Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 23 Nov 2004 16:01:43 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           XFree86
 Advisory ID:            MDKSA-2004:138
 Date:                   November 22nd, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 The XPM library which is part of the XFree86/XOrg project is used         
 by several GUI applications to process XPM image files.                      
 
 A source code review of the XPM library, done by Thomas Biege of the 
 SuSE Security-Team revealed several different kinds of bugs. These
 bugs include integer overflows, out-of-bounds memory access, shell
 command execution, path traversal, and endless loops.
 
 These bugs can be exploited by remote and/or local attackers to gain 
 access to the system or to escalate their local privileges, by using a
 specially crafted xpm image.
 
 Updated packages are patched to correct all these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 2afb474174ceeeb8b9978731ea67b106  10.0/RPMS/libxfree86-4.3-32.3.100mdk.i586.rpm
 becdd628fb0a2daba78e8e0052db8973  10.0/RPMS/libxfree86-devel-4.3-32.3.100mdk.i586.rpm
 537ffdd77fcf6aaaeaa671d459640266  10.0/RPMS/libxfree86-static-devel-4.3-32.3.100mdk.i586.rpm
 d1f90d0e9d92abbd07873f4cabd5c1ca  10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.i586.rpm
 b3df7e27cf04bf02aeacfcfb3bb4ebfe  10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.i586.rpm
 2d4ec2c81801423fe46e464bbbe76e28  10.0/RPMS/XFree86-4.3-32.3.100mdk.i586.rpm
 6833f06a64c81f00b49dc531a5af967e  10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.i586.rpm
 80f39632b42dbd34c9683daeafb2a390  10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.i586.rpm
 02fb4c3780a69cadc832bb90ecc83cad  10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.i586.rpm
 2b1ba9d93d76b5b2fc50bdb510694d47  10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.i586.rpm
 bec7c7941d8251aab82bfb29eb4d13c1  10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.i586.rpm
 48aeeefd2c4731768c917eeb8e49a848  10.0/RPMS/XFree86-glide-module-4.3-32.3.100mdk.i586.rpm
 703e7ae6efb5c5ae0993dfa25d103f89  10.0/RPMS/XFree86-server-4.3-32.3.100mdk.i586.rpm
 4df58044b169210f5886fb4e1c8e990f  10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.i586.rpm
 0efa3fb00bccfe27094f5814f44debbf  10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 97eb1462d343a0f338a08f76b1f9364b  amd64/10.0/RPMS/lib64xfree86-4.3-32.3.100mdk.amd64.rpm
 fde070d7e006e804a99567c58681da51  amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.3.100mdk.amd64.rpm
 4126b4e4e1257cb7ae0fa6891010a656  amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.3.100mdk.amd64.rpm
 cb0116f65cd35f50e7be020c0923bf36  amd64/10.0/RPMS/X11R6-contrib-4.3-32.3.100mdk.amd64.rpm
 d4f015aaa2f759246b8c453e959df1ef  amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.3.100mdk.amd64.rpm
 e5199a14d89330c33617806e7c800afe  amd64/10.0/RPMS/XFree86-4.3-32.3.100mdk.amd64.rpm
 7c2c631d77b62d71f0f4de5ebad0c63a  amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.3.100mdk.amd64.rpm
 39819257f528fe778e652e2ae0bed6d8  amd64/10.0/RPMS/XFree86-Xnest-4.3-32.3.100mdk.amd64.rpm
 babc267727355c3e36e4b31ec27ff9a0  amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.3.100mdk.amd64.rpm
 3d74526247d52b1db1628558023085fd  amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.3.100mdk.amd64.rpm
 364b16bfe97874e4c269ac2662ed13a0  amd64/10.0/RPMS/XFree86-doc-4.3-32.3.100mdk.amd64.rpm
 781bc31e2ec070a1b5a02e5fd6021afa  amd64/10.0/RPMS/XFree86-server-4.3-32.3.100mdk.amd64.rpm
 209acef5a74274a7a18723f805af7341  amd64/10.0/RPMS/XFree86-xfs-4.3-32.3.100mdk.amd64.rpm
 0efa3fb00bccfe27094f5814f44debbf  amd64/10.0/SRPMS/XFree86-4.3-32.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 837af36fa6f3f740caf63b6d001d377f  10.1/RPMS/libxorg-x11-6.7.0-4.2.101mdk.i586.rpm
 3d897b1b9cccd9854ac7956d8298fa06  10.1/RPMS/libxorg-x11-devel-6.7.0-4.2.101mdk.i586.rpm
 96aacb669136ea3297749ecd074f75c4  10.1/RPMS/libxorg-x11-static-devel-6.7.0-4.2.101mdk.i586.rpm
 07b82c78a8f58f188b20859c5a1f8a54  10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.i586.rpm
 6235fd580278f46415143ec2a34d7a9c  10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
 a8bfffbf221ae11e95c0cac48e3b27ca  10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.i586.rpm
 8f7c9eae1e5ae8cd0eb615e01a049aca  10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.i586.rpm
 153a372ef44ef9da459164701fcad597  10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.i586.rpm
 d0349486fb42aa852f1c26d07c87ba2b  10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.i586.rpm
 139bb7e0f6a4974d174c7cef6bdc78ec  10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.i586.rpm
 987c77256d9d2b549b7f2fd8d90c5c37  10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.i586.rpm
 31b76cce2577ffaabaa87494cd2df5cf  10.1/RPMS/xorg-x11-glide-module-6.7.0-4.2.101mdk.i586.rpm
 d3d2bd63e2ad0a70aff148481efc7e05  10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.i586.rpm
 1909f6390330b8e34758027577a6a498  10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.i586.rpm
 42d2df18a8958c81d5e3c561b0ec6dd8  10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 673e76c6bae242fb331d0545e52dbb74  x86_64/10.1/RPMS/lib64xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
 4350f24f96a85650e116b7800fa81723  x86_64/10.1/RPMS/lib64xorg-x11-devel-6.7.0-4.2.101mdk.x86_64.rpm
 08574ebda1a728e5c973e4c42b4dff84  x86_64/10.1/RPMS/lib64xorg-x11-static-devel-6.7.0-4.2.101mdk.x86_64.rpm
 386b6986637674d35872fcdf86ac23f1  x86_64/10.1/RPMS/X11R6-contrib-6.7.0-4.2.101mdk.x86_64.rpm
 85219e70a535989addf8e47a01746b61  x86_64/10.1/RPMS/xorg-x11-100dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
 d9419b62ef12d4b12fedc64eaa7b077a  x86_64/10.1/RPMS/xorg-x11-6.7.0-4.2.101mdk.x86_64.rpm
 2a21aa5e512ce659f051accac86280bd  x86_64/10.1/RPMS/xorg-x11-75dpi-fonts-6.7.0-4.2.101mdk.x86_64.rpm
 3bb9d4d960d5de8791ae3b921bcb49d4  x86_64/10.1/RPMS/xorg-x11-Xnest-6.7.0-4.2.101mdk.x86_64.rpm
 55412a69764ab9a5104b6d19a0c65c0a  x86_64/10.1/RPMS/xorg-x11-Xvfb-6.7.0-4.2.101mdk.x86_64.rpm
 22fddf5bd800a0cee6152ef8a63af1eb  x86_64/10.1/RPMS/xorg-x11-cyrillic-fonts-6.7.0-4.2.101mdk.x86_64.rpm
 9fcc3c5231066b5b146a28962c7e28a3  x86_64/10.1/RPMS/xorg-x11-doc-6.7.0-4.2.101mdk.x86_64.rpm
 36574ebda371599d5083ced52e08401e  x86_64/10.1/RPMS/xorg-x11-server-6.7.0-4.2.101mdk.x86_64.rpm
 113bf0f396a4d6ed8ddb149b88b21b38  x86_64/10.1/RPMS/xorg-x11-xfs-6.7.0-4.2.101mdk.x86_64.rpm
 42d2df18a8958c81d5e3c561b0ec6dd8  x86_64/10.1/SRPMS/xorg-x11-6.7.0-4.2.101mdk.src.rpm

