Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisoryfedorabuffer overflowCritical Advisory on Fedora: XFree86 Privilege Escalation Issue
Updated XFree86 packages that fix a privilege escalation vulnerability arenow available.. Fedora Update Notification FEDORA-2004-069 2004-02-13 --------------------------------------------------------------------- Name : XFree86 Version : 4.3.0 Release : 55 Summary : The basic fonts, programs and docs for an X workstation. Description : XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. --------------------------------------------------------------------- Update Information: Updated XFree86 packages that fix a privilege escalation vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0106 to these issues. All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues. Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues. --------------------------------------------------------------------- * Thu Feb 12 2004 Mike A. Harris 4.3.0-55 - Added {x11datadir}/X11/xinit back to package list, which seems to have been inadvertently dropped during attempts to get package to compile on Red Hat Linux 9 s390 builds earlier this week. * Wed Feb 11 2004 Mike A. Harris 4.3.0-54 -Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106.patch to fix all recent security flaws in libXfont which are outlined in CAN-2004-0083, CAN-2004-0084, CAN-2004-0106, discovered by iDefense, David Dawes and others. This patch replace all previous libXfont patches from XFree86 builds 4.3.0-49 through to present. - Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2.patch which is the same as the above patch, but modified to cleanly apply to 4.3.0, renamed to keep all patches present in src.rpm for comparative purposes. - Built 4.3.0-54 with target build_yarrow for Fedora Core 1 erratum - Built 4.3.0-54.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum - Built 4.3.0-2.90.54 with target build_shrike for Red Hat Linux 9 erratum * Tue Feb 10 2004 Mike A. Harris 4.3.0-53 - Added XFree86-4.3.0-security-dirname-CAN-2004-0106.patch which replaces XFree86-4.3.0-security-fonts-alias-dirname3.patch, the new patch being the same but without the second hunk, as the patch Keith wrote for CAN-2004-0083 and CAN-2004-0084 already handled that issue so there was a conflict. - Built 4.3.0-53 with target build_yarrow for Fedora Core 1 erratum - Built 4.3.0-53.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum - Built 4.3.0-2.90.53 with target build_shrike for Red Hat Linux 9 erratum * Tue Feb 10 2004 Mike A. Harris 4.3.0-52 - Added XFree86-4.3.0-security-fonts-alias-dirname3.patch in order to fix 2 additional buffer overflows in libXfont, discovered by iDefense and David Dawes. No CVE assignment has been provided yet. - Built 4.3.0-52 with target build_yarrow for Fedora Core 1 erratum - Built 4.3.0-52.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum - Built 4.3.0-2.90.52 with target build_shrike for Red Hat Linux 9 erratum * Tue Feb 10 2004 Mike A. Harris 4.3.0-51 - Added XFree86-4.3.0-security-dirname-CAN-2004-0083-CAN-2004-0084-keithp.patch alternative patch written by KeithPackard, to fix CAN-2004-0083 and CAN-2004-0084 security issues - Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0084.patch to the package, but disabled for now while we test the above patch from Keith Packard which addresses both security issues. - Built 4.3.0-51 with target build_yarrow for Fedora Core 1 erratum - Built 4.3.0-51.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum - Built 4.3.0-2.90.51 with target build_shrike for Red Hat Linux 9 erratum * Mon Feb 09 2004 Mike A. Harris 4.3.0-50 - Fix issues detected in QA testing - Built 4.3.0-50 with target build_yarrow for Fedora Core 1 erratum - Built 4.3.0-50.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum - Built 4.3.0-2.90.50 with target build_shrike for Red Hat Linux 9 erratum * Wed Feb 04 2004 Mike A. Harris 4.3.0-2.90.49 - Built 4.3.0-2.90.49 with target build_shrike for Red Hat Linux 9 erratum - Split {_x11datadir}/X11/etc/* glob previously wrapped using with_Xserver into a with_xterm portion and with_Xterm portion with the dir being always included, in order to work around obscure build failure on s390 on RHL 9. Yes this is an insane problem to have to fix because we do not ship an RHL 9 s390 product and never will. But we seek perfection however, and who knows, maybe next week we will release a Red Hat Linux 9 port to s390 for consumer desktops or something. - Rename with_included_xterm macro to with_xterm for naming consistency with other options, as it threw me off. * Wed Feb 04 2004 Mike A. Harris 4.3.0-49.EL - Built 4.3.0-49.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum * Wed Feb 04 2004 Mike A. Harris 4.3.0-49 - Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0083.patch to fix security issue in core fonts backend reported by iDefense in CAN-2004-0083 - Added build_maintainer_mode distribution version autodetection to simplify local build testing procedures, added dist_ver macro, dist_test parameterized macro (to keep jbjon his toes), and updated build_xxxx target autoconfig when build_auto_mode is enabled. This only affects local builds, not any Red Hat builds. - Enabled radeon-agp-detection-using-capability-list-walk patch on all builds, which was inadvertently left off on some due to misplaced macro conditional - Built 4.3.0-49 with target build_yarrow for Fedora Core 1 erratum * Sun Feb 01 2004 Mike A. Harris 4.3.0-45.0.2.EL.test - Rebuilt with build_taroon for RHEL 3 testing * Sat Jan 31 2004 Mike A. Harris 4.3.0-45.0.2 - Added XFree86-4.3.0-Xserver-dix-xkb-key-repeating-bug-CVS-backport.patch to fix a bug in DIX when xkb is being used that causes keys to repeat spuriously on some hardware under certain system loads. This patch has been backported from the 4.3.0-48 developmental head package. (#76959,114635) - Added XFree86-4.3.0-XRes-IncludeSharedObjectInNormalLib.patch to make libXRes get built PIC for bug (#114292) - Updated XFree86-4.3.0-missing-lib-sharedreqs.patch to remove dependancy on libXt caused by improper dependancy listing in SharedXmuuReqs (#113336) * Thu Jan 29 2004 Mike A. Harris 4.3.0-45.0.1.EL.test - Build test release for RHEL3 U2 testing * Wed Jan 28 2004 Mike A. Harris 4.3.0-45.0.1 - Temporary fork of 4.3.0-45 to add some patches for test builds, until post 4.3.0-45 (4.3.0-46 through 4.3.0-50) local-work-in-progress stuff is in clean enough shape for tree inclusion - Added XFree86-4.3.0-fixes-for-freetype-2.1.7-v2.patch so that XFree86 will build properly against freetype 2.1.7 (#114343) * Sun Nov 30 2003 Mike A. Harris 4.3.0-45 - Implemented new AGP/PCI autodetection in the Radeon driver by examining PCI configuration space and walking the PCI extended capabilities list in order to determine if the device implements the AGP capability. This code should work on _any_ AGP/PCI hardware generically and should be factored out into generic X server code in future XFree86 releases so all drivers can benefit from it. XFree86-4.3.0-radeon-agp-detection-using-capability-list-walk.patch should fix all Radeon PCI/AGP autodetection bugs, including (#111191). Some AGP Radeon users may experience a performance boost with this new driver if their card was misdetected and treated as PCI before, as pcigart mode works on AGP hardware, but is slower than using AGP. - Fixed build_rawhide to work the same as build_yarrow everywhere since the two are functionally identical for the time being. * Wed Nov 26 2003 Mike A. Harris 4.3.0-44.EL - Rebuilt 4.3.0-44 as 4.3.0-44.EL for RHEL3 QU1 update * Wed Nov 26 2003 Mike A. Harris 4.3.0-44 - Added XFree86-4.3.0-libfontenc-IncludeSharedObjectInNormalLib.patch to fix KDE build problem on AMD64 which links to the static libfontenc library and fails because it wasn't compiled with -fPIC, reported in bug (#111058) - Enable the open source vmware_drv.o video driver that ships with XFree86 on all builds now, to supply this driver as-is to users as a convenience although it is still unsupported by Red Hat. Users encountering video or other X related problems with this driver, need to report their problems directly to XFree86.org, or to VMware Inc. - Rebuild in rawhide for FC2 development * Fri Nov 14 2003 Mike A. Harris 4.3.0-43.1 - Added XFree86-4.3.0-nv-riva-videomem-autodetection-debugging.patch to be able to debug Riva TNT memory autodetection problems in the future (#109459) - Added new build_rawhide flag to wrap experimental changes and test patches with for Rawhide builds - Rename rpm macro from tlssubdir to _tlsdir, and enforce it's usage everywhere in the spec file * Mon Nov 03 2003 Mike A. Harris 4.3.0-2.90.43 - Rebuild 4.3.0-43 for Red Hat Linux 9 erratum