LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: XFree86 security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated XFree86 packages that fix a libXpm integer overflow flaw and a number of bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: XFree86 security update
Advisory ID:       RHSA-2005:044-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-044.html
Issue date:        2005-04-06
Updated on:        2005-04-06
Product:           Red Hat Enterprise Linux
Keywords:          Xpm legacy keyboard controller memory leak SEGV segfault crash
CVE Names:         CAN-2005-0605
- ---------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix a libXpm integer overflow flaw and a
number of bugs are now available.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System.  It
provides the basic low level functionality which full-fledged graphical
user interfaces (GUIs) such as GNOME and KDE are designed upon.

An integer overflow flaw was found in libXpm, which is used by some
applications for loading of XPM images.  An attacker could create a
malicious XPM file that would execute arbitrary code if opened by a victim
using an application linked to the vulnerable library.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0605 to this issue.

XFree86 4.1.0 was not functional on systems that did not have a legacy
keyboard controller (8042).  During startup, the X server would attempt to
update registers on the 8042 controller, but if that chip was not present,
the X server would hang during startup.  This new release has a workaround
so that the access to those registers time out if they are not present.

A bug in libXaw could cause applications to segfault on 64-bit systems
under certain circumstances.  This has been fixed with a patch backported
from XFree86 4.3.0.

Xlib contained a memory leak caused by double allocation, which has been
fixed in XFree86 4.3.0 using backported patch.

All users of XFree86 should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150038 - CAN-2005-0605 XPM buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm

i386:
e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm

ia64:
ace0691b089cc424945b118071a7a8c9  XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm
33a876d683ad988e13007f7bb2908193  XFree86-4.1.0-71.EL.ia64.rpm
755157ba244a462e4fd3e07b6a2db275  XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm
9d10412d6bda791a11554c660319f010  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm
977a033b155e1386d32ee4ede524ac0f  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm
af4621efc40f5cea331727729755af69  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm
81495baca5ebe29af2eb37a9bb0d96e0  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm
170e310833a6f8f9e9bbd75e2838ef8b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm
ecfc7e5337276ac690f75eb802e57e06  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm
2f4a2252320e36593a078e22fec9d2b1  XFree86-Xnest-4.1.0-71.EL.ia64.rpm
462a5ebdbdbc90669d575e12dea1fe14  XFree86-Xvfb-4.1.0-71.EL.ia64.rpm
0a3f4d30395f408f0b5008e6864aa567  XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm
a6678a2489fb1f6d4098ce523366a69b  XFree86-devel-4.1.0-71.EL.ia64.rpm
71de4899c3aa12a29baeba308b00d073  XFree86-doc-4.1.0-71.EL.ia64.rpm
ab87a37e06ade10ba4287d8f857032ed  XFree86-libs-4.1.0-71.EL.ia64.rpm
5832143085762fc53e894b4804b72af8  XFree86-tools-4.1.0-71.EL.ia64.rpm
daed2b361a134a05c65d51539fe7549a  XFree86-twm-4.1.0-71.EL.ia64.rpm
fb046d7f1ca1d951a9c3ed44c8407b4b  XFree86-xdm-4.1.0-71.EL.ia64.rpm
02a7215f3a1ef684fc45f2544f3aa652  XFree86-xfs-4.1.0-71.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm

ia64:
ace0691b089cc424945b118071a7a8c9  XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm
33a876d683ad988e13007f7bb2908193  XFree86-4.1.0-71.EL.ia64.rpm
755157ba244a462e4fd3e07b6a2db275  XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm
9d10412d6bda791a11554c660319f010  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm
977a033b155e1386d32ee4ede524ac0f  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm
af4621efc40f5cea331727729755af69  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm
81495baca5ebe29af2eb37a9bb0d96e0  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm
170e310833a6f8f9e9bbd75e2838ef8b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm
ecfc7e5337276ac690f75eb802e57e06  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm
2f4a2252320e36593a078e22fec9d2b1  XFree86-Xnest-4.1.0-71.EL.ia64.rpm
462a5ebdbdbc90669d575e12dea1fe14  XFree86-Xvfb-4.1.0-71.EL.ia64.rpm
0a3f4d30395f408f0b5008e6864aa567  XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm
a6678a2489fb1f6d4098ce523366a69b  XFree86-devel-4.1.0-71.EL.ia64.rpm
71de4899c3aa12a29baeba308b00d073  XFree86-doc-4.1.0-71.EL.ia64.rpm
ab87a37e06ade10ba4287d8f857032ed  XFree86-libs-4.1.0-71.EL.ia64.rpm
5832143085762fc53e894b4804b72af8  XFree86-tools-4.1.0-71.EL.ia64.rpm
daed2b361a134a05c65d51539fe7549a  XFree86-twm-4.1.0-71.EL.ia64.rpm
fb046d7f1ca1d951a9c3ed44c8407b4b  XFree86-xdm-4.1.0-71.EL.ia64.rpm
02a7215f3a1ef684fc45f2544f3aa652  XFree86-xfs-4.1.0-71.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm

i386:
e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm
0a716f7c3023b15f86f7999f5625db76  XFree86-4.1.0-71.EL.src.rpm

i386:
e07be739078da8cd42d598a06b006f1e  XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm
bcebe61e2d614a1286b52775736e52c9  XFree86-4.1.0-71.EL.i386.rpm
cdddd54938649761e21827745c1366e2  XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm
182573d60222c73168fbfe66b16bb29b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm
2ae9bce6c130784e41d2b133a35e5774  XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm
9f3cf4be959caffa4c3bffbf76a09176  XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm
8c6f826f094aaa5135391f6ec27b0455  XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm
6b8f23211c43fc99dc05d75f9d0e4f86  XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm
bbda1f088f4cfc778a66cd4520df1b7e  XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm
439c6b7b18a9321a7a1a8476ec5c96b8  XFree86-Xnest-4.1.0-71.EL.i386.rpm
a47a287faa17c415776f1f8a31b0882a  XFree86-Xvfb-4.1.0-71.EL.i386.rpm
c17eeb2f724dfcfa1983bd3b8d3f89b9  XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm
26b1c9ede0bd137fe1504208d2e69489  XFree86-devel-4.1.0-71.EL.i386.rpm
cc3412a58aed56a2b5ae7818168531f4  XFree86-doc-4.1.0-71.EL.i386.rpm
e49c0750c474dfeede93ebc600bbe4f3  XFree86-libs-4.1.0-71.EL.i386.rpm
f6f827427339cf3e48d270391df35221  XFree86-tools-4.1.0-71.EL.i386.rpm
a8d8c8692e3ec74a267de41a7a047e9f  XFree86-twm-4.1.0-71.EL.i386.rpm
9a583b83825b2713edcc68d833ec2fc1  XFree86-xdm-4.1.0-71.EL.i386.rpm
ae1bb514c1c8e4671b441404e88b200e  XFree86-xf86cfg-4.1.0-71.EL.i386.rpm
27935274796d0c0ee7825ae75d3ca1c7  XFree86-xfs-4.1.0-71.EL.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.