Re: [SECURITY] Fedora Core 3 Update: xorg-x11-6.8.1-12.FC3.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 17 November 2004 19:55, Kristian Høgsberg wrote:
> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product     : Fedora Core 3
> Name        : xorg-x11
> Version     : 6.8.1
> Release     : 12.FC3.1
> Summary     : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System.  It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
>> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product     : Fedora Core 3
> Name        : xorg-x11
> Version     : 6.8.1
> Release     : 12.FC3.1
> Summary     : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System.  It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
> XPM (X PixMap) images have been found and addressed. An attacker could
> create a carefully crafted XPM file which would cause an application to
> crash or potentially execute arbitrary code if opened by a victim.  The
> Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
> the name CAN-2004-0914 to this issue.
>
> Users are advised to upgrade to these erratum packages, which contain
> backported security patches as well as other bug fixes.
> ---------------------------------------------------------------------
> * Mon Nov 15 2004 Kristian Høgsberg <krh@xxxxxxxxxx>
>
> - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
>    number of Xpm issues found by Thomas Biege <thomas@xxxxxxx>
>    (#136169)
>
> ---------------------------------------------------------------------
> This update can be downloaded from:
>    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
>
> 71b25b43914ce57fca3cf5cdeb5f4f41  SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
> 6aebd3219118e744794665f5eff3ecd2  x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
> 5a695bc10a9167502570ae0dc4fc5c19 
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
> a1cec1ac8cfb276c71ae4c87bb4f891d 
> x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
> f44084a0ce34af29a162cecadde5cba9 
> x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
> e70b09d3e33c4782c7c6241d9c7cd445 
> x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
> c410106110a81f3665e9b0ca060dc24d 
> x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
> 053b59cb6a6f2dce1424c84ddea78c0f 
> x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
> 8da9e968a1993d3091d4bbfb4c793c0a 
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
> 4f326bf4814a85afbd3f6c93f5599c47 
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
> d6dd049341a9d9c09031b57ae2b83887 
> x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
> 7229874bfacec9b804df5db4e14aa711 
> x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
> 5fbdf7b07a6517bbb99057e7e960e334 
> x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
> 9194c4a3cd4b3e052f11cdb441325f38 
> x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
> 9bc31cf7a229e2e074d998e5072ae763 
> x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
> dc3203c98c0829b8e9b3d381bff3a28c 
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
> d2bdbe25a12b5173ddabb9f29ddc6600 
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
> 66e1e56304ccfcb27a3989b7faeaf13f 
> x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
> 89701b20f1fdcaec45ba41009d056b52 
> x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
> 2192559acdec3429cf5a31fc40316578 
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750 
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
> ea8fcb15fa916a314b8f1d643c446e94 
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca 
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10 
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> 6b8c236f903301c6479fd5243a49b3a5  i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
> 2192559acdec3429cf5a31fc40316578 
> i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> c05d6ed2c8a37b5af5c17580b48a1444 
> i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
> 14ac9f373f85023bf74a33585efef17b 
> i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
> fa84d29bf5009dc90bb4e885f51e175a  i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
> 6b57c514f7b9848c2bfcbf9f749e6893  i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
> 4a7fa3c2e2bd50c6e5968db10c5beb16  i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750 
> i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94
>  i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 4076036309fd32a3aebb4b21027193d4  i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
> b28cea82051f5fdbbc57da3547bc8126 
> i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d
>  i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
> 7b17873d150da89e8c32fa7bcc28d269 
> i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
> 5bcbe76f554ce02340df0608ed0f794a 
> i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca 
> i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10 
> i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> fc336ff5b7e75fc8dd907b94955112de 
> i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e
>  i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm
>
> This update can also be installed with the Update Agent; you can
> launch the Update Agent with the 'up2date' command.
> ---------------------------------------------------------------------
>
> --
> fedora-announce-list mailing list
> fedora-announce-list@xxxxxxxxxx
> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-434
> 2004-11-17
> ---------------------------------------------------------------------
>
> Product     : Fedora Core 3
> Name        : xorg-x11
> Version     : 6.8.1
> Release     : 12.FC3.1
> Summary     : The basic fonts, programs and docs for an X workstation.
> Description :
> X.org X11 is an open source implementation of the X Window System.  It
> provides the basic low level functionality which full fledged
> graphical user interfaces (GUIs) such as GNOME and KDE are designed
> upon.
>
> ---------------------------------------------------------------------
> Update Information:
>
> Several integer overflow flaws in the X.Org libXpm library used to decode
> XPM (X PixMap) images have been found and addressed. An attacker could
> create a carefully crafted XPM file which would cause an application to
> crash or potentially execute arbitrary code if opened by a victim.  The
> Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
> the name CAN-2004-0914 to this issue.
>
> Users are advised to upgrade to these erratum packages, which contain
> backported security patches as well as other bug fixes.
> ---------------------------------------------------------------------
> * Mon Nov 15 2004 Kristian Høgsberg <krh@xxxxxxxxxx>
>
> - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
>    number of Xpm issues found by Thomas Biege <thomas@xxxxxxx>
>    (#136169)
>
> ---------------------------------------------------------------------
> This update can be downloaded from:
>    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
>
> 71b25b43914ce57fca3cf5cdeb5f4f41  SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm
> 6aebd3219118e744794665f5eff3ecd2  x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm
> 5a695bc10a9167502570ae0dc4fc5c19 
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm
> a1cec1ac8cfb276c71ae4c87bb4f891d 
> x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm
> f44084a0ce34af29a162cecadde5cba9 
> x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm
> e70b09d3e33c4782c7c6241d9c7cd445 
> x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm
> c410106110a81f3665e9b0ca060dc24d 
> x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm
> 053b59cb6a6f2dce1424c84ddea78c0f 
> x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm
> 8da9e968a1993d3091d4bbfb4c793c0a 
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm
> 4f326bf4814a85afbd3f6c93f5599c47 
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm
> d6dd049341a9d9c09031b57ae2b83887 
> x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm
> 7229874bfacec9b804df5db4e14aa711 
> x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm
> 5fbdf7b07a6517bbb99057e7e960e334 
> x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm
> 9194c4a3cd4b3e052f11cdb441325f38 
> x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm
> 9bc31cf7a229e2e074d998e5072ae763 
> x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm
> dc3203c98c0829b8e9b3d381bff3a28c 
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm
> d2bdbe25a12b5173ddabb9f29ddc6600 
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm
> 66e1e56304ccfcb27a3989b7faeaf13f 
> x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm
> 89701b20f1fdcaec45ba41009d056b52 
> x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm
> 2192559acdec3429cf5a31fc40316578 
> x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750 
> x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm
> ea8fcb15fa916a314b8f1d643c446e94 
> x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca 
> x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10 
> x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> 6b8c236f903301c6479fd5243a49b3a5  i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm
> 2192559acdec3429cf5a31fc40316578 
> i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm
> c05d6ed2c8a37b5af5c17580b48a1444 
> i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm
> 14ac9f373f85023bf74a33585efef17b 
> i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm
> fa84d29bf5009dc90bb4e885f51e175a  i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm
> 6b57c514f7b9848c2bfcbf9f749e6893  i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm
> 4a7fa3c2e2bd50c6e5968db10c5beb16  i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm
> 0bbd5b40004a228aa7b29f8d211e3750 
> i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94
>  i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm
> 4076036309fd32a3aebb4b21027193d4  i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm
> b28cea82051f5fdbbc57da3547bc8126 
> i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d
>  i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm
> 7b17873d150da89e8c32fa7bcc28d269 
> i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm
> 5bcbe76f554ce02340df0608ed0f794a 
> i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm
> 9c0114a8d449a607b269a6d09ad7a5ca 
> i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm
> 5a1bbaa66be29cac32926ee573b68a10 
> i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm
> fc336ff5b7e75fc8dd907b94955112de 
> i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e
>  i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm

Have you applied the 6-month old patch in
<http://freedesktop.org/bugzilla/show_bug.cgi?id=591>?
Will it ever be applied?


-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux