[SECURITY] Fedora Core 3 Update: xorg-x11-6.8.1-12.FC3.1
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Wed Nov 17 23:19:05 UTC 2004
On Wednesday 17 November 2004 19:55, Kristian Høgsberg wrote:
> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product : Fedora Core 3
> Name : xorg-x11
> Version : 6.8.1
> Release : 12.FC3.1
> Summary : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System. It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
>> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product : Fedora Core 3
> Name : xorg-x11
> Version : 6.8.1
> Release : 12.FC3.1
> Summary : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System. It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
> XPM (X PixMap) images have been found and addressed. An attacker could
> create a carefully crafted XPM file which would cause an application to
> crash or potentially execute arbitrary code if opened by a victim. The
> Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
> the name CAN-2004-0914 to this issue.
>
> Users are advised to upgrade to these erratum packages, which contain
> backported security patches as well as other bug fixes.
> ---------------------------------------------------------------------
> * Mon Nov 15 2004 Kristian Høgsberg <krh at redhat.com>
>
> - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
> number of Xpm issues found by Thomas Biege <thomas at suse.de>
> (#136169)
>
> ---------------------------------------------------------------------
> This update can be downloaded from:
> http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
>
> 71b25b43914ce57fca3cf5cdeb5f4f41 SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
> 6aebd3219118e744794665f5eff3ecd2 x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
> 5a695bc10a9167502570ae0dc4fc5c19
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
> a1cec1ac8cfb276c71ae4c87bb4f891d
> x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
> f44084a0ce34af29a162cecadde5cba9
> x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
> e70b09d3e33c4782c7c6241d9c7cd445
> x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
> c410106110a81f3665e9b0ca060dc24d
> x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
> 053b59cb6a6f2dce1424c84ddea78c0f
> x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
> 8da9e968a1993d3091d4bbfb4c793c0a
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
> 4f326bf4814a85afbd3f6c93f5599c47
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
> d6dd049341a9d9c09031b57ae2b83887
> x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
> 7229874bfacec9b804df5db4e14aa711
> x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
> 5fbdf7b07a6517bbb99057e7e960e334
> x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
> 9194c4a3cd4b3e052f11cdb441325f38
> x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
> 9bc31cf7a229e2e074d998e5072ae763
> x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
> dc3203c98c0829b8e9b3d381bff3a28c
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
> d2bdbe25a12b5173ddabb9f29ddc6600
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
> 66e1e56304ccfcb27a3989b7faeaf13f
> x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
> 89701b20f1fdcaec45ba41009d056b52
> x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
> 2192559acdec3429cf5a31fc40316578
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
> ea8fcb15fa916a314b8f1d643c446e94
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> 6b8c236f903301c6479fd5243a49b3a5 i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
> 2192559acdec3429cf5a31fc40316578
> i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> c05d6ed2c8a37b5af5c17580b48a1444
> i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
> 14ac9f373f85023bf74a33585efef17b
> i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
> fa84d29bf5009dc90bb4e885f51e175a i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
> 6b57c514f7b9848c2bfcbf9f749e6893 i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
> 4a7fa3c2e2bd50c6e5968db10c5beb16 i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750
> i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94
> i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 4076036309fd32a3aebb4b21027193d4 i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
> b28cea82051f5fdbbc57da3547bc8126
> i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d
> i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
> 7b17873d150da89e8c32fa7bcc28d269
> i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
> 5bcbe76f554ce02340df0608ed0f794a
> i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca
> i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10
> i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> fc336ff5b7e75fc8dd907b94955112de
> i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e
> i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm
>
> This update can also be installed with the Update Agent; you can
> launch the Update Agent with the 'up2date' command.
> ---------------------------------------------------------------------
>
> --
> fedora-announce-list mailing list
> fedora-announce-list at redhat.com
> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product : Fedora Core 3
> Name : xorg-x11
> Version : 6.8.1
> Release : 12.FC3.1
> Summary : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System. It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
> XPM (X PixMap) images have been found and addressed. An attacker could
> create a carefully crafted XPM file which would cause an application to
> crash or potentially execute arbitrary code if opened by a victim. The
> Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
> the name CAN-2004-0914 to this issue.
>
> Users are advised to upgrade to these erratum packages, which contain
> backported security patches as well as other bug fixes.
> ---------------------------------------------------------------------
> * Mon Nov 15 2004 Kristian Høgsberg <krh at redhat.com>
>
> - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
> number of Xpm issues found by Thomas Biege <thomas at suse.de>
> (#136169)
>
> ---------------------------------------------------------------------
> This update can be downloaded from:
> http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
>
> 71b25b43914ce57fca3cf5cdeb5f4f41 SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
> 6aebd3219118e744794665f5eff3ecd2 x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
> 5a695bc10a9167502570ae0dc4fc5c19
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
> a1cec1ac8cfb276c71ae4c87bb4f891d
> x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
> f44084a0ce34af29a162cecadde5cba9
> x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
> e70b09d3e33c4782c7c6241d9c7cd445
> x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
> c410106110a81f3665e9b0ca060dc24d
> x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
> 053b59cb6a6f2dce1424c84ddea78c0f
> x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
> 8da9e968a1993d3091d4bbfb4c793c0a
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
> 4f326bf4814a85afbd3f6c93f5599c47
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
> d6dd049341a9d9c09031b57ae2b83887
> x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
> 7229874bfacec9b804df5db4e14aa711
> x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
> 5fbdf7b07a6517bbb99057e7e960e334
> x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
> 9194c4a3cd4b3e052f11cdb441325f38
> x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
> 9bc31cf7a229e2e074d998e5072ae763
> x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
> dc3203c98c0829b8e9b3d381bff3a28c
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
> d2bdbe25a12b5173ddabb9f29ddc6600
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
> 66e1e56304ccfcb27a3989b7faeaf13f
> x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
> 89701b20f1fdcaec45ba41009d056b52
> x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
> 2192559acdec3429cf5a31fc40316578
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
> ea8fcb15fa916a314b8f1d643c446e94
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> 6b8c236f903301c6479fd5243a49b3a5 i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
> 2192559acdec3429cf5a31fc40316578
> i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> c05d6ed2c8a37b5af5c17580b48a1444
> i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
> 14ac9f373f85023bf74a33585efef17b
> i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
> fa84d29bf5009dc90bb4e885f51e175a i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
> 6b57c514f7b9848c2bfcbf9f749e6893 i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
> 4a7fa3c2e2bd50c6e5968db10c5beb16 i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750
> i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94
> i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 4076036309fd32a3aebb4b21027193d4 i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
> b28cea82051f5fdbbc57da3547bc8126
> i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d
> i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
> 7b17873d150da89e8c32fa7bcc28d269
> i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
> 5bcbe76f554ce02340df0608ed0f794a
> i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca
> i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10
> i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> fc336ff5b7e75fc8dd907b94955112de
> i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e
> i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm
Have you applied the 6-month old patch in
<http://freedesktop.org/bugzilla/show_bug.cgi?id=591>?
Will it ever be applied?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the fedora-list
mailing list