LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Red Hat: Xfree86 security issues fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
RedHat Linux Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages fix security issues
Advisory ID:       RHSA-2004:610-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-610.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0914
---------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security flaws in libXpm are now
available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs), such as GNOME and KDE are designed upon.

Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XP file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain
backported security patches and other bug fixes.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

136164 - CAN-2004-0914 libXpm integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5  XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074  XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6  XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970  XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e  XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d  XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c  XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae  XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2  XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80  XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea  XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1  XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c  XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5  XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074  XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6  XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970  XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e  XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d  XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c  XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae  XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2  XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80  XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea  XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1  XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c  XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.