XFree86 is an implementation of the X Window System providing the
core graphical user interface and video drivers.
Updated XFree86 packages for Red Hat Linux 7.3 are now available which
include several security fixes, bug fixes, enhancements, and driver updates.
Security fixes:
- Xterm, provides an escape sequence for reporting the current window
title. This escape sequence takes the current title and places it directly
on the command line. An attacker can craft an escape sequence that sets the
victim's Xterm window title to an arbitrary command, and then reports it to
the command line. Since it is not possible to embed a carriage return into
the window title, the attacker would then have to convince the victim to
press Enter for the shell to process the title as a command, although the
attacker could craft other escape sequences that might convince the victim
to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0063 to this issue.
- It is possible to lock up versions of Xterm by sending an invalid DEC
UDK escape sequence. (CAN-2003-0071)
- XFree86 4.2.1 also contains an updated fix for CAN-2002-0164, a
vulnerability in the MIT-SHM extension of the X server that allows local
users to read and write arbitrary shared memory. The original fix did not
cover the case where the X server is started from xdm.
- The X server was setting the /dev/dri directory permissions incorrectly,
which resulted in the directory being world writable. (CAN-2001-1409)
Driver updates and additions:
- Savage driver updated to Tim Roberts' latest version 1.1.27t
- New "cyrix" driver which works better on MediaGX hardware.
- New input drivers for Fujitsu Stylistic (fpit), Palmax
PD1000/PD1100 Input driver (palmax), Union Reality UR-98 head tracker
(ur98)
- Backported apm driver, DPMS support enhancements, and a few accel fixes
- Backported chips driver, with hardware mouse cursor and 2D acceleration
fixes
- Backported cirrus, i740, siliconmotion, and ark drivers
Various bug fixes and enhancements:
- Stability improvements to RENDER extension and libraries
- Various fixes to the Xaw library
- Fix a long standing problem in the X server where the mouse, keyboard, or
video would hang, or the server to go into an endless loop whenever the
system time was changed backwards
- Fix a crash in the Radeon and Rage 128 drivers using VMware with DGA
when DRI is enabled
- Work around some multihead and RENDER exention problems in the Matrox
"mga" driver
- fc-cache is now run upon font package installation in all font
directories containing fonts managed by fontconfig/Xft
- mkfontdir now forces the permissions of the files it generates to be mode
0644 to ensure they are world readable independant of umask
- A new option "ForceLegacyCRT" to the radeon driver allows use
of legacy VGA monitors which can not be detected automatically. This
option is only safe to use in single-head setups and may cause serious
problems if used with dual-head.
- xterm session management is now enabled by default, whereas the stock
XFree86 default in 4.2.0/4.2.1 was accidentally disabled upstream
- Removed and obsoleted the XFree86-xtrap-clients package, now merged
into the main XFree86 package
- Added support for previously unsupported ATI Rage 128 video hardware
- Fixed Polish euro support
- Added neomagic Xvideo support which may work for some users
- Added fix for deadkey-quotedbl in ISO8859-15
- Disabled debug messages in Cirrus Logic driver
- Fixed a bug in the VESA driver, where the X server would crash with
an FPE when the DisplaySize option was used
- Fix to ATI Mach64 support which was out of PCI specs causing problems
on some Dell and IBM servers
- Fix a problem which caused certain combinations of Radeon and Rage 128
hardware and particular motherboards to hang, due to bus mastering
getting disabled when VT switching.
There are various other fixes included which users can review by examining
the RPM package changelog of any of the new XFree86 packages.
Users are advised to upgrade to these updated XFree86 4.2.1 packages, which
are not vulnerable to the previously mentioned security issues.
| Red Hat Linux 7.3 |
|
| SRPMS: |
ftp://updates.redhat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.3.src.rpm
Missing file |
c6ff6c6d9c8e856f3ceb30ec8fb3148c |
| |
| IA-32: |
XFree86-100dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
0b9b017475ce7a9d88a9168ea656e19b |
XFree86-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
adca65328e61db4da4e73583ec4bf9aa |
XFree86-75dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
563027979b615f099a51ab84a67bdf8e |
XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
696135498da5040ee74c620a63fce23f |
XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
6b89c364666d5d61278862cee5d493b1 |
XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
da4f7fa407988abb31be98be7ba684ce |
XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
1c4aa5d45eb4b3559d81f8771def8517 |
XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
7b6aee4b1d011bbb9deb05d4367ff72a |
XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
458291226d503f6ecb17f99b42dc711f |
XFree86-Xnest-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
8a27f3a8849b4c08e1e68fae547b1cc3 |
XFree86-Xvfb-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
ef18d8c1bdcdb61c632c8f93ebdc0e66 |
XFree86-base-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
7533b8879b52e48f6890c7338663f104 |
XFree86-cyrillic-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
7f7f2935517f881f0c66efec42e0c1c3 |
XFree86-devel-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
0c1d4304591659d46598d22afc18a1ac |
XFree86-doc-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
19730f4a1b89fcbec9ac1fa0442a05ce |
XFree86-font-utils-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
266efb5b2ee9497604e6a7b0766fa53c |
XFree86-libs-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
d08c8d0ff504328f836a679054153403 |
XFree86-tools-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
c7c51136e166d8fbe330f33d6584c42a |
XFree86-truetype-fonts-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
a7b32f8e1e04c161ed1a188efe14e97f |
XFree86-twm-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
434a969c7c1504696e8707718e94d35f |
XFree86-xdm-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
d959bd18dcbaf07d3cef7a4406f9fcee |
XFree86-xf86cfg-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
31aa72de98e81ef6f73508544273a0df |
XFree86-xfs-4.2.1-13.73.3.i386.rpm
File outdated by: RHSA-2003:287 |
7891b19bd3560b70a8a14da8f4de9fcf |
| |
40729 - xdm causes SEGVs setting up pam_response structure
50282 - Decimal key on Swedish numerical keyboard should be comma, not point
53231 - (i810) Screen freezes after leaving a Gnome session
53329 - i810 XVideo limited to 720x576
58188 - system hard locks on specific video setting
60895 - Screen turns red/magenta with XFree86-4.2.0-32
62171 - ATI Radeon (all) lockup/corruption when VT switching
62442 - Switching to VTs locks system - Dell Inspiron 4000
62820 - suggest Xnest and Xvfb should be User Interfaces/X instead of User Interfaces/X Hardware Support
63593 - (FPE) 1400x1050 fails with Radeon 7500 QW
63609 - RFE: add XVideo support for neomagic chipset
64559 - Polish keymap not working
64970 - default XftConfig prefers substitute fonts over originals
65136 - ATI Rage 128 (all) lockup when switching from console to X with DRI enabled.
65330 - RedHat 7.3 Virtual Terminals no longer work when Graphical Login is used
65704 - XFree86.0.log filled disk - :-(
66009 - 'vesa' driver gives SIGFPE if you set a DIsplaySize
66187 - XFree86 fails on i810
67323 - xon test of hostname --version fails
69291 - Dell PE2650 ATI Rage XL lockups due to PCI spec violation
69743 - Fix SysRq / Print Screen
Updated XFree86 packages provide security and bug fixes