4804b72af8  XFree86-tools-4.1.0-71.EL.ia64.rpm
    daed2b361a134a05c65d51539fe7549a  XFree86-twm-4.1.0-71.EL.ia64.rpm
    fb046d7f1ca1d951a9c3ed44c8407b4b  XFree86-xdm-4.1.0-71.EL.ia64.rpm
    02a7215f3a1ef684fc45f2544f3aa652  XFree86-xfs-4.1.0-71.EL.ia64.rpm
    
    Red Hat Linux Advanced Workstation 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
    0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm
    
    ia64:
    ace0691b089cc424945b118071a7a8c9  XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    33a876d683ad988e13007f7bb2908193  XFree86-4.1.0-71.EL.ia64.rpm
    755157ba244a462e4fd3e07b6a2db275  XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    9d10412d6bda791a11554c660319f010  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    977a033b155e1386d32ee4ede524ac0f  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    af4621efc40f5cea331727729755af69  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    81495baca5ebe29af2eb37a9bb0d96e0  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    170e310833a6f8f9e9bbd75e2838ef8b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm
    ecfc7e5337276ac690f75eb802e57e06  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm
    2f4a2252320e36593a078e22fec9d2b1  XFree86-Xnest-4.1.0-71.EL.ia64.rpm
    462a5ebdbdbc90669d575e12dea1fe14  XFree86-Xvfb-4.1.0-71.EL.ia64.rpm
    0a3f4d30395f408f0b5008e6864aa567  XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm
    a6678a2489fb1f6d4098ce523366a69b  XFree86-devel-4.1.0-71.EL.ia64.rpm
    71de4899c3aa12a29baeba308b00d073  XFree86-doc-4.1.0-71.EL.ia64.rpm
    ab87a37e06ade10ba4287d8f857032ed  XFree86-libs-4.1.0-71.EL.ia64.rpm
    5832143085762fc53e894b4804b72af8  XFree86-tools-4.1.0-71.EL.ia64.rpm
    daed2b361a134a05c65d51539fe7549a  XFree86-twm-4.1.0-71.EL.ia64.rpm
    fb046d7f1ca1d951a9c3ed44c8407b4b  XFree86-xdm-4.1.0-71.EL.ia64.rpm
    02a7215f3a1ef684fc45f2544f3aa652  XFree86-xfs-4.1.0-71.EL.ia64.rpm
    
    Red Hat Enterprise Linux ES version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
    0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm
    
    i386:
    e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
    cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
    182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
    2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
    9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
    8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
    6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
    439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
    a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
    c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
    26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
    cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
    e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
    f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
    a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
    9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
    ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
    27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm
    
    Red Hat Enterprise Linux WS version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
    0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm
    
    i386:
    e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
    cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
    182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
    2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
    9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
    8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
    6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
    bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
    439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
    a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
    c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
    26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
    cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
    e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
    f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
    a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
    9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
    ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
    27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.