Jump to content

Updated XFree86 Packages

mystified

By mystified
in Mandriva Security Advisories

 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name XFree86

Date September 15th, 2004

Advisory ID MDKSA-2004:099

Affected versions 9.2, 10.0, CS2.1

Synopsis Updated XFree86 packages fix libXpm overflow vulnerabilities

 

 

Problem Description

 

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86:

 

Stack overflows (CAN-2004-0687):

 

Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c).

 

Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c).

 

Integer Overflows (CAN-2004-0688):

 

Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence.

 

The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

4e0e127b08d5c09c28d6cc0b7511237f 9.2/RPMS/libxfree86-4.3-24.5.92mdk.i586.rpm

aa610b35928b997da0dd04f779baa00a 9.2/RPMS/libxfree86-devel-4.3-24.5.92mdk.i586.rpm

c15f9b375f7f2f951eced437c6fc4450 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.i586.rpm

ce94240859b48fe3ee551066e153016f 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.i586.rpm

4a4d6f1030b15c93edf87260725155a7 9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.i586.rpm

b67a24abf69d45d9fcd5ba65b83bd793 9.2/RPMS/libxfree86-static-devel-4.3-24.5.92mdk.i586.rpm

a5be699ad2b5097253314c2ee25b1557 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.i586.rpm

ac6ae823cb9981af067ae7d53db93e50 9.2/RPMS/XFree86-glide-module-4.3-24.5.92mdk.i586.rpm

1663c6d77b048451d11c614630f3c920 9.2/RPMS/XFree86-4.3-24.5.92mdk.i586.rpm

9908c0df16c2faf76d2037517eb7af0c 9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.i586.rpm

8e267dbed6a6415a034202c756dc0887 9.2/RPMS/XFree86-server-4.3-24.5.92mdk.i586.rpm

30f0b05257278ff6f5b7ade1d5984fb5 9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.i586.rpm

06236e20e91dd247e7d5458dc10773ca 9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.i586.rpm

eed1932ba7d07b3f7a3e93f6fc101e22 9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

4a1cf11b06553f00492f6080976dbf71 amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.5.92mdk.amd64.rpm

5a5a3704b1cbc3765264ca9c402f87f4 amd64/9.2/RPMS/XFree86-4.3-24.5.92mdk.amd64.rpm

50d13b476df1d933c0f579f8ccd546ea amd64/9.2/RPMS/lib64xfree86-4.3-24.5.92mdk.amd64.rpm

f3f12bd4da52199c41ac585fcfc0f979 amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.5.92mdk.amd64.rpm

1eb4a6f947e53c796af52e06c84298d3 amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.amd64.rpm

dbf3c10a52bf88036be7310f32f28e8c amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.amd64.rpm

37411c4ffe974ef9b0f09b308b4ffd3d amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.amd64.rpm

5024f50ce4d3e0ca45828c5488477e2a amd64/9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.amd64.rpm

434106b2719763a1a7c25d4dec468eb4 amd64/9.2/RPMS/XFree86-server-4.3-24.5.92mdk.amd64.rpm

bb887cf687422a1f1c99e49493b17dc8 amd64/9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.amd64.rpm

0f6aca5dea8d35457082965970c6da4a amd64/9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.amd64.rpm

5fb4470b9052cc0df15333d240c0350d amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.amd64.rpm

eed1932ba7d07b3f7a3e93f6fc101e22 amd64/9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm

 

Mandrakelinux 10.0

 

9d1e991a5dbfc681a5c87fd79b561296 10.0/RPMS/libxfree86-4.3-32.2.100mdk.i586.rpm

5b767743ea9fea956ba9dc083bc10c25 10.0/RPMS/libxfree86-devel-4.3-32.2.100mdk.i586.rpm

c658bbabc5e4e0ec5922c3953a87b3ad 10.0/RPMS/libxfree86-static-devel-4.3-32.2.100mdk.i586.rpm

cd19a71edc31e8db8f3e18f79f05089c 10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.i586.rpm

48e02a5d891f5eced5ce66e59cf1eb92 10.0/RPMS/XFree86-4.3-32.2.100mdk.i586.rpm

7e8d4c0d5d2c06c349d979f878d06904 10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.i586.rpm

e5943ade51bbb53aa4988e51d7f55e21 10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.i586.rpm

73b4c3cca0af8beeed2dc8ea2af9328d 10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.i586.rpm

8abff89792decf4563d20e3298def8f5 10.0/RPMS/XFree86-glide-module-4.3-32.2.100mdk.i586.rpm

3ea82bc33e519546877a39a733c9c417 10.0/RPMS/XFree86-server-4.3-32.2.100mdk.i586.rpm

3a5aa6b83350355d2487da6c289fbd08 10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.i586.rpm

c39d5eb61d33fe7a95f4d87a4acb25dd 10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.i586.rpm

fcf0d59a1c31ae4b719eccc11b13e9dd 10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.i586.rpm

541b2b34e491e0d9c2b115a41544de79 10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

541b2b34e491e0d9c2b115a41544de79 amd64/10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

cd6132b03458466a2562c3a30b168502 amd64/10.0/RPMS/XFree86-4.3-32.2.100mdk.amd64.rpm

a5ba7f7dc4e7a2edb0f6ec096e5a6759 amd64/10.0/RPMS/lib64xfree86-4.3-32.2.100mdk.amd64.rpm

c5a57adf7640982f3808c5db00338b88 amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.2.100mdk.amd64.rpm

e4050b67d3450e6f429cd6dd59b11669 amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.2.100mdk.amd64.rpm

08db9659e9b8333a3c5a32b90548c688 amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.amd64.rpm

ddf14101db0b5acbf124c61a2279b54f amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.amd64.rpm

22546ddc6d53b46103949a846148c5a2 amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.amd64.rpm

1ceb7bab20d5d86eb5bf1dd46e4d5022 amd64/10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.amd64.rpm

e5ecd7a77dd8114f2b01dc1829d82b88 amd64/10.0/RPMS/XFree86-server-4.3-32.2.100mdk.amd64.rpm

dcd5c36b070a69b7bab557bebe4308a9 amd64/10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.amd64.rpm

02554ec8f462a953290b29376e8da9e2 amd64/10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.amd64.rpm

59ea3335b10ee14f9d0ea5f032c431f1 amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.amd64.rpm

 

Corporate Server 2.1

 

e901f65d94c28271b5be9719bcaa530c corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm

e2a80f62dd03b6c797b4f0685dac1eb8 corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.i586.rpm

571c788226230893eb27e4b319d42825 corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.i586.rpm

be85eb20f3837a76d888e92005b060d1 corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.i586.rpm

2a51ed329cca3879f8ac1328296538de corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.i586.rpm

ec5088dbe7e9c8be7eca4a55c8bcf018 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm

6ecc6e0db8325b2b7f2e257a5f9baba3 corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.i586.rpm

0fae2859fa0695ac0fd59af01a7a4975 corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.i586.rpm

044b2a9c5d8bae6ed2013035b2a19f53 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.10.C21mdk.i586.rpm

7d54ae278a123aee0e5480498f06b18e corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.i586.rpm

2fddac60e1c86c090e67793d657f09b0 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.i586.rpm

4a1096b9dbfdf3e2d98f5de321142bef corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.i586.rpm

cc7253cdac6b100cfea47db75b53296e corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.i586.rpm

19b7b5aee7498c1435228b907ef07e1f corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

75126a161c6dedbb937b4c28de45e20c x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.x86_64.rpm

95cd8c0e294e5a0655a1722bbb25cd71 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.x86_64.rpm

553c5ec3dd448f6a32b1198835c65e14 x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.x86_64.rpm

e91ccaa84852b400bc110a7a3bc84b24 x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.x86_64.rpm

de7cbc373a397f010f64fe9aaea3e7d3 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

1b1f3599513d2c89574334d5abec5ad6 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.x86_64.rpm

4f35485ddf62ec642794ba055e20ad2e x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

fa490c6542356985b29479862a37e14f x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.x86_64.rpm

b60c8ed666900e0d5e44ede1be911e0a x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.x86_64.rpm

ffdce4cde212e7dc3d6d3f9adca260e2 x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.x86_64.rpm

7600253361f2117ab96b2566118df7e0 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.x86_64.rpm

bacae02d0b5e390f9de780f9595f387b x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.x86_64.rpm

19b7b5aee7498c1435228b907ef07e1f x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate,

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...