Advisories

Mandriva Advisories

Package name	XFree86
Date	February 13th, 2004
Advisory ID	MDKSA-2004:012
Affected versions	9.0, 9.1, 9.2, CS2.1
Synopsis	Updated XFree86 packages fix buffer overflow vulnerabilities

Problem Description

Two buffer overflow vulnerabilities were found by iDEFENSE in
XFree86's parsing of the font.alias file. The X server, which runs as
root, fails to check the length of user-provided input; as a result a
malicious user could craft a malformed font.alias file causing a
buffer overflow upon parsing, which could eventually lead to the
execution of arbitrary code.

Additional vulnerabilities were found by David Dawes, also in the
reading of font files.

The updated packages have a patch from David Dawes to correct these
vulnerabilities.

Updated Packages

Mandrakelinux 9.0

 98e5b738b3dbc829d21256fbdc78710c  9.0/RPMS/X11R6-contrib-4.2.1-3.5.90mdk.i586.rpm
ad1674508a8296ba90bbfe993d76ca27  9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
147ebe26aab5a24de5aa9f1a4fc07994  9.0/RPMS/XFree86-4.2.1-3.5.90mdk.i586.rpm
99390424e23bac5773a78b42da2baf9a  9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.5.90mdk.i586.rpm
66ff679df82d4cedc0d2e471e8e3a1ca  9.0/RPMS/XFree86-Xnest-4.2.1-3.5.90mdk.i586.rpm
37625aea0104d591018564022b48c94a  9.0/RPMS/XFree86-Xvfb-4.2.1-3.5.90mdk.i586.rpm
4372c1156eb29891a15cdd2d82632631  9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.5.90mdk.i586.rpm
df791cabfa0835d8cbc1eef4098284d6  9.0/RPMS/XFree86-devel-4.2.1-3.5.90mdk.i586.rpm
1f44bf236351c2c6c88b749bd9243632  9.0/RPMS/XFree86-glide-module-4.2.1-3.5.90mdk.i586.rpm
12ae6507db13b1cf57d83b4b2486c8d2  9.0/RPMS/XFree86-libs-4.2.1-3.5.90mdk.i586.rpm
c31e106485fe806408c3f00a3ba3d5f5  9.0/RPMS/XFree86-server-4.2.1-3.5.90mdk.i586.rpm
62830c01b5172df5ec704645c92b3d8d  9.0/RPMS/XFree86-static-libs-4.2.1-3.5.90mdk.i586.rpm
367d6a87b91f6f305affd748a1c3d696  9.0/RPMS/XFree86-xfs-4.2.1-3.5.90mdk.i586.rpm
982a452683aa71d835c6e7119d19ec81  9.0/SRPMS/XFree86-4.2.1-3.5.90mdk.src.rpm

Mandrakelinux 9.1

 7c01363aaeb5c743f38c0ea34214efa0  9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.i586.rpm
cc4a1010fb7f6edeaa8c207894fd17db  9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.i586.rpm
0b755a0bdf0004c85e1ae855796c386b  9.1/RPMS/XFree86-4.3-8.7.91mdk.i586.rpm
a7082c2ef309c3f96d8cd57f2dc1d5ee  9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.i586.rpm
a57a95691a365fef73ae099d263e37f3  9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.i586.rpm
d56381b27356ea984c3529fc18a8f553  9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.i586.rpm
c28e40d257929015ce51a44025b73419  9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.i586.rpm
f59caeb2e0cd6b2cd1252ce68a5a3701  9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.i586.rpm
5b5a89f147662d0733365ffed3ca4b07  9.1/RPMS/XFree86-glide-module-4.3-8.7.91mdk.i586.rpm
87b3a9cc5fc382d70be92f0c8af34f4e  9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.i586.rpm
8ef96d1888ed2a996a60dcffd6ee3e55  9.1/RPMS/XFree86-server-4.3-8.7.91mdk.i586.rpm
ffcfab37ec7b83e25a9910500d391922  9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.i586.rpm
ea7bc11b621a5c7cff21620cbe4a1081  9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.i586.rpm
37d7552011e007629985a83984181652  9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 7cde9aac236b245d80f0d3cadc871463  ppc/9.1/RPMS/X11R6-contrib-4.3-8.7.91mdk.ppc.rpm
67d584f5ddcce49542b7f1cc60416593  ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.7.91mdk.ppc.rpm
411850a4073715db74484ea1524d15f2  ppc/9.1/RPMS/XFree86-4.3-8.7.91mdk.ppc.rpm
7ce455db242384aed219dee3c3b935ef  ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.7.91mdk.ppc.rpm
a56324a6c603be47d5a0f5a5bdf44b4d  ppc/9.1/RPMS/XFree86-Xnest-4.3-8.7.91mdk.ppc.rpm
97b19edcced65286219adff178504118  ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.7.91mdk.ppc.rpm
a49c35faa8f481ff46323ecaaeeafe9f  ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.7.91mdk.ppc.rpm
4e51c103bd2da9f1f484a5a73b29fe44  ppc/9.1/RPMS/XFree86-devel-4.3-8.7.91mdk.ppc.rpm
12374d121016366e9b872e9d67ea5f91  ppc/9.1/RPMS/XFree86-libs-4.3-8.7.91mdk.ppc.rpm
6802b19db8ec11b77876f4c81647db45  ppc/9.1/RPMS/XFree86-server-4.3-8.7.91mdk.ppc.rpm
e9e17607d11880f5d269727c7b1964de  ppc/9.1/RPMS/XFree86-static-libs-4.3-8.7.91mdk.ppc.rpm
9e8c26387681e9e542f7588db6eaacb6  ppc/9.1/RPMS/XFree86-xfs-4.3-8.7.91mdk.ppc.rpm
37d7552011e007629985a83984181652  ppc/9.1/SRPMS/XFree86-4.3-8.7.91mdk.src.rpm

