-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2021-350-01)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Note that in slackware-current there are 4 issues fixed (CVE-2021-4008,
CVE-2021-4009, CVE-2021-4010, and CVE-2021-4011). In Slackware 14.0, 14.1,
and 14.2 the earlier versions of xorg-server don't contain all of the
vulnerable code, so only the applicable issues have been patched.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
  Fixes for multiple input validation failures in X server extensions:
  render: Fix out of bounds access in SProcRenderCompositeGlyphs()
  xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-6_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-7_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.0 packages:
6d04a626a4b75554867d8002b280a37d  xorg-server-1.12.4-i486-6_slack14.0.txz
dd7e82b89fa0b2a2a3a107d9be3d95a3  xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
a85a521a9f968a9be684c5c3c4f66af9  xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
6369db62dadfc4b07902f3106c77dfe5  xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz

Slackware x86_64 14.0 packages:
5e0a9ca853e074b6351572fa90fbecc5  xorg-server-1.12.4-x86_64-6_slack14.0.txz
8b9e95e91cd5d6092a1854a6238266f6  xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz
9b7ecbd05021df492d17c80d7158e731  xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
a1fd5efd20e49303636a6038f674e87f  xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz

Slackware 14.1 packages:
839097f02532392934b488031610fdbf  xorg-server-1.14.3-i486-7_slack14.1.txz
ea42a3c4b45e14c1e50fadd6199b1157  xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
00d19e50b61a636f88848cd2fd5c2df5  xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
57299b366cf51215dc362fddae77fcee  xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz

Slackware x86_64 14.1 packages:
39182c0be97860fec2ec4ffbf694297d  xorg-server-1.14.3-x86_64-7_slack14.1.txz
c8ce89274d84dd237a001580cc57c6f6  xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
50da8dc72ae2f092a25a513b20c1f63f  xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz
9da5a4250085102952c849eb7f8f2ab3  xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz

Slackware 14.2 packages:
90be9329bb702b8b307d1242342a1bd8  xorg-server-1.18.3-i586-6_slack14.2.txz
b4bb357429448529fe6543842ad732cc  xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
c53c8bbf2180ebd3c16f924e5a5b1ac7  xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
bc876b95c3d459edb6f5243bc56e84f5  xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz

Slackware x86_64 14.2 packages:
71001773060777d0a95375ed401fd70c  xorg-server-1.18.3-x86_64-6_slack14.2.txz
8d014f753c3f6ec4218eb8477274277c  xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
02b34119da99c14ce296aa168f489791  xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
44f94cabe0ef711db29d929ea952de5e  xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz

Slackware -current packages:
a11ba87a73c4517149f94e7cd9090368  x/xorg-server-1.20.14-i586-1.txz
dabff0584671d18628afca610e6be6e6  x/xorg-server-xephyr-1.20.14-i586-1.txz
7fd3c55b00ffc216bfd967cb7e9ed217  x/xorg-server-xnest-1.20.14-i586-1.txz
4bb77c644a9270891af1777719c142ef  x/xorg-server-xvfb-1.20.14-i586-1.txz
0af0996e39965a93284709609fd85547  x/xorg-server-xwayland-21.1.4-i586-1.txz

Slackware x86_64 -current packages:
203e2fad285325ead3e2bc61df22c4f9  x/xorg-server-1.20.14-x86_64-1.txz
067a5f9920f87adcb97391ee3ea875cb  x/xorg-server-xephyr-1.20.14-x86_64-1.txz
6f3b8490c4a6248d9002ff90f0588469  x/xorg-server-xnest-1.20.14-x86_64-1.txz
86eee6735abb2e7090df28d48ac029f5  x/xorg-server-xvfb-1.20.14-x86_64-1.txz
94fcba23c4620b951af49ca56d829a22  x/xorg-server-xwayland-21.1.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz


+-----+

Slackware: 2021-350-01: xorg-server Security Update

December 16, 2021
New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz: Rebuilt. Fixes for multiple input validation failures in X server extensions: render: Fix out of bounds access in SProcRenderCompositeGlyphs() xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009 (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz: Rebuilt.

