Advisories

Mandriva Advisories

Package name	XFree86
Date	September 11th, 2003
Advisory ID	MDKSA-2003:089
Affected versions	9.0, 9.1, CS2.1
Synopsis	Updated XFree86 packages fix multiple vulnerabilities

Problem Description

Several vulnerabilities were discovered by blexim(at)hush.com in the
font libraries of XFree86 version 4.3.0 and earlier. These bugs could
potentially lead to execution of arbitrary code or a DoS by a remote
user in any way that calls these functions, which are related to the
transfer and enumeration of fonts from font servers to clients.

As well, some bugs were fixed in XFree86 as released with Mandrake
Linux 9.2, specifically a problem where X would freeze with a black
screen at logout or shutdown with DRI enabled on certain ATI Radeon
cards.

Updated Packages

Mandrakelinux 9.0

 b6b82d5616020f748cebd0dc707a8618  9.0/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761  9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3  9.0/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7  9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312  9.0/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7  9.0/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a  9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73  9.0/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec  9.0/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775  9.0/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea  9.0/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04  9.0/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111  9.0/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312  9.0/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c  9.0/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

Mandrakelinux 9.1

 b71d5294e6017e77722e5f78c72a910c  9.1/RPMS/X11R6-contrib-4.3-8.2mdk.i586.rpm
3dfdf7b100f83824595a223fddfced35  9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.i586.rpm
30095dbd12ce97c5eefb9a8b527b5e52  9.1/RPMS/XFree86-4.3-8.2mdk.i586.rpm
61ecdc4dc1d05eb5bcb22247dec478cb  9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.i586.rpm
d3554b5b68e405bca67021b85fd37869  9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.i586.rpm
2ebffbcd48bc3c6e6a76cf7e3d81aa46  9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.i586.rpm
b32f90d1611326ae4495303d6561076f  9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.i586.rpm
6328a66ac5ff3ccdd8fe946c96842061  9.1/RPMS/XFree86-devel-4.3-8.2mdk.i586.rpm
f316f8b4889b3b259f095e935277acff  9.1/RPMS/XFree86-doc-4.3-8.2mdk.i586.rpm
fcd822ba375492f84f394099ec804d16  9.1/RPMS/XFree86-glide-module-4.3-8.2mdk.i586.rpm
f57330dbd60738eab19e5e42080697e5  9.1/RPMS/XFree86-libs-4.3-8.2mdk.i586.rpm
1b632cd73f8143d82baa9cdf9648b8dd  9.1/RPMS/XFree86-server-4.3-8.2mdk.i586.rpm
582715411b806eb6248192d2db23f79e  9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.i586.rpm
be7ce95709aa7e757fd51d765399a457  9.1/RPMS/XFree86-xfs-4.3-8.2mdk.i586.rpm
28411743be8f5f1f05e819a63e091a18  9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm

Mandrakelinux 9.1/PPC

 9f1b69d618825865a8cdef95f3aecfb9  ppc/9.1/RPMS/X11R6-contrib-4.3-8.2mdk.ppc.rpm
2ceff4f871f07bbcdad696380ab9ae5e  ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.2mdk.ppc.rpm
4983703738ef3b4867b43d2529f50f9a  ppc/9.1/RPMS/XFree86-4.3-8.2mdk.ppc.rpm
d01c586bd35004ea54337947d80c1769  ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.2mdk.ppc.rpm
4275992e50cc330980540a782e82b941  ppc/9.1/RPMS/XFree86-Xnest-4.3-8.2mdk.ppc.rpm
4c098691c64be4c1e4c7ac590b606b51  ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.2mdk.ppc.rpm
ec3c3cbeff15c78d1b99c5fd525a1425  ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.2mdk.ppc.rpm
6d36dfdc2e680807ff34b326a4a17ce4  ppc/9.1/RPMS/XFree86-devel-4.3-8.2mdk.ppc.rpm
2d5ef47dd57d6ae65d455c47df99f4ae  ppc/9.1/RPMS/XFree86-doc-4.3-8.2mdk.ppc.rpm
c7de33f6110057b6ca082e0cbb54ef4f  ppc/9.1/RPMS/XFree86-libs-4.3-8.2mdk.ppc.rpm
5d7cacc104264b378a8c1a15eec7a1d2  ppc/9.1/RPMS/XFree86-server-4.3-8.2mdk.ppc.rpm
dbcf8d7ebe9c33c7e704fef3b795c30e  ppc/9.1/RPMS/XFree86-static-libs-4.3-8.2mdk.ppc.rpm
f115f1b52a3fa8ed4025ebbbeb7ec6e6  ppc/9.1/RPMS/XFree86-xfs-4.3-8.2mdk.ppc.rpm
28411743be8f5f1f05e819a63e091a18  ppc/9.1/SRPMS/XFree86-4.3-8.2mdk.src.rpm

