-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2021-350-01)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Note that in slackware-current there are 4 issues fixed (CVE-2021-4008,
CVE-2021-4009, CVE-2021-4010, and CVE-2021-4011). In Slackware 14.0, 14.1,
and 14.2 the earlier versions of xorg-server don't contain all of the
vulnerable code, so only the applicable issues have been patched.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
  Fixes for multiple input validation failures in X server extensions:
  render: Fix out of bounds access in SProcRenderCompositeGlyphs()
  xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-21.1.4-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-21.1.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
6d04a626a4b75554867d8002b280a37d  xorg-server-1.12.4-i486-6_slack14.0.txz
dd7e82b89fa0b2a2a3a107d9be3d95a3  xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
a85a521a9f968a9be684c5c3c4f66af9  xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
6369db62dadfc4b07902f3106c77dfe5  xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz

Slackware x86_64 14.0 packages:
5e0a9ca853e074b6351572fa90fbecc5  xorg-server-1.12.4-x86_64-6_slack14.0.txz
8b9e95e91cd5d6092a1854a6238266f6  xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz
9b7ecbd05021df492d17c80d7158e731  xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
a1fd5efd20e49303636a6038f674e87f  xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz

Slackware 14.1 packages:
839097f02532392934b488031610fdbf  xorg-server-1.14.3-i486-7_slack14.1.txz
ea42a3c4b45e14c1e50fadd6199b1157  xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
00d19e50b61a636f88848cd2fd5c2df5  xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
57299b366cf51215dc362fddae77fcee  xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz

Slackware x86_64 14.1 packages:
39182c0be97860fec2ec4ffbf694297d  xorg-server-1.14.3-x86_64-7_slack14.1.txz
c8ce89274d84dd237a001580cc57c6f6  xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
50da8dc72ae2f092a25a513b20c1f63f  xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz
9da5a4250085102952c849eb7f8f2ab3  xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz

Slackware 14.2 packages:
90be9329bb702b8b307d1242342a1bd8  xorg-server-1.18.3-i586-6_slack14.2.txz
b4bb357429448529fe6543842ad732cc  xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
c53c8bbf2180ebd3c16f924e5a5b1ac7  xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
bc876b95c3d459edb6f5243bc56e84f5  xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz

Slackware x86_64 14.2 packages:
71001773060777d0a95375ed401fd70c  xorg-server-1.18.3-x86_64-6_slack14.2.txz
8d014f753c3f6ec4218eb8477274277c  xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
02b34119da99c14ce296aa168f489791  xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
44f94cabe0ef711db29d929ea952de5e  xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz

Slackware -current packages:
a11ba87a73c4517149f94e7cd9090368  x/xorg-server-1.20.14-i586-1.txz
dabff0584671d18628afca610e6be6e6  x/xorg-server-xephyr-1.20.14-i586-1.txz
7fd3c55b00ffc216bfd967cb7e9ed217  x/xorg-server-xnest-1.20.14-i586-1.txz
4bb77c644a9270891af1777719c142ef  x/xorg-server-xvfb-1.20.14-i586-1.txz
0af0996e39965a93284709609fd85547  x/xorg-server-xwayland-21.1.4-i586-1.txz

Slackware x86_64 -current packages:
203e2fad285325ead3e2bc61df22c4f9  x/xorg-server-1.20.14-x86_64-1.txz
067a5f9920f87adcb97391ee3ea875cb  x/xorg-server-xephyr-1.20.14-x86_64-1.txz
6f3b8490c4a6248d9002ff90f0588469  x/xorg-server-xnest-1.20.14-x86_64-1.txz
86eee6735abb2e7090df28d48ac029f5  x/xorg-server-xvfb-1.20.14-x86_64-1.txz
94fcba23c4620b951af49ca56d829a22  x/xorg-server-xwayland-21.1.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz


+-----+