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-6_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-6_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-7_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-7_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-6_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 packages: 6d04a626a4b75554867d8002b280a37d xorg-server-1.12.4-i486-6_slack14.0.txz dd7e82b89fa0b2a2a3a107d9be3d95a3 xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz a85a521a9f968a9be684c5c3c4f66af9 xorg-server-xnest-1.12.4-i486-6_slack14.0.txz 6369db62dadfc4b07902f3106c77dfe5 xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz
Slackware x86_64 14.0 packages: 5e0a9ca853e074b6351572fa90fbecc5 xorg-server-1.12.4-x86_64-6_slack14.0.txz 8b9e95e91cd5d6092a1854a6238266f6 xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz 9b7ecbd05021df492d17c80d7158e731 xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz a1fd5efd20e49303636a6038f674e87f xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz
Slackware 14.1 packages: 839097f02532392934b488031610fdbf xorg-server-1.14.3-i486-7_slack14.1.txz ea42a3c4b45e14c1e50fadd6199b1157 xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz 00d19e50b61a636f88848cd2fd5c2df5 xorg-server-xnest-1.14.3-i486-7_slack14.1.txz 57299b366cf51215dc362fddae77fcee xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz
Slackware x86_64 14.1 packages: 39182c0be97860fec2ec4ffbf694297d xorg-server-1.14.3-x86_64-7_slack14.1.txz c8ce89274d84dd237a001580cc57c6f6 xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz 50da8dc72ae2f092a25a513b20c1f63f xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz 9da5a4250085102952c849eb7f8f2ab3 xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz
Slackware 14.2 packages: 90be9329bb702b8b307d1242342a1bd8 xorg-server-1.18.3-i586-6_slack14.2.txz b4bb357429448529fe6543842ad732cc xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz c53c8bbf2180ebd3c16f924e5a5b1ac7 xorg-server-xnest-1.18.3-i586-6_slack14.2.txz bc876b95c3d459edb6f5243bc56e84f5 xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz
Slackware x86_64 14.2 packages: 71001773060777d0a95375ed401fd70c xorg-server-1.18.3-x86_64-6_slack14.2.txz 8d014f753c3f6ec4218eb8477274277c xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz 02b34119da99c14ce296aa168f489791 xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz 44f94cabe0ef711db29d929ea952de5e xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz
Slackware -current packages: a11ba87a73c4517149f94e7cd9090368 x/xorg-server-1.20.14-i586-1.txz dabff0584671d18628afca610e6be6e6 x/xorg-server-xephyr-1.20.14-i586-1.txz 7fd3c55b00ffc216bfd967cb7e9ed217 x/xorg-server-xnest-1.20.14-i586-1.txz 4bb77c644a9270891af1777719c142ef x/xorg-server-xvfb-1.20.14-i586-1.txz 0af0996e39965a93284709609fd85547 x/xorg-server-xwayland-21.1.4-i586-1.txz
Slackware x86_64 -current packages: 203e2fad285325ead3e2bc61df22c4f9 x/xorg-server-1.20.14-x86_64-1.txz 067a5f9920f87adcb97391ee3ea875cb x/xorg-server-xephyr-1.20.14-x86_64-1.txz 6f3b8490c4a6248d9002ff90f0588469 x/xorg-server-xnest-1.20.14-x86_64-1.txz 86eee6735abb2e7090df28d48ac029f5 x/xorg-server-xvfb-1.20.14-x86_64-1.txz 94fcba23c4620b951af49ca56d829a22 x/xorg-server-xwayland-21.1.4-x86_64-1.txz

Severity
[slackware-security] xorg-server (SSA:2021-350-01)
New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Note that in slackware-current there are 4 issues fixed (CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, and CVE-2021-4011). In Slackware 14.0, 14.1, and 14.2 the earlier versions of xorg-server don't contain all of the vulnerable code, so only the applicable issues have been patched.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg xorg-server-*.txz

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved