Security Advisory Updated XFree86 packages provide security and bug fixes

Advisory: RHSA-2003:066-13
Type: Security Advisory
Severity: N/A
Issued on: 2003-06-25
Last updated on: 2003-06-25
Affected Products: Red Hat Linux 7.3
CVEs ( CVE-2001-1409


XFree86 is an implementation of the X Window System providing the
core graphical user interface and video drivers.

Updated XFree86 packages for Red Hat Linux 7.3 are now available which
include several security fixes, bug fixes, enhancements, and driver updates.

Security fixes:

- Xterm, provides an escape sequence for reporting the current window
title. This escape sequence takes the current title and places it directly
on the command line. An attacker can craft an escape sequence that sets the
victim's Xterm window title to an arbitrary command, and then reports it to
the command line. Since it is not possible to embed a carriage return into
the window title, the attacker would then have to convince the victim to
press Enter for the shell to process the title as a command, although the
attacker could craft other escape sequences that might convince the victim
to do so. The Common Vulnerabilities and Exposures project (
has assigned the name CAN-2003-0063 to this issue.

- It is possible to lock up versions of Xterm by sending an invalid DEC
UDK escape sequence. (CAN-2003-0071)

- XFree86 4.2.1 also contains an updated fix for CAN-2002-0164, a
vulnerability in the MIT-SHM extension of the X server that allows local
users to read and write arbitrary shared memory. The original fix did not
cover the case where the X server is started from xdm.

- The X server was setting the /dev/dri directory permissions incorrectly,
which resulted in the directory being world writable. (CAN-2001-1409)

Driver updates and additions:

- Savage driver updated to Tim Roberts' latest version 1.1.27t

- New "cyrix" driver which works better on MediaGX hardware.

- New input drivers for Fujitsu Stylistic (fpit), Palmax
PD1000/PD1100 Input driver (palmax), Union Reality UR-98 head tracker

- Backported apm driver, DPMS support enhancements, and a few accel fixes

- Backported chips driver, with hardware mouse cursor and 2D acceleration

- Backported cirrus, i740, siliconmotion, and ark drivers

Various bug fixes and enhancements:

- Stability improvements to RENDER extension and libraries

- Various fixes to the Xaw library

- Fix a long standing problem in the X server where the mouse, keyboard, or
video would hang, or the server to go into an endless loop whenever the
system time was changed backwards

- Fix a crash in the Radeon and Rage 128 drivers using VMware with DGA
when DRI is enabled

- Work around some multihead and RENDER exention problems in the Matrox
"mga" driver

- fc-cache is now run upon font package installation in all font
directories containing fonts managed by fontconfig/Xft

- mkfontdir now forces the permissions of the files it generates to be mode
0644 to ensure they are world readable independant of umask

- A new option "ForceLegacyCRT" to the radeon driver allows use
of legacy VGA monitors which can not be detected automatically. This
option is only safe to use in single-head setups and may cause serious
problems if used with dual-head.

- xterm session management is now enabled by default, whereas the stock
XFree86 default in 4.2.0/4.2.1 was accidentally disabled upstream

- Removed and obsoleted the XFree86-xtrap-clients package, now merged
into the main XFree86 package

- Added support for previously unsupported ATI Rage 128 video hardware

- Fixed Polish euro support

- Added neomagic Xvideo support which may work for some users

- Added fix for deadkey-quotedbl in ISO8859-15

- Disabled debug messages in Cirrus Logic driver

- Fixed a bug in the VESA driver, where the X server would crash with
an FPE when the DisplaySize option was used

- Fix to ATI Mach64 support which was out of PCI specs causing problems
on some Dell and IBM servers

- Fix a problem which caused certain combinations of Radeon and Rage 128
hardware and particular motherboards to hang, due to bus mastering
getting disabled when VT switching.

There are various other fixes included which users can review by examining
the RPM package changelog of any of the new XFree86 packages.

Users are advised to upgrade to these updated XFree86 4.2.1 packages, which
are not vulnerable to the previously mentioned security issues.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:


This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.3

File outdated by:  RHSA-2003:287
    MD5: 0b9b017475ce7a9d88a9168ea656e19b
File outdated by:  RHSA-2003:287
    MD5: adca65328e61db4da4e73583ec4bf9aa
File outdated by:  RHSA-2003:287
    MD5: 563027979b615f099a51ab84a67bdf8e
File outdated by:  RHSA-2003:287
    MD5: 696135498da5040ee74c620a63fce23f
File outdated by:  RHSA-2003:287
    MD5: 6b89c364666d5d61278862cee5d493b1
File outdated by:  RHSA-2003:287
    MD5: da4f7fa407988abb31be98be7ba684ce
File outdated by:  RHSA-2003:287
    MD5: 1c4aa5d45eb4b3559d81f8771def8517
File outdated by:  RHSA-2003:287
    MD5: 7b6aee4b1d011bbb9deb05d4367ff72a
File outdated by:  RHSA-2003:287
    MD5: 458291226d503f6ecb17f99b42dc711f
File outdated by:  RHSA-2003:287
    MD5: 8a27f3a8849b4c08e1e68fae547b1cc3
File outdated by:  RHSA-2003:287
    MD5: ef18d8c1bdcdb61c632c8f93ebdc0e66
File outdated by:  RHSA-2003:287
    MD5: 7533b8879b52e48f6890c7338663f104
File outdated by:  RHSA-2003:287
    MD5: 7f7f2935517f881f0c66efec42e0c1c3
File outdated by:  RHSA-2003:287
    MD5: 0c1d4304591659d46598d22afc18a1ac
File outdated by:  RHSA-2003:287
    MD5: 19730f4a1b89fcbec9ac1fa0442a05ce
File outdated by:  RHSA-2003:287
    MD5: 266efb5b2ee9497604e6a7b0766fa53c
File outdated by:  RHSA-2003:287
    MD5: d08c8d0ff504328f836a679054153403
File outdated by:  RHSA-2003:287
    MD5: c7c51136e166d8fbe330f33d6584c42a
File outdated by:  RHSA-2003:287
    MD5: a7b32f8e1e04c161ed1a188efe14e97f
File outdated by:  RHSA-2003:287
    MD5: 434a969c7c1504696e8707718e94d35f
File outdated by:  RHSA-2003:287
    MD5: d959bd18dcbaf07d3cef7a4406f9fcee
File outdated by:  RHSA-2003:287
    MD5: 31aa72de98e81ef6f73508544273a0df
File outdated by:  RHSA-2003:287
    MD5: 7891b19bd3560b70a8a14da8f4de9fcf

Bugs fixed (see bugzilla for more information)

40729 - xdm causes SEGVs setting up pam_response structure
50282 - Decimal key on Swedish numerical keyboard should be comma, not point
53231 - (i810) Screen freezes after leaving a Gnome session
53329 - i810 XVideo limited to 720x576
58188 - system hard locks on specific video setting
60895 - Screen turns red/magenta with XFree86-4.2.0-32
62171 - ATI Radeon (all) lockup/corruption when VT switching
62442 - Switching to VTs locks system - Dell Inspiron 4000
62820 - suggest Xnest and Xvfb should be User Interfaces/X instead of User Interfaces/X Hardware Support
63593 - (FPE) 1400x1050 fails with Radeon 7500 QW
63609 - RFE: add XVideo support for neomagic chipset
64559 - Polish keymap not working
64970 - default XftConfig prefers substitute fonts over originals
65136 - ATI Rage 128 (all) lockup when switching from console to X with DRI enabled.
65330 - RedHat 7.3 Virtual Terminals no longer work when Graphical Login is used
65704 - XFree86.0.log filled disk - :-(
66009 - 'vesa' driver gives SIGFPE if you set a DIsplaySize
66187 - XFree86 fails on i810
67323 - xon test of hostname --version fails
69291 - Dell PE2650 ATI Rage XL lockups due to PCI spec violation
69743 - Fix SysRq / Print Screen


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at