 Corporate Server 2.1:
 fe1bbb7d6f6d3fb00cca14224483a4bd  corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.i586.rpm
 57b8587970f7e8de6dbc9a12ba63dca0  corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
 3d895a499c1c7d0c2e7d010df686c106  corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.i586.rpm
 401c12a145975b77d52124a5a5d50f74  corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.i586.rpm
 24d174823b2f859b351dc28038c5445d  corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.i586.rpm
 7abc5b779da62bb2cb2932c4c95714e7  corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.i586.rpm
 3e1000129934b9a9a073b0213f16dbe6  corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.i586.rpm
 e7255e48e85cbecd6262d51f32989014  corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.i586.rpm
 a962d0df6dd09eb6854523d84fec4e86  corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.i586.rpm
 682d742583e0810687b55308724bc157  corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.11.C21mdk.i586.rpm
 780030d5367fcc89d0953c9b044b8529  corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.i586.rpm
 8896ce432c93d01d475ae33461735667  corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.i586.rpm
 53cd2172e775cbf216ea75f02020e4d4  corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.i586.rpm
 b853b4244edd9932f11d11ea2820a739  corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.i586.rpm
 9c8d0d9b80b51598a403af219e9a0e2c  corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 dffc68b2636997b396abc62a34cd6dab  x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.11.C21mdk.x86_64.rpm
 0a5072e381c1f92099df34c62944629c  x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
 c3bb343202b6e4fd8407204f275a1533  x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.11.C21mdk.x86_64.rpm
 f55e947c57306a93731fdd3c1c5f145f  x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
 65298c67e1b19bd8bdf516c84ef7eaec  x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.11.C21mdk.x86_64.rpm
 adc6f86d68acd23d38773ab8f0f29f71  x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.11.C21mdk.x86_64.rpm
 87ac9ab90759b9edee919fcc47ff2eeb  x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.11.C21mdk.x86_64.rpm
 29abb2e493d3b17898c6dc2aacf41439  x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.11.C21mdk.x86_64.rpm
 312cbac5a7fde15d896d57166bc9b76c  x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.11.C21mdk.x86_64.rpm
 b84fa36e4e5531e8b661924621b8c5e6  x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.11.C21mdk.x86_64.rpm
 072a8d9e3d058ca5e4dd5acb93108e82  x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.11.C21mdk.x86_64.rpm
 be7ea83bbf39396d176784fd075539be  x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.11.C21mdk.x86_64.rpm
 4ede9683a99c187df328af315217c337  x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.11.C21mdk.x86_64.rpm
 9c8d0d9b80b51598a403af219e9a0e2c  x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.11.C21mdk.src.rpm

 Mandrakelinux 9.2:
 5c332161d55e7eebd2360303601dfadb  9.2/RPMS/libxfree86-4.3-24.6.92mdk.i586.rpm
 c450c2e22005e97350f3fb29d5ea20ae  9.2/RPMS/libxfree86-devel-4.3-24.6.92mdk.i586.rpm
 41bcf9b6bd846a23b89de2e990b26533  9.2/RPMS/libxfree86-static-devel-4.3-24.6.92mdk.i586.rpm
 0b2c7bf72e6327e6c6bd93c2aa5f37d6  9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.i586.rpm
 3b66f817c250f2bd7085413206509025  9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.i586.rpm
 26cb98d0fb72082dc853f5646c067578  9.2/RPMS/XFree86-4.3-24.6.92mdk.i586.rpm
 82394b97c9a71a719af0e2c7b01ba77b  9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.i586.rpm
 6df3de4f21e16d2751ede3f25874aebe  9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.i586.rpm
 616e1e3b8c6ebe6bbb0a76ee72270d98  9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.i586.rpm
 d228bc7b643465201bc9400588dcde24  9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.i586.rpm
 037afc7cdf1849aeb4854a4d4af29214  9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.i586.rpm
 a317f00f84226f4a307d8134a2fc237e  9.2/RPMS/XFree86-glide-module-4.3-24.6.92mdk.i586.rpm
 f16720d379d6eacdf2a20fa576ed61dc  9.2/RPMS/XFree86-server-4.3-24.6.92mdk.i586.rpm
 b1f380a049bcb2e1f7c2dc06ab44c431  9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.i586.rpm
 8d78775e3a349b127e38891fabf65255  9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 7edd01fc836fc645c05e491f86a9d6a6  amd64/9.2/RPMS/lib64xfree86-4.3-24.6.92mdk.amd64.rpm
 52c87fee470e394c7e4d0d617c5bb475  amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.6.92mdk.amd64.rpm
 2a241721a939736a6ed6d25928518c73  amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.6.92mdk.amd64.rpm
 c20d2ffd87f829413f7c0bb279c00171  amd64/9.2/RPMS/X11R6-contrib-4.3-24.6.92mdk.amd64.rpm
 27e5788d874a503305d4f2eff281ed49  amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.6.92mdk.amd64.rpm
 c1fe36f7de0bfc47e60519e0fd399a0e  amd64/9.2/RPMS/XFree86-4.3-24.6.92mdk.amd64.rpm
 3d9959e78352bc4468da2b9983d334c7  amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.6.92mdk.amd64.rpm
 40fb31d5324397dab3794a274c9c0827  amd64/9.2/RPMS/XFree86-Xnest-4.3-24.6.92mdk.amd64.rpm
 64111dae07d4e6b1745e56f3e97e46a6  amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.6.92mdk.amd64.rpm
 8ea864fc4f0289399010b4155652aa9a  amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.6.92mdk.amd64.rpm
 b3c734540a22b56da8ba64577a0579d1  amd64/9.2/RPMS/XFree86-doc-4.3-24.6.92mdk.amd64.rpm
 5b48ff86468c5ced0f5d450bc34e55da  amd64/9.2/RPMS/XFree86-server-4.3-24.6.92mdk.amd64.rpm
 dcb6917cf251d27cb91e1e187a9c6265  amd64/9.2/RPMS/XFree86-xfs-4.3-24.6.92mdk.amd64.rpm
 8d78775e3a349b127e38891fabf65255  amd64/9.2/SRPMS/XFree86-4.3-24.6.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBo17nmqjQ0CJFipgRAulTAJ9Ru9FpOI8mAu67e43p5A+/CDWSsACgtvIK
cxaSMnXsb1da/p720DuAMgs=
=i51J
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]