Mandrakelinux 9.2

 2465e00205fc34d78a72545d1a00a24f  9.2/RPMS/libxfree86-4.3-24.4.92mdk.i586.rpm
a987962fce9ec85d4c02b051d8dcbce6  9.2/RPMS/libxfree86-devel-4.3-24.4.92mdk.i586.rpm
a51b3d691999436babf85845a3720c34  9.2/RPMS/libxfree86-static-devel-4.3-24.4.92mdk.i586.rpm
245dfe0ff1d7618c59ccc8052fdfe040  9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.i586.rpm
7ed2f5ec2b8e087209b19f7bc6b24424  9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.i586.rpm
24f2119308cc500300fc55e7413b05ee  9.2/RPMS/XFree86-4.3-24.4.92mdk.i586.rpm
74421ed1018908a55294e46ca90e5a73  9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.i586.rpm
f9388e7cd146f6968071c1df70813b03  9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.i586.rpm
0f92071b9ce2a8544cca226c07c3aba4  9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.i586.rpm
66e4f0adb9a81ce0c54faef126911059  9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.i586.rpm
3c619cfaabf95c50869fc4ca686cfe1b  9.2/RPMS/XFree86-glide-module-4.3-24.4.92mdk.i586.rpm
5168c34488df4186101bb9aa5cda7ce5  9.2/RPMS/XFree86-server-4.3-24.4.92mdk.i586.rpm
1b97520e7219ac05ac864ff3f336e431  9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.i586.rpm
8bbaa775d0a642d99b068601f203b4bc  9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64

 a517c17424ee8a02cc4a8f9a51c553da  amd64/9.2/RPMS/lib64xfree86-4.3-24.4.92mdk.amd64.rpm
973a672b0d4b66e0d5970d146935bdce  amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.4.92mdk.amd64.rpm
ee7dbd21dd074829fe102551c89d0d3c  amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.4.92mdk.amd64.rpm
0a46865142bf0282ec6b041aa5fc80de  amd64/9.2/RPMS/X11R6-contrib-4.3-24.4.92mdk.amd64.rpm
421a3ad3412a76ef54b6febdcfd73f8c  amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.4.92mdk.amd64.rpm
f5e13d6c1d7d16cccf5eff388bcf01d7  amd64/9.2/RPMS/XFree86-4.3-24.4.92mdk.amd64.rpm
7edb2bcdbdf513078f1702c9da678781  amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.4.92mdk.amd64.rpm
e789fc9ab14324f8f9ae83d4ab0ef2f8  amd64/9.2/RPMS/XFree86-Xnest-4.3-24.4.92mdk.amd64.rpm
4f2a3540097f82f759fd2107c21d3339  amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.4.92mdk.amd64.rpm
995c3918c1dc7a318e5cb72a2848a447  amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.4.92mdk.amd64.rpm
94dbb6dd2611beb53fea56761deda581  amd64/9.2/RPMS/XFree86-server-4.3-24.4.92mdk.amd64.rpm
76237a5914c788ea985eb2aed7655204  amd64/9.2/RPMS/XFree86-xfs-4.3-24.4.92mdk.amd64.rpm
8bbaa775d0a642d99b068601f203b4bc  amd64/9.2/SRPMS/XFree86-4.3-24.4.92mdk.src.rpm

Corporate Server 2.1

 310bf1924c3fdbd269d9c914f968d1cd  corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.i586.rpm
3b2b89dd7589526eae6177cb58b5dd91  corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
34614fe5b8ab99d2608b239ee5500c3a  corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.i586.rpm
d852fdcce019792d37d50b6f5ee38989  corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.i586.rpm
3f41bdd95e10467f414a162d2089b752  corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.i586.rpm
d67588f7a6e661de3f782e06d39f8f81  corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.i586.rpm
e3f6a152399a9a1f67ca28d4966c65ef  corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.i586.rpm
dade71c115567fe978659ef72f522d7b  corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.i586.rpm
c8653fbefcb470f2aaa61d84bc59c0f4  corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.9.C21mdk.i586.rpm
394b33ac9446410b9edd4232d19bc6ab  corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.i586.rpm
1e05f8bc2d9b94b85c4634f8d817c5b5  corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.i586.rpm
4b682b76797a17e1e9ad9c9240bfb85d  corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.i586.rpm
88a3f60a155efcf194ba06121d875437  corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.i586.rpm
64d5862c81b6ea69ed356f625e25675b  corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 5942d60536bb1db7bd9a93d0f28be9ed  x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.9.C21mdk.x86_64.rpm
801c19834b03405f060d9bef65446be5  x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
77b5d33963c2fddda275c5f2dd177f08  x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.9.C21mdk.x86_64.rpm
101fb938f6cce32ae3fcd5c66402d5ab  x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
e4a311ae7c258c8f087a8b1204147967  x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.9.C21mdk.x86_64.rpm
d6716951786d8c4fc960b9e2d7bcca24  x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.9.C21mdk.x86_64.rpm
c492edc75d42aca8ac16db358b03136a  x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.9.C21mdk.x86_64.rpm
805ff923d28c3d293c78535525b4a8a6  x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.9.C21mdk.x86_64.rpm
9f3559a2df592c93e0302c5eb93b67ab  x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.9.C21mdk.x86_64.rpm
df3a62dcdd118235ff6894e9f19e45fb  x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.9.C21mdk.x86_64.rpm
da2e00f28e82324788900dc2b7565571  x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.9.C21mdk.x86_64.rpm
4336f401c3aef287d959f7fda5ab7b3e  x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.9.C21mdk.x86_64.rpm
64d5862c81b6ea69ed356f625e25675b  x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.9.C21mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer