Articles / Red Hat: Updated XFree86 pa…

Red Hat: Updated XFree86 packages fix security issues and bugs

XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. Fixed packages are available from updates.redhat.com.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages fix security issues and bugs
Advisory ID:       RHSA-2004:479-01
Issue date:        2004-10-06
Updated on:        2004-10-06
Product:           Red Hat Enterprise Linux
Keywords:          ATI Radeon 7000m
Obsoletes:         RHBA-2004:155
CVE Names:         CAN-2004-0687 CAN-2004-0688 CAN-2004-0692
- ---------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security issues in libXpm, as
well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs) such as GNOME and KDE are designed upon.

During a source code audit, Chris Evans discovered several stack overflow
flaws and an integer overflow flaw in the X.Org libXpm library used to
decode XPM (X PixMap) images. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687,
CAN-2004-0688, and CAN-2004-0692 to these issues.

These packages also contain a bug fix to lower the RGB output voltage on
Dell servers using the ATI Radeon 7000m card.

Users are advised to upgrade to these erratum packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

129797 - Radeon driver (7000m) TVDAC output too high for DELL Server
131121 - CAN-2004-0687/8 libXpm stack and integer overflows.

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00  XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93  XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1  XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f  XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6  XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8  XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc  XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59  XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2  XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb  XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93  XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a  XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6  XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6  XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68  XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50  XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24  XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd  XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04  XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0  XFree86-xfs-4.1.0-62.EL.i386.rpm

ia64:
aea7045f5c8d04eb38d0b97041d55c66  XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
47a41e5c8cba5a8079b4465092cac04e  XFree86-4.1.0-62.EL.ia64.rpm
1b14fddae22bc81fdfbcdc9d2bdfb555  XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
a1f5386949b35900754ec1ee5e1cea03  XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
63d46f97a1c299e78e1533be26d8928e  XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
04bc6f8f8a9d37d4196415480b658b91  XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
9d2812f74cb1338d797ea0479054c561  XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
919e7a7ec805ab270c054b49903a14b9  XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
e5859b013ab1261e07a9bdba001ce74f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
935eaac390eb39688640bb0786e07b86  XFree86-Xnest-4.1.0-62.EL.ia64.rpm
3d9f3eee7b87d021a92983872e360239  XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
f93e1c20d097f2d0b924f33a56b6d2b6  XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
1b487e8a99a56bb05535ec9946442615  XFree86-devel-4.1.0-62.EL.ia64.rpm
61e302813770eb4c37d7b587180088fd  XFree86-doc-4.1.0-62.EL.ia64.rpm
1f745348f8367cfbeb842c30fdb6b3f6  XFree86-libs-4.1.0-62.EL.ia64.rpm
c879bae86bf53a287925d7b3cfd37090  XFree86-tools-4.1.0-62.EL.ia64.rpm
80697a8acd47fefeff093d234660d350  XFree86-twm-4.1.0-62.EL.ia64.rpm
7e3c7f981d80e3af491dd906bcb682cd  XFree86-xdm-4.1.0-62.EL.ia64.rpm
4ce5284ba83525462fb37e6b103b2530  XFree86-xfs-4.1.0-62.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00  XFree86-4.1.0-62.EL.src.rpm

ia64:
aea7045f5c8d04eb38d0b97041d55c66  XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
47a41e5c8cba5a8079b4465092cac04e  XFree86-4.1.0-62.EL.ia64.rpm
1b14fddae22bc81fdfbcdc9d2bdfb555  XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
a1f5386949b35900754ec1ee5e1cea03  XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
63d46f97a1c299e78e1533be26d8928e  XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
04bc6f8f8a9d37d4196415480b658b91  XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
9d2812f74cb1338d797ea0479054c561  XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
919e7a7ec805ab270c054b49903a14b9  XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
e5859b013ab1261e07a9bdba001ce74f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
935eaac390eb39688640bb0786e07b86  XFree86-Xnest-4.1.0-62.EL.ia64.rpm
3d9f3eee7b87d021a92983872e360239  XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
f93e1c20d097f2d0b924f33a56b6d2b6  XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
1b487e8a99a56bb05535ec9946442615  XFree86-devel-4.1.0-62.EL.ia64.rpm
61e302813770eb4c37d7b587180088fd  XFree86-doc-4.1.0-62.EL.ia64.rpm
1f745348f8367cfbeb842c30fdb6b3f6  XFree86-libs-4.1.0-62.EL.ia64.rpm
c879bae86bf53a287925d7b3cfd37090  XFree86-tools-4.1.0-62.EL.ia64.rpm
80697a8acd47fefeff093d234660d350  XFree86-twm-4.1.0-62.EL.ia64.rpm
7e3c7f981d80e3af491dd906bcb682cd  XFree86-xdm-4.1.0-62.EL.ia64.rpm
4ce5284ba83525462fb37e6b103b2530  XFree86-xfs-4.1.0-62.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00  XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93  XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1  XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f  XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6  XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8  XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc  XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59  XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2  XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb  XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93  XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a  XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6  XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6  XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68  XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50  XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24  XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd  XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04  XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0  XFree86-xfs-4.1.0-62.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm
03ca53981bde89caf4ff3804128eea00  XFree86-4.1.0-62.EL.src.rpm

i386:
ac50d13c0122ca08c3beb46c4b1aca93  XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
c87c6c1d96badd9a2c68ec157a8cc7e1  XFree86-4.1.0-62.EL.i386.rpm
0c889bf913ef6d9c0d1a7d1f7fa9973f  XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
597b840878ef479b390b423b270f064b  XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
d093383d556c84febeafa750fb5a40e6  XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
02243d07f708fe54a6646fe6e06e94f8  XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
271622a7f059bc81a291967e396789bc  XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
5e44ee29269a7fbdbccc0bcdca17ec59  XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
7fbb1e77517ba04d03245e80df7a7ff2  XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
66ca6d9d9ddda4bea9bd03f0a6ff4bbb  XFree86-Xnest-4.1.0-62.EL.i386.rpm
8bb3c8d0e5c003cda283810e60722f93  XFree86-Xvfb-4.1.0-62.EL.i386.rpm
9fa6512e970a363e8f99b51bd9db615a  XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
7170d3ae6df25f6722acebe5c112c2e6  XFree86-devel-4.1.0-62.EL.i386.rpm
649699ca8abc13b81be783acf760a7a6  XFree86-doc-4.1.0-62.EL.i386.rpm
b42552b25408e7c71b13158fc4384f68  XFree86-libs-4.1.0-62.EL.i386.rpm
0d995305ec63d934965a61f8e2ec6a50  XFree86-tools-4.1.0-62.EL.i386.rpm
0196887df4b36ee12961f04351ab7d24  XFree86-twm-4.1.0-62.EL.i386.rpm
d1b19195d9809ab7353ff0b096a820dd  XFree86-xdm-4.1.0-62.EL.i386.rpm
e25e4bfbbda07a642398849d87a85e04  XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
2c9b4edac0d92ff778eace853de3b3a0  XFree86-xfs-4.1.0-62.EL.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBY/OMXlSAg2UNWIIRAvVvAJ4lpj4RLItNMhk/Ed/hBVA9mcY5IQCfVrS/
CORw6/mJoUev5wTxAk2m4WY=
=gfIP
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.