Corporate Server 2.1

 b6b82d5616020f748cebd0dc707a8618  corporate/2.1/RPMS/X11R6-contrib-4.2.1-3.1mdk.i586.rpm
c3037ff8d8060c8cdba3446a95973761  corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-3.1mdk.i586.rpm
eec818571b295130b209251a72e2fca3  corporate/2.1/RPMS/XFree86-4.2.1-3.1mdk.i586.rpm
f9d70f302c1ec8d1a4c5bd96c6ad96b7  corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-3.1mdk.i586.rpm
7475166097c14542cd1d664f74684312  corporate/2.1/RPMS/XFree86-Xnest-4.2.1-3.1mdk.i586.rpm
48df0017b8bf1c302a6f8868ee7f33c7  corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-3.1mdk.i586.rpm
500f4de1154b35d1ab05c7e030ffba3a  corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-3.1mdk.i586.rpm
768057da9cd4af1e797b6e05d046fa73  corporate/2.1/RPMS/XFree86-devel-4.2.1-3.1mdk.i586.rpm
cf0f0ef4dea48f0c2c444010395a42ec  corporate/2.1/RPMS/XFree86-doc-4.2.1-3.1mdk.i586.rpm
ca56d1c4f5e6e702eb7293ec72f87775  corporate/2.1/RPMS/XFree86-glide-module-4.2.1-3.1mdk.i586.rpm
78779c5f70b83bedac7aafbb5152c6ea  corporate/2.1/RPMS/XFree86-libs-4.2.1-3.1mdk.i586.rpm
78b6b2ea65938d05de0c92a09e336b04  corporate/2.1/RPMS/XFree86-server-4.2.1-3.1mdk.i586.rpm
4c58ec54549e49304bbef45d8691f111  corporate/2.1/RPMS/XFree86-static-libs-4.2.1-3.1mdk.i586.rpm
bd5fccb75e85936e07aad2f863fd1312  corporate/2.1/RPMS/XFree86-xfs-4.2.1-3.1mdk.i586.rpm
92333ff999ccceb91ca73680c789fb5c  corporate/2.1/SRPMS/XFree86-4.2.1-3.1mdk.src.rpm

Corporate Server 2.1/X86_64

 22a2ea48c62ed91abd3416ab3216dbe8  x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.5mdk.x86_64.rpm
f097301439f1ea6710a3c05bfe762589  x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
28b6047b4e78bf242c121eb575e6ad63  x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.5mdk.x86_64.rpm
0fcfdad70433f21f3bc4a070e11a6937  x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.5mdk.x86_64.rpm
e22324f87a25559aa554267993b7c653  x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.5mdk.x86_64.rpm
62db7479d78c5df932c20fa8ca9d07ff  x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.5mdk.x86_64.rpm
83df7387954929a12fdd7c41bcc22074  x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.5mdk.x86_64.rpm
f7ec6931c6fab25c7879adfa1b6c20d2  x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.5mdk.x86_64.rpm
587a4d0672d0f1e08f28e8e72329d73c  x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.5mdk.x86_64.rpm
b6c5a94eac5508c204a5ff9c4633a546  x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.5mdk.x86_64.rpm
b59596a1f304b7392061ccdf446d63ed  x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.5mdk.x86_64.rpm
ffb70fc44c7ca06fd91a54644c194725  x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.5mdk.x86_64.rpm
0a4cef33d2fecadf2b4bd1578c9709eb  x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.5mdk.x86_64.rpm
da92afa2600c67e9d2a6995ec4dfd172  x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.5mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730
http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer