LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: XFree86 Multiple integer overflows Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Updated XFree86 packages for Red Hat Linux 9 provide securityfixes to font libraries and XDM.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages provide security and bug fixes
Advisory ID:       RHSA-2003:288-01
Issue date:        2003-11-17
Updated on:        2003-11-17
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0690 CAN-2003-0692 CAN-2003-0730
- ---------------------------------------------------------------------

1. Topic:

Updated XFree86 packages for Red Hat Linux 9 provide security
fixes to font libraries and XDM.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers in Red Hat Linux. XDM is the X
display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0730 to this issue.  

The risk to users from this vulnerability is  limited because only clients
can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0690 to this issue.  

XDM uses a weak session cookie generation algorithm that does not provide
128 bits of entropy, which allows attackers to guess session cookies via
brute force methods and gain access to the user session.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0692 to this issue.  

Users are advised to upgrade to these updated XFree86 4.3.0 packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

https://rhn.Red Hat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 9:

SRPMS: 
ftp://updates.Red Hat.com/9/en/os/SRPMS/XFree86-4.3.0-2.90.43.src.rpm

i386: 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-100dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-75dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-Mesa-libGL-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-Mesa-libGLU-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-Xnest-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-Xvfb-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-base-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-cyrillic-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-devel-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-doc-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-font-utils-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-libs-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-libs-data-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-sdk-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-syriac-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-tools-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-truetype-fonts-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-twm-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-xauth-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-xdm-4.3.0-2.90.43.i386.rpm 
ftp://updates.Red Hat.com/9/en/os/i386/XFree86-xfs-4.3.0-2.90.43.i386.rpm



6. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
197d83599eabea9ab424a9390fe7d753 9/en/os/SRPMS/XFree86-4.3.0-2.90.43.src.rpm
89864dfb981aaa052499e338cb85acd9 9/en/os/i386/XFree86-100dpi-fonts-4.3.0-2.90.43.i386.rpm
31bbf1f22ba1fa6dea820b88e9a2059e 9/en/os/i386/XFree86-4.3.0-2.90.43.i386.rpm
edd5121ecf72d39fd7581145c8b7fcbc 9/en/os/i386/XFree86-75dpi-fonts-4.3.0-2.90.43.i386.rpm
826d4f7c2914b732ca43485266b3daad 9/en/os/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.43.i386.rpm
89088cdc60bb8569da301d50e05d8f63 9/en/os/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.43.i386.rpm
91b062cc8015a5898894bfdf90d6ff99 9/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.43.i386.rpm
9f59c6547411fd257c45a953ab6e5921 9/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.43.i386.rpm
4e1c0ac39a47f968a2e7299be1efaf48 9/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.43.i386.rpm
bf9432be1a3ce7d4b24901420f07fb5d 9/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.43.i386.rpm
96aa54b74718fdbdd72e8ccec8415b3f 9/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.43.i386.rpm
bc79f57efa4e1a845382827d9021fd1e 9/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.43.i386.rpm
5f72d9cb4aac84f6dfd2fc0439037272 9/en/os/i386/XFree86-Mesa-libGL-4.3.0-2.90.43.i386.rpm
50b9edb13b54d3769602da54bb3183af 9/en/os/i386/XFree86-Mesa-libGLU-4.3.0-2.90.43.i386.rpm
b37d0aefee6a1b379be3ab30cd1923df 9/en/os/i386/XFree86-Xnest-4.3.0-2.90.43.i386.rpm
dd3a8c3271854b8e26dad948998e8952 9/en/os/i386/XFree86-Xvfb-4.3.0-2.90.43.i386.rpm
6f2aca8b9f3137b5da779c56eb73ec14 9/en/os/i386/XFree86-base-fonts-4.3.0-2.90.43.i386.rpm
5aa4659e2ec992b1b087e8d6c7190ff6 9/en/os/i386/XFree86-cyrillic-fonts-4.3.0-2.90.43.i386.rpm
c6f870637e148f1da88e93181191f8da 9/en/os/i386/XFree86-devel-4.3.0-2.90.43.i386.rpm
0a427f41d4558bdd0b5cbcc857b9f766 9/en/os/i386/XFree86-doc-4.3.0-2.90.43.i386.rpm
b3d53e1f9112010e9d3d2a866cfe4157 9/en/os/i386/XFree86-font-utils-4.3.0-2.90.43.i386.rpm
d3b427915a56fcf2a4de2a26266f7903 9/en/os/i386/XFree86-libs-4.3.0-2.90.43.i386.rpm
83dd0d4ecae97e40f0bd47ed07309b93 9/en/os/i386/XFree86-libs-data-4.3.0-2.90.43.i386.rpm
7b970292113693ae24285baca7effcd5 9/en/os/i386/XFree86-sdk-4.3.0-2.90.43.i386.rpm
aef8d7a6c6639c8ae9b5c8d554e458d2 9/en/os/i386/XFree86-syriac-fonts-4.3.0-2.90.43.i386.rpm
99a9274e87f44f1186fb53acf0e47553 9/en/os/i386/XFree86-tools-4.3.0-2.90.43.i386.rpm
371796a37e8f6f15d07cbbb4a2d35539 9/en/os/i386/XFree86-truetype-fonts-4.3.0-2.90.43.i386.rpm
aa51b88ccb54f3cf3b93cc02271d107e 9/en/os/i386/XFree86-twm-4.3.0-2.90.43.i386.rpm
d6c6c99723f3711befd8071567f79550 9/en/os/i386/XFree86-xauth-4.3.0-2.90.43.i386.rpm
f3b70dbc805125764fb118e6bd81fd3a 9/en/os/i386/XFree86-xdm-4.3.0-2.90.43.i386.rpm
f97f679e9543b2506d41deff0afc2042 9/en/os/i386/XFree86-xfs-4.3.0-2.90.43.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.Red Hat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

8. Contact:

The Red Hat security contact is <secalert@Red Hat.com>.  More contact
details at https://www.Red Hat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/unmfXlSAg2UNWIIRAt/gAKCIiIxv0ak2lObXuHoIEjJEkmy1SACfX1W1
hyWtMD8nBSkGXyyC1bu6OWk=
=2PQ8
-----END PGP SIGNATURE-----




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.