Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:073 - Updated XFree86 packages fix issue with xdm opening random sockets
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 28 Jul 2004 00:14:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           XFree86
 Advisory ID:            MDKSA-2004:073
 Date:                   July 27th, 2004

 Affected versions:      10.0
 ______________________________________________________________________

 Problem Description:

 Steve Rumble discovered XDM in XFree86 opens a chooserFd TCP socket
 even when DisplayManager.requestPort is 0, which could allow remote
 attackers to connect to the port, in violation of the intended
 restrictions.
 
 The updated packages are patched to correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 3d8f7cc32efa365598c0eab6362afcd0  10.0/RPMS/X11R6-contrib-4.3-32.1.100mdk.i586.rpm
 b4172fffca6936486827260143583beb  10.0/RPMS/XFree86-100dpi-fonts-4.3-32.1.100mdk.i586.rpm
 76e708133439aa6a251945b3d272efd7  10.0/RPMS/XFree86-4.3-32.1.100mdk.i586.rpm
 883614a82021c8f630e05dc836e73735  10.0/RPMS/XFree86-75dpi-fonts-4.3-32.1.100mdk.i586.rpm
 860343cbb4f8987aba1b51244509e3ca  10.0/RPMS/XFree86-Xnest-4.3-32.1.100mdk.i586.rpm
 83fdeaa5626d268b3b5c79f2c9e9c9da  10.0/RPMS/XFree86-Xvfb-4.3-32.1.100mdk.i586.rpm
 ee27e16339c3fe869115612f878b6f9a  10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.1.100mdk.i586.rpm
 280be6f30a08df7d9df6b14a95bac395  10.0/RPMS/XFree86-doc-4.3-32.1.100mdk.i586.rpm
 e80cfe469c9815ecf22b9075abc9903b  10.0/RPMS/XFree86-glide-module-4.3-32.1.100mdk.i586.rpm
 fda7bdf5de0baedb92da3b0d4a3ce6f2  10.0/RPMS/XFree86-server-4.3-32.1.100mdk.i586.rpm
 7e69712264c38cdc67bbcde303f24386  10.0/RPMS/XFree86-xfs-4.3-32.1.100mdk.i586.rpm
 e771f892d01a646f35098241a93fbd58  10.0/RPMS/libxfree86-4.3-32.1.100mdk.i586.rpm
 418d499c3c469dcfdfafb08d7549b560  10.0/RPMS/libxfree86-devel-4.3-32.1.100mdk.i586.rpm
 19b713df27c5f9c739db32bf23b556c8  10.0/RPMS/libxfree86-static-devel-4.3-32.1.100mdk.i586.rpm
 acbd5f8c90422416215df5d2fa686f88  10.0/SRPMS/XFree86-4.3-32.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 70773e362c8de210f9da4dc4693d1812  amd64/10.0/RPMS/X11R6-contrib-4.3-32.1.100mdk.amd64.rpm
 c74d80d2e64aef5a408b62c3512205c1  amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.1.100mdk.amd64.rpm
 dcb88ecdc48de0577af670c5af9609ac  amd64/10.0/RPMS/XFree86-4.3-32.1.100mdk.amd64.rpm
 d603e47eaf801b471bb68c308920bc48  amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.1.100mdk.amd64.rpm
 dfdee3789f1963dc7b9d2b7b52a93a0f  amd64/10.0/RPMS/XFree86-Xnest-4.3-32.1.100mdk.amd64.rpm
 3cca29110317b32fba9f5825ed00867f  amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.1.100mdk.amd64.rpm
 32963c84575ca591d8945a8418a7f362  amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.1.100mdk.amd64.rpm
 c8f3c91b813703d57611087249eabc0d  amd64/10.0/RPMS/XFree86-doc-4.3-32.1.100mdk.amd64.rpm
 3eafba88d255666197aea3a62e276b61  amd64/10.0/RPMS/XFree86-server-4.3-32.1.100mdk.amd64.rpm
 18a8c7471ccb535a49322e4fe334f933  amd64/10.0/RPMS/XFree86-xfs-4.3-32.1.100mdk.amd64.rpm
 fd24efdfcce22c9fdeb27301f06ced49  amd64/10.0/RPMS/lib64xfree86-4.3-32.1.100mdk.amd64.rpm
 9b67ee689be268c4386fde4e81f3a2e3  amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.1.100mdk.amd64.rpm
 4fd3a12d07c268d20a3bc80172b616fb  amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.1.100mdk.amd64.rpm
 acbd5f8c90422416215df5d2fa686f88  amd64/10.0/SRPMS/XFree86-4.3-32.1.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBBu/emqjQ0CJFipgRAhnyAKDaqv2/JyGo3CDinFm6ana6OdFmQACaAuDB
0ar0MPcg1gso8/LQQ9WZozY=
=mMJG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:073 - Updated XFree86 packages fix issue with xdm opening random sockets Mandrake Linux Security Team (Jul 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault