Updated XFree86 packages fix

mystified · August 5, 2004

Mandrakesoft Security Advisories

Package name XFree86

Date July 27th, 2004

Advisory ID MDKSA-2004:073

Affected versions 10.0

Synopsis Updated XFree86 packages fix issue with xdm opening random sockets

Problem Description

Steve Rumble discovered XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

The updated packages are patched to correct the problem.

Updated Packages

Mandrakelinux 10.0

3d8f7cc32efa365598c0eab6362afcd0 10.0/RPMS/X11R6-contrib-4.3-32.1.100mdk.i586.rpm

b4172fffca6936486827260143583beb 10.0/RPMS/XFree86-100dpi-fonts-4.3-32.1.100mdk.i586.rpm

76e708133439aa6a251945b3d272efd7 10.0/RPMS/XFree86-4.3-32.1.100mdk.i586.rpm

883614a82021c8f630e05dc836e73735 10.0/RPMS/XFree86-75dpi-fonts-4.3-32.1.100mdk.i586.rpm

860343cbb4f8987aba1b51244509e3ca 10.0/RPMS/XFree86-Xnest-4.3-32.1.100mdk.i586.rpm

83fdeaa5626d268b3b5c79f2c9e9c9da 10.0/RPMS/XFree86-Xvfb-4.3-32.1.100mdk.i586.rpm

ee27e16339c3fe869115612f878b6f9a 10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.1.100mdk.i586.rpm

280be6f30a08df7d9df6b14a95bac395 10.0/RPMS/XFree86-doc-4.3-32.1.100mdk.i586.rpm

e80cfe469c9815ecf22b9075abc9903b 10.0/RPMS/XFree86-glide-module-4.3-32.1.100mdk.i586.rpm

fda7bdf5de0baedb92da3b0d4a3ce6f2 10.0/RPMS/XFree86-server-4.3-32.1.100mdk.i586.rpm

7e69712264c38cdc67bbcde303f24386 10.0/RPMS/XFree86-xfs-4.3-32.1.100mdk.i586.rpm

e771f892d01a646f35098241a93fbd58 10.0/RPMS/libxfree86-4.3-32.1.100mdk.i586.rpm

418d499c3c469dcfdfafb08d7549b560 10.0/RPMS/libxfree86-devel-4.3-32.1.100mdk.i586.rpm

19b713df27c5f9c739db32bf23b556c8 10.0/RPMS/libxfree86-static-devel-4.3-32.1.100mdk.i586.rpm

acbd5f8c90422416215df5d2fa686f88 10.0/SRPMS/XFree86-4.3-32.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

70773e362c8de210f9da4dc4693d1812 amd64/10.0/RPMS/X11R6-contrib-4.3-32.1.100mdk.amd64.rpm

c74d80d2e64aef5a408b62c3512205c1 amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.1.100mdk.amd64.rpm

dcb88ecdc48de0577af670c5af9609ac amd64/10.0/RPMS/XFree86-4.3-32.1.100mdk.amd64.rpm

d603e47eaf801b471bb68c308920bc48 amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.1.100mdk.amd64.rpm

dfdee3789f1963dc7b9d2b7b52a93a0f amd64/10.0/RPMS/XFree86-Xnest-4.3-32.1.100mdk.amd64.rpm

3cca29110317b32fba9f5825ed00867f amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.1.100mdk.amd64.rpm

32963c84575ca591d8945a8418a7f362 amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.1.100mdk.amd64.rpm

c8f3c91b813703d57611087249eabc0d amd64/10.0/RPMS/XFree86-doc-4.3-32.1.100mdk.amd64.rpm

3eafba88d255666197aea3a62e276b61 amd64/10.0/RPMS/XFree86-server-4.3-32.1.100mdk.amd64.rpm

18a8c7471ccb535a49322e4fe334f933 amd64/10.0/RPMS/XFree86-xfs-4.3-32.1.100mdk.amd64.rpm

fd24efdfcce22c9fdeb27301f06ced49 amd64/10.0/RPMS/lib64xfree86-4.3-32.1.100mdk.amd64.rpm

9b67ee689be268c4386fde4e81f3a2e3 amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.1.100mdk.amd64.rpm

4fd3a12d07c268d20a3bc80172b616fb amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.1.100mdk.amd64.rpm

acbd5f8c90422416215df5d2fa686f88 amd64/10.0/SRPMS/XFree86-4.3-32.1.100mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419

Upgrade

To upgrade automatically, use MandrakeUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

rpm --checksig package.rpm

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Sign In

Updated XFree86 packages fix

Recommended Posts

mystified

Link to comment

Share on other sites

Browse

Activity