Security Advisory XFree86 security update

Advisory: RHSA-2004:479-05
Type: Security Advisory
Severity: Moderate
Issued on: 2004-10-06
Last updated on: 2004-10-06
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0687
CVE-2004-0688
CVE-2004-0692

Details

Updated XFree86 packages that fix several security issues in libXpm, as
well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1.

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs) such as GNOME and KDE are designed upon.

During a source code audit, Chris Evans discovered several stack overflow
flaws and an integer overflow flaw in the X.Org libXpm library used to
decode XPM (X PixMap) images. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687,
CAN-2004-0688, and CAN-2004-0692 to these issues.

These packages also contain a bug fix to lower the RGB output voltage on
Dell servers using the ATI Radeon 7000m card.

Users are advised to upgrade to these erratum packages which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
XFree86-4.1.0-62.EL.src.rpm
File outdated by:  RHSA-2008:0512		     03ca53981bde89caf4ff3804128eea00
 
IA-32:
XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     ac50d13c0122ca08c3beb46c4b1aca93
XFree86-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     c87c6c1d96badd9a2c68ec157a8cc7e1
XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0c889bf913ef6d9c0d1a7d1f7fa9973f
XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     597b840878ef479b390b423b270f064b
XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d093383d556c84febeafa750fb5a40e6
XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     02243d07f708fe54a6646fe6e06e94f8
XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     271622a7f059bc81a291967e396789bc
XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     5e44ee29269a7fbdbccc0bcdca17ec59
XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7fbb1e77517ba04d03245e80df7a7ff2
XFree86-Xnest-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     66ca6d9d9ddda4bea9bd03f0a6ff4bbb
XFree86-Xvfb-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8bb3c8d0e5c003cda283810e60722f93
XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     9fa6512e970a363e8f99b51bd9db615a
XFree86-devel-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7170d3ae6df25f6722acebe5c112c2e6
XFree86-doc-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     649699ca8abc13b81be783acf760a7a6
XFree86-libs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     b42552b25408e7c71b13158fc4384f68
XFree86-tools-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0d995305ec63d934965a61f8e2ec6a50
XFree86-twm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0196887df4b36ee12961f04351ab7d24
XFree86-xdm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d1b19195d9809ab7353ff0b096a820dd
XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     e25e4bfbbda07a642398849d87a85e04
XFree86-xfs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2c9b4edac0d92ff778eace853de3