LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: XFree86 multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux There are multiple vulnerabilities in XFree86.

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages provide security and bug fixes
Advisory ID:       RHSA-2003:066-01
Issue date:        2003-06-25
Updated on:        2003-06-25
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2002:068
CVE Names:         CAN-2001-1409 CAN-2002-1472 CAN-2002-0164 CAN-2003-0063 CAN-2003-0071
- ---------------------------------------------------------------------

1. Topic:

XFree86 is an implementation of the X Window System providing the
core graphical user interface and video drivers.

Updated XFree86 packages for Red Hat Linux 7.3 are now available which
include several security fixes, bug fixes, enhancements, and driver updates.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386

3. Problem description:

Security fixes:

- - Xterm, provides an escape sequence for reporting the current window
title. This escape sequence takes the current title and places it directly
on the command line. An attacker can craft an escape sequence that sets the
victim's Xterm window title to an arbitrary command, and then reports it to
the command line. Since it is not possible to embed a carriage return into
the window title, the attacker would then have to convince the victim to
press Enter for the shell to process the title as a command, although the
attacker could craft other escape sequences that might convince the victim
to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0063 to this issue.

- - It is possible to lock up versions of Xterm by sending an invalid DEC
UDK escape sequence. (CAN-2003-0071)

- - XFree86 4.2.1 also contains an updated fix for CAN-2002-0164, a
vulnerability in the MIT-SHM extension of the X server that allows local
users to read and write arbitrary shared memory. The original fix did not
cover the case where the X server is started from xdm.

- - The X server was setting the /dev/dri directory permissions incorrectly,
which resulted in the directory being world writable. (CAN-2001-1409)

Driver updates and additions:

- - Savage driver updated to Tim Roberts' latest version 1.1.27t

- - New "cyrix" driver which works better on MediaGX hardware.

- - New input drivers for Fujitsu Stylistic (fpit), Palmax   
  PD1000/PD1100 Input driver (palmax), Union Reality UR-98 head tracker   
  (ur98)

- - Backported apm driver, DPMS support enhancements, and a few accel fixes

- - Backported chips driver, with hardware mouse cursor and 2D acceleration 
  fixes

- - Backported cirrus, i740, siliconmotion, and ark drivers

Various bug fixes and enhancements:

- - Stability improvements to RENDER extension and libraries

- - Various fixes to the Xaw library

- - Fix a long standing problem in the X server where the mouse, keyboard, or  
  video would hang, or the server to go into an endless loop whenever the  
  system time was changed backwards

- - Fix a crash in the Radeon and Rage 128 drivers using VMware with DGA 
  when DRI is enabled

- - Work around some multihead and RENDER exention problems in the Matrox 
  "mga" driver

- - fc-cache is now run upon font package installation in all font
  directories containing fonts managed by fontconfig/Xft

- - mkfontdir now forces the permissions of the files it generates to be mode 
  0644 to ensure they are world readable independant of umask

- - A new option "ForceLegacyCRT" to the radeon driver allows use 
  of legacy VGA monitors which can not be detected automatically.  This 
  option is only safe to use in single-head setups and may cause serious 
  problems if used with dual-head.

- - xterm session management is now enabled by default, whereas the stock
  XFree86 default in 4.2.0/4.2.1 was accidentally disabled upstream

- - Removed and obsoleted the XFree86-xtrap-clients package, now merged
  into the main XFree86 package

- - Added support for previously unsupported ATI Rage 128 video hardware

- - Fixed Polish euro support

- - Added neomagic Xvideo support which may work for some users

- - Added fix for deadkey-quotedbl in ISO8859-15

- - Disabled debug messages in Cirrus Logic driver

- - Fixed a bug in the VESA driver, where the X server would crash with
  an FPE when the DisplaySize option was used

- - Fix to ATI Mach64 support which was out of PCI specs causing problems  
  on some Dell and IBM servers

- - Fix a problem which caused certain combinations of Radeon and Rage 128
  hardware and particular motherboards to hang, due to bus mastering
  getting disabled when VT switching.

There are various other fixes included which users can review by examining
the RPM package changelog of any of the new XFree86 packages.

Users are advised to upgrade to these updated XFree86 4.2.1 packages, which
are not vulnerable to the previously mentioned security issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

64559 - Polish keymap not working
53329 - i810 XVideo limited to 720x576
64970 - default XftConfig prefers substitute fonts over originals
60895 - Screen turns red/magenta with XFree86-4.2.0-32
62820 - suggest Xnest and Xvfb should be User Interfaces/X instead of User Interfaces/X Hardware Support
50282 - Decimal key on Swedish numerical keyboard should be comma, not point
63609 - RFE: add XVideo support for neomagic chipset
65704 - XFree86.0.log filled disk - 
66009 - 'vesa' driver gives SIGFPE if you set a DIsplaySize
67323 - xon test of hostname --version fails
69291 - Dell PE2650 ATI Rage XL lockups due to PCI spec violation
58188 - system hard locks on specific video setting
69743 - Fix SysRq / Print Screen
62171 - ATI Radeon (all) lockup/corruption when VT switching
65330 - Red Hat 7.3 Virtual Terminals no longer work when Graphical Login is used
62442 - Switching to VTs locks system - Dell Inspiron 4000
65136 - ATI Rage 128 (all) lockup when switching from console to X with DRI enabled.
66187 - XFree86 fails on i810
53231 - (i810) Screen freezes after leaving a Gnome session
40729 - xdm causes SEGVs setting up pam_response structure
63593 - (FPE) 1400x1050 fails with Radeon 7500 QW

6. RPMs required:

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.3.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-devel-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-doc-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-libs-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-tools-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-twm-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.3.i386.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
c6ff6c6d9c8e856f3ceb30ec8fb3148c 7.3/en/os/SRPMS/XFree86-4.2.1-13.73.3.src.rpm
0b9b017475ce7a9d88a9168ea656e19b 7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.3.i386.rpm
adca65328e61db4da4e73583ec4bf9aa 7.3/en/os/i386/XFree86-4.2.1-13.73.3.i386.rpm
563027979b615f099a51ab84a67bdf8e 7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.3.i386.rpm
696135498da5040ee74c620a63fce23f 7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.3.i386.rpm
6b89c364666d5d61278862cee5d493b1 7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.3.i386.rpm
da4f7fa407988abb31be98be7ba684ce 7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.3.i386.rpm
1c4aa5d45eb4b3559d81f8771def8517 7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.3.i386.rpm
7b6aee4b1d011bbb9deb05d4367ff72a 7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.3.i386.rpm
458291226d503f6ecb17f99b42dc711f 7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.3.i386.rpm
8a27f3a8849b4c08e1e68fae547b1cc3 7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.3.i386.rpm
ef18d8c1bdcdb61c632c8f93ebdc0e66 7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.3.i386.rpm
7533b8879b52e48f6890c7338663f104 7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.3.i386.rpm
7f7f2935517f881f0c66efec42e0c1c3 7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.3.i386.rpm
0c1d4304591659d46598d22afc18a1ac 7.3/en/os/i386/XFree86-devel-4.2.1-13.73.3.i386.rpm
19730f4a1b89fcbec9ac1fa0442a05ce 7.3/en/os/i386/XFree86-doc-4.2.1-13.73.3.i386.rpm
266efb5b2ee9497604e6a7b0766fa53c 7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.3.i386.rpm
d08c8d0ff504328f836a679054153403 7.3/en/os/i386/XFree86-libs-4.2.1-13.73.3.i386.rpm
c7c51136e166d8fbe330f33d6584c42a 7.3/en/os/i386/XFree86-tools-4.2.1-13.73.3.i386.rpm
a7b32f8e1e04c161ed1a188efe14e97f 7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.3.i386.rpm
434a969c7c1504696e8707718e94d35f 7.3/en/os/i386/XFree86-twm-4.2.1-13.73.3.i386.rpm
d959bd18dcbaf07d3cef7a4406f9fcee 7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.3.i386.rpm
31aa72de98e81ef6f73508544273a0df 7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.3.i386.rpm
7891b19bd3560b70a8a14da8f4de9fcf 7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.3.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from  http://www.Red Hat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


8. References:
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1409 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071

9. Contact:

The Red Hat security contact is <secalert@Red Hat.com>.  More contact
details at  http://www.Red Hat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.