On Wednesday 17 November 2004 19:55, Kristian Høgsberg wrote: > --------------------------------------------------------------------- > Fedora Update Notification > FEDORA-2004-434 > 2004-11-17 > --------------------------------------------------------------------- > > Product : Fedora Core 3 > Name : xorg-x11 > Version : 6.8.1 > Release : 12.FC3.1 > Summary : The basic fonts, programs and docs for an X workstation. > Description : > X.org X11 is an open source implementation of the X Window System. It > provides the basic low level functionality which full fledged > graphical user interfaces (GUIs) such as GNOME and KDE are designed > upon. > > --------------------------------------------------------------------- > Update Information: > > Several integer overflow flaws in the X.Org libXpm library used to decode >> --------------------------------------------------------------------- > Fedora Update Notification > FEDORA-2004-434 > 2004-11-17 > --------------------------------------------------------------------- > > Product : Fedora Core 3 > Name : xorg-x11 > Version : 6.8.1 > Release : 12.FC3.1 > Summary : The basic fonts, programs and docs for an X workstation. > Description : > X.org X11 is an open source implementation of the X Window System. It > provides the basic low level functionality which full fledged > graphical user interfaces (GUIs) such as GNOME and KDE are designed > upon. > > --------------------------------------------------------------------- > Update Information: > > Several integer overflow flaws in the X.Org libXpm library used to decode > XPM (X PixMap) images have been found and addressed. An attacker could > create a carefully crafted XPM file which would cause an application to > crash or potentially execute arbitrary code if opened by a victim. The > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > the name CAN-2004-0914 to this issue. > > Users are advised to upgrade to these erratum packages, which contain > backported security patches as well as other bug fixes. > --------------------------------------------------------------------- > * Mon Nov 15 2004 Kristian Høgsberg <krh@xxxxxxxxxx> > > - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a > number of Xpm issues found by Thomas Biege <thomas@xxxxxxx> > (#136169) > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ > > 71b25b43914ce57fca3cf5cdeb5f4f41 SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm > 6aebd3219118e744794665f5eff3ecd2 x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm > 5a695bc10a9167502570ae0dc4fc5c19 > x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm > a1cec1ac8cfb276c71ae4c87bb4f891d > x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm > f44084a0ce34af29a162cecadde5cba9 > x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm > e70b09d3e33c4782c7c6241d9c7cd445 > x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm > c410106110a81f3665e9b0ca060dc24d > x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm > 053b59cb6a6f2dce1424c84ddea78c0f > x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm > 8da9e968a1993d3091d4bbfb4c793c0a > x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm > 4f326bf4814a85afbd3f6c93f5599c47 > x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm > d6dd049341a9d9c09031b57ae2b83887 > x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm > 7229874bfacec9b804df5db4e14aa711 > x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm > 5fbdf7b07a6517bbb99057e7e960e334 > x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm > 9194c4a3cd4b3e052f11cdb441325f38 > x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm > 9bc31cf7a229e2e074d998e5072ae763 > x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm > dc3203c98c0829b8e9b3d381bff3a28c > x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm > d2bdbe25a12b5173ddabb9f29ddc6600 > x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm > 66e1e56304ccfcb27a3989b7faeaf13f > x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm > 89701b20f1fdcaec45ba41009d056b52 > x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm > 2192559acdec3429cf5a31fc40316578 > x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm > 0bbd5b40004a228aa7b29f8d211e3750 > x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm > ea8fcb15fa916a314b8f1d643c446e94 > x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm > 9c0114a8d449a607b269a6d09ad7a5ca > x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm > 5a1bbaa66be29cac32926ee573b68a10 > x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm > 6b8c236f903301c6479fd5243a49b3a5 i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm > 2192559acdec3429cf5a31fc40316578 > i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm > c05d6ed2c8a37b5af5c17580b48a1444 > i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm > 14ac9f373f85023bf74a33585efef17b > i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm > fa84d29bf5009dc90bb4e885f51e175a i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm > 6b57c514f7b9848c2bfcbf9f749e6893 i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm > 4a7fa3c2e2bd50c6e5968db10c5beb16 i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm > 0bbd5b40004a228aa7b29f8d211e3750 > i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94 > i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm > 4076036309fd32a3aebb4b21027193d4 i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm > b28cea82051f5fdbbc57da3547bc8126 > i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d > i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm > 7b17873d150da89e8c32fa7bcc28d269 > i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm > 5bcbe76f554ce02340df0608ed0f794a > i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm > 9c0114a8d449a607b269a6d09ad7a5ca > i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm > 5a1bbaa66be29cac32926ee573b68a10 > i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm > fc336ff5b7e75fc8dd907b94955112de > i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e > i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm > > This update can also be installed with the Update Agent; you can > launch the Update Agent with the 'up2date' command. > --------------------------------------------------------------------- > > -- > fedora-announce-list mailing list > fedora-announce-list@xxxxxxxxxx > --------------------------------------------------------------------- > Fedora Update Notification > FEDORA-2004-434 > 2004-11-17 > --------------------------------------------------------------------- > > Product : Fedora Core 3 > Name : xorg-x11 > Version : 6.8.1 > Release : 12.FC3.1 > Summary : The basic fonts, programs and docs for an X workstation. > Description : > X.org X11 is an open source implementation of the X Window System. It > provides the basic low level functionality which full fledged > graphical user interfaces (GUIs) such as GNOME and KDE are designed > upon. > > --------------------------------------------------------------------- > Update Information: > > Several integer overflow flaws in the X.Org libXpm library used to decode > XPM (X PixMap) images have been found and addressed. An attacker could > create a carefully crafted XPM file which would cause an application to > crash or potentially execute arbitrary code if opened by a victim. The > Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned > the name CAN-2004-0914 to this issue. > > Users are advised to upgrade to these erratum packages, which contain > backported security patches as well as other bug fixes. > --------------------------------------------------------------------- > * Mon Nov 15 2004 Kristian Høgsberg <krh@xxxxxxxxxx> > > - Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a > number of Xpm issues found by Thomas Biege <thomas@xxxxxxx> > (#136169) > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ > > 71b25b43914ce57fca3cf5cdeb5f4f41 SRPMS/xorg-x11-6.8.1-12.FC3.1.src.rpm > 6aebd3219118e744794665f5eff3ecd2 x86_64/xorg-x11-6.8.1-12.FC3.1.x86_64.rpm > 5a695bc10a9167502570ae0dc4fc5c19 > x86_64/xorg-x11-devel-6.8.1-12.FC3.1.x86_64.rpm > a1cec1ac8cfb276c71ae4c87bb4f891d > x86_64/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.x86_64.rpm > f44084a0ce34af29a162cecadde5cba9 > x86_64/xorg-x11-font-utils-6.8.1-12.FC3.1.x86_64.rpm > e70b09d3e33c4782c7c6241d9c7cd445 > x86_64/xorg-x11-xfs-6.8.1-12.FC3.1.x86_64.rpm > c410106110a81f3665e9b0ca060dc24d > x86_64/xorg-x11-twm-6.8.1-12.FC3.1.x86_64.rpm > 053b59cb6a6f2dce1424c84ddea78c0f > x86_64/xorg-x11-xdm-6.8.1-12.FC3.1.x86_64.rpm > 8da9e968a1993d3091d4bbfb4c793c0a > x86_64/xorg-x11-libs-6.8.1-12.FC3.1.x86_64.rpm > 4f326bf4814a85afbd3f6c93f5599c47 > x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.x86_64.rpm > d6dd049341a9d9c09031b57ae2b83887 > x86_64/xorg-x11-doc-6.8.1-12.FC3.1.x86_64.rpm > 7229874bfacec9b804df5db4e14aa711 > x86_64/xorg-x11-Xdmx-6.8.1-12.FC3.1.x86_64.rpm > 5fbdf7b07a6517bbb99057e7e960e334 > x86_64/xorg-x11-Xnest-6.8.1-12.FC3.1.x86_64.rpm > 9194c4a3cd4b3e052f11cdb441325f38 > x86_64/xorg-x11-tools-6.8.1-12.FC3.1.x86_64.rpm > 9bc31cf7a229e2e074d998e5072ae763 > x86_64/xorg-x11-xauth-6.8.1-12.FC3.1.x86_64.rpm > dc3203c98c0829b8e9b3d381bff3a28c > x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.x86_64.rpm > d2bdbe25a12b5173ddabb9f29ddc6600 > x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.x86_64.rpm > 66e1e56304ccfcb27a3989b7faeaf13f > x86_64/xorg-x11-Xvfb-6.8.1-12.FC3.1.x86_64.rpm > 89701b20f1fdcaec45ba41009d056b52 > x86_64/xorg-x11-sdk-6.8.1-12.FC3.1.x86_64.rpm > 2192559acdec3429cf5a31fc40316578 > x86_64/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm > 0bbd5b40004a228aa7b29f8d211e3750 > x86_64/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm > ea8fcb15fa916a314b8f1d643c446e94 > x86_64/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm > 9c0114a8d449a607b269a6d09ad7a5ca > x86_64/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm > 5a1bbaa66be29cac32926ee573b68a10 > x86_64/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm > 6b8c236f903301c6479fd5243a49b3a5 i386/xorg-x11-6.8.1-12.FC3.1.i386.rpm > 2192559acdec3429cf5a31fc40316578 > i386/xorg-x11-devel-6.8.1-12.FC3.1.i386.rpm > c05d6ed2c8a37b5af5c17580b48a1444 > i386/xorg-x11-deprecated-libs-devel-6.8.1-12.FC3.1.i386.rpm > 14ac9f373f85023bf74a33585efef17b > i386/xorg-x11-font-utils-6.8.1-12.FC3.1.i386.rpm > fa84d29bf5009dc90bb4e885f51e175a i386/xorg-x11-xfs-6.8.1-12.FC3.1.i386.rpm > 6b57c514f7b9848c2bfcbf9f749e6893 i386/xorg-x11-twm-6.8.1-12.FC3.1.i386.rpm > 4a7fa3c2e2bd50c6e5968db10c5beb16 i386/xorg-x11-xdm-6.8.1-12.FC3.1.i386.rpm > 0bbd5b40004a228aa7b29f8d211e3750 > i386/xorg-x11-libs-6.8.1-12.FC3.1.i386.rpm ea8fcb15fa916a314b8f1d643c446e94 > i386/xorg-x11-deprecated-libs-6.8.1-12.FC3.1.i386.rpm > 4076036309fd32a3aebb4b21027193d4 i386/xorg-x11-doc-6.8.1-12.FC3.1.i386.rpm > b28cea82051f5fdbbc57da3547bc8126 > i386/xorg-x11-Xdmx-6.8.1-12.FC3.1.i386.rpm 789f00f3c95e977afafd216dd5e3633d > i386/xorg-x11-Xnest-6.8.1-12.FC3.1.i386.rpm > 7b17873d150da89e8c32fa7bcc28d269 > i386/xorg-x11-tools-6.8.1-12.FC3.1.i386.rpm > 5bcbe76f554ce02340df0608ed0f794a > i386/xorg-x11-xauth-6.8.1-12.FC3.1.i386.rpm > 9c0114a8d449a607b269a6d09ad7a5ca > i386/xorg-x11-Mesa-libGL-6.8.1-12.FC3.1.i386.rpm > 5a1bbaa66be29cac32926ee573b68a10 > i386/xorg-x11-Mesa-libGLU-6.8.1-12.FC3.1.i386.rpm > fc336ff5b7e75fc8dd907b94955112de > i386/xorg-x11-Xvfb-6.8.1-12.FC3.1.i386.rpm 2f4161097f649928190d01ff30e3fa6e > i386/xorg-x11-sdk-6.8.1-12.FC3.1.i386.rpm Have you applied the 6-month old patch in <http://freedesktop.org/bugzilla/show_bug.cgi?id=591>? Will it ever be applied? -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