with build_shrike set * Mon Nov 03 2003 Mike A. Harris 4.3.0-43 - Updated to XFree86-4.3.0-xf-4_3-branch-2003-11-03.patch to pick up latest fixes in the XFree86 4.3.x stable branch including: - Fix for crash on ia64 because of wrong setjmp buffer alignment (John Dennis) - Close freetypefontfile filehandle in mkfontscale, this prevents problems from limitation of simultaniously open files - Fixed erronous freeing of DisplayModeRec in xf86DeleteMode() when deleting the modePool in xf86PruneDriverModes() the 'prev' member has a different meaning for modePool modes than for ScrnInfoPtr-> modes modes where it creates a doubly linked list - Fix some i830+ VT switch/exit crashes - Fix DRM_CAS on ia64 as used by the DRI (Bugzilla #778, John Dennis). - Removed XFree86-4.3.0-Xlib-XIM-bugfix-from-XFree86-bugzilla.patch, XFree86-4.3.0-ia64-setjmp-alignment.patch - Updated XFree86-4.3.0-ia64-drm-locking.patch as part of it is in the stable branch patch now. - Updated some spec file comments, and other mostly cosmetic changes. - Fixed some mistakes in spec file changelog dates. * Wed Oct 29 2003 Mike A. Harris 4.3.0-42.2 - Enable new Radeon support patches for shrike builds also to support newer Radeon hardware, so future erratum picks up these enhancements. - Backport XFree86-4.3.0-RandR-refresh-rate-rounding-error-fix-from-CVSHEAD.patch from CVS HEAD in order to fix bug (#108008) - Added XFree86-4.3.0-vidmode-SEGV-fix-from-CVS-HEAD.patch, backported from CVS HEAD to fix a SEGV in the vidmode extension (#101276) - Renamed build_cambridge target to build_yarrow to indicate the change from project name to final product name. - Added XFree86-4.3.0-rendition-complete-driver-backport-CVS20031031.patch which is a backport of the rendition driver from CVS head, including a couple bug fixes and the rest of changes are cosmetic. (#108693) - Disabled XFree86-4.3.0-rendition-disable-cause-of-SEGV.patch which should now be obsolete from above rendition driver backport. * Fri Oct 24 2003 Mike A. Harris 4.3.0-42 - This release is the long awaited answer to the meaning of life, the universe and everything. - Added XFree86-4.3.0-redhat-exec-shield-GNU-stack.patch to make the complete XFree86 build including Mesa et al. exec-shield friendly (arjanv, mharris) - Updated tonew XFree86-4.3.0-Mesa-SSE-fixes-from-MesaCVS-v2.patch which should fix compatibility problems between DRI and 2.6.x kernels which were caused by the previous version of this patch. Linus reported the fix for this with details of the problem, and explanation of the solution, which I extracted out of CVS (#107932,106566,107829) --------------------------------------------------------------------- This update can be downloaded from: 46d4fad36fa397d351705442806a55f8 SRPMS/XFree86-4.3.0-55.src.rpm eaa18d075933f605fb6c19a9b180ec1c i386/XFree86-4.3.0-55.i386.rpm daacc9c8fe9b6c9f5f5771a8b0cf87bc i386/XFree86-devel-4.3.0-55.i386.rpm 569907746b3a7d477f787dbe73401fd7 i386/XFree86-font-utils-4.3.0-55.i386.rpm 8e8f3b42277228aa45f0c872c3a65b8d i386/XFree86-xfs-4.3.0-55.i386.rpm 26ee40c0d60377f5ce1b8194c5466d4a i386/XFree86-twm-4.3.0-55.i386.rpm e7e81b18626ae9a344e5574174420e32 i386/XFree86-xdm-4.3.0-55.i386.rpm 27789e66d96649e7e8bf62a307f5e68d i386/XFree86-libs-4.3.0-55.i386.rpm b430abfefec36784e994ed5bf83d3ad9 i386/XFree86-libs-data-4.3.0-55.i386.rpm 46cf2ad73245f4ac966b7454bd310d88 i386/XFree86-base-fonts-4.3.0-55.i386.rpm 52b542cad1b247baadcea05e2e1c91dd i386/XFree86-truetype-fonts-4.3.0-55.i386.rpm fb9cc6191cb98dd93ef6ec71a167fb7e i386/XFree86-syriac-fonts-4.3.0-55.i386.rpm fb2926cae361d65cf6c78a7ca7ce88d8 i386/XFree86-75dpi-fonts-4.3.0-55.i386.rpm f0415822893f04c481ebfc473ffdff22 i386/XFree86-100dpi-fonts-4.3.0-55.i386.rpm efde62414088faf5789179176e6911e1 i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-55.i386.rpm 0cc9300e3c46d2d0346af3c2d0664834 i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-55.i386.rpm 8c6f63975595f1bbb3f5404322230c5a i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-55.i386.rpm 06cf300fb6b9c8c6eed3092d0ad1d3bb i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-55.i386.rpm 52c0f8f22e413279afee17df2ae2bb78 i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-55.i386.rpm b24b694caeee5c983cacbfc6937fce49 i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-55.i386.rpm 27e52ae1bb82fa59f9a1ae6c331bcce9 i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-55.i386.rpm d6d91aa0756c9519bfe6de3ad6af3809 i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-55.i386.rpm e071fc5a16476dbf7d9c321ec088a384 i386/XFree86-cyrillic-fonts-4.3.0-55.i386.rpm 6cb9ea90c43132853e8809aaff48a267 i386/XFree86-doc-4.3.0-55.i386.rpm 700d174f88e364cefe89bf5dcaf93033 i386/XFree86-Xnest-4.3.0-55.i386.rpm 1d81c120f7775261ee76b4ecd521485d i386/XFree86-Xvfb-4.3.0-55.i386.rpm 22718bdd290a8c7b86e12a7924531e55 i386/XFree86-tools-4.3.0-55.i386.rpm d4cbd6bd883f061d091458ce02a3f487 i386/XFree86-xauth-4.3.0-55.i386.rpm 6477ce536f8d084b48ae7aa9cf30c5c0 i386/XFree86-Mesa-libGL-4.3.0-55.i386.rpm 949ea216b0666dc971cd369661a49ec8 i386/XFree86-Mesa-libGLU-4.3.0-55.i386.rpm 89e0f5723f835b75dd265d8e7f40ab1e i386/XFree86-sdk-4.3.0-55.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list mailing list
Feb 18, 2004
•Critical
Fedora
98
security advisorydenial of servicered hatRed Hat 7.1/7.2: RHSA-2003:286-01 Critical: XFree86 Denial of Service
Multiple integer overflows in the transfer and enumeration of fontlibraries in XFree86 allow local or remote attackers to cause a denial ofservice or execute arbitrary code via heap-based and stack-based bufferoverflow attacks.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated XFree86 packages provide security and bug fixes Advisory ID: RHSA-2003:286-01 Issue date: 2003-11-25 Updated on: 2003-11-25 Product: Red Hat Linux Keywords: Cross references: Obsoletes: RHSA-2003:064 CVE Names: CAN-2003-0690 CAN-2003-0730 - --------------------------------------------------------------------- 1. Topic: Updated XFree86 packages for Red Hat Linux 7.1 and 7.2 provide security fixes to font libraries and XDM. 2. Relevant releases/architectures: Red Hat Linux 7.1 - i386 Red Hat Linux 7.2 - i386, ia64 3. Problem description: XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0730 to this issue. The risk to users from this vulnerability is limited because only clients can be affected by these bugs, however in some (non default) configurations, both xfs and the X Server can act as clients to remote font servers. XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. The Common Vulnerabilities and Exposuresproject (cve.mitre.org) has assigned the name CAN-2003-0690 to this issue. Users are advised to upgrade to these updated XFree86 4.1.0 packages, which contain backported security patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: 5. RPMs required: Red Hat Linux 7.1: SRPMS: i386: Red Hat Linux 7.2: SRPMS: i386: ia64: 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 7efb4b0fabfdda2ce4c1b373a572bfd1 7.1/en/os/SRPMS/XFree86-4.1.0-50.src.rpm fd4e32571a13c5abeac8b206d968b689 7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm 63c7e312a7ad1a86fbdd4ec4a9adf0c37.1/en/os/i386/XFree86-4.1.0-50.i386.rpm 8da27539132b330a8c31395e096d608f 7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm 6be72fce1104a5f128be37cbd8cad8b5 7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm 00a776519a3f973a5b765caf509e29d1 7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm 2fee21094915ebd82d4ae8abe4edbd16 7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm 339fd5f8da5bf336516c5e5f9bbc758f 7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm 6e32757dd225257b0aa246894f6e8e24 7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm 23f38f513ab37bc8a83dce375fdbb802 7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm c0497149120bd251de7edabc8ed325db 7.1/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm ae667bca67f4df9180d82e450d61a45b 7.1/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm 7185badb6ccb5b3b501f6495a904a9a9 7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm 514a2e738887b93cbb3aacdf17917165 7.1/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm 27cd532f5e87326132b4ed5ab5eefd2a 7.1/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm 0b86ef4d64f189ca92190354a5490f3f 7.1/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm 091cb83eeef310889aabd49308878f3b 7.1/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm 0d96ad2763f609c683cb53900158ad81 7.1/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm ed04b15ee5d410db9de3678f9c245f7f 7.1/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm d98872d9b717d954f60b0e99089a0017 7.1/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm 8309b090164a173e4af439fd70b5bfac 7.1/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm 7efb4b0fabfdda2ce4c1b373a572bfd1 7.2/en/os/SRPMS/XFree86-4.1.0-50.src.rpm fd4e32571a13c5abeac8b206d968b689 7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm 63c7e312a7ad1a86fbdd4ec4a9adf0c3 7.2/en/os/i386/XFree86-4.1.0-50.i386.rpm 8da27539132b330a8c31395e096d608f 7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm 6be72fce1104a5f128be37cbd8cad8b5 7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm 00a776519a3f973a5b765caf509e29d17.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm 2fee21094915ebd82d4ae8abe4edbd16 7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm 339fd5f8da5bf336516c5e5f9bbc758f 7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm 6e32757dd225257b0aa246894f6e8e24 7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm 23f38f513ab37bc8a83dce375fdbb802 7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm c0497149120bd251de7edabc8ed325db 7.2/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm ae667bca67f4df9180d82e450d61a45b 7.2/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm 7185badb6ccb5b3b501f6495a904a9a9 7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm 514a2e738887b93cbb3aacdf17917165 7.2/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm 27cd532f5e87326132b4ed5ab5eefd2a 7.2/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm 0b86ef4d64f189ca92190354a5490f3f 7.2/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm 091cb83eeef310889aabd49308878f3b 7.2/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm 0d96ad2763f609c683cb53900158ad81 7.2/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm ed04b15ee5d410db9de3678f9c245f7f 7.2/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm d98872d9b717d954f60b0e99089a0017 7.2/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm 8309b090164a173e4af439fd70b5bfac 7.2/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm bc62b3524b6345c789de0bb7854b9764 7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-50.ia64.rpm 7eff39e90e945a43000aa8d25d2cacda 7.2/en/os/ia64/XFree86-4.1.0-50.ia64.rpm 25f7bbbdb2ed35fece85f8c365ac2178 7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-50.ia64.rpm b6afcf366aa7dda3247cec2bda5144e6 7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.ia64.rpm 70f7d87704b953afc85dda704b601dd8 7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.ia64.rpm c95a4efbab26c06e26c50f43475bfb2a 7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.ia64.rpm 517bc70e140f328d1f4bb2d068aa1773 7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.ia64.rpm 38874cb6cc0b12bb7e866a2296cd2ad77.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.ia64.rpm c1871a3e04b343e01cdef62eae4c2e64 7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.ia64.rpm 8c923b7686a1c8e301a0e80c8e675743 7.2/en/os/ia64/XFree86-Xnest-4.1.0-50.ia64.rpm 52da9ca96b1e1f3f7b74b709d464235a 7.2/en/os/ia64/XFree86-Xvfb-4.1.0-50.ia64.rpm 50338cb8cfba15210fe5f9bd5b7133a7 7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-50.ia64.rpm fc84db81718a3840d35a26e9bbc29d6b 7.2/en/os/ia64/XFree86-devel-4.1.0-50.ia64.rpm 0f76c791684c9ff42ae28125701cd8a5 7.2/en/os/ia64/XFree86-doc-4.1.0-50.ia64.rpm e50744592053813ce6eb36a3fee741aa 7.2/en/os/ia64/XFree86-libs-4.1.0-50.ia64.rpm 44e6ce7b970dcb7e35f87b96e3d233db 7.2/en/os/ia64/XFree86-tools-4.1.0-50.ia64.rpm a1948bdee2293010d85022212d9e0c4a 7.2/en/os/ia64/XFree86-twm-4.1.0-50.ia64.rpm dd58fc137d671b92ff257482174da8f9 7.2/en/os/ia64/XFree86-xdm-4.1.0-50.ia64.rpm fe57efa8fa1ed81137f511a71d499b68 7.2/en/os/ia64/XFree86-xfs-4.1.0-50.ia64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://access.redhat.com/security/team/key You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2003-0690 CVE -CVE-2003-0730 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/en/technologies/all-products Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/wyYyXlSAg2UNWIIRArJKAJ9IX9RF52m/qYXmSFnUyFfTL9EiHACggmoN g7bG012X2eajTGNTf/jRgzg=sSbU -----END PGP SIGNATURE----- . Updated XFree86 packages tackle critical security flaws in Red Hat, preventing denial of service attacks and possible code manipulation.. Red Hat Linux,XFree86,Security Patch,Denial of Service,Integer Overflow. . Severity: Critical. LinuxSecurity.com Team
Nov 25, 2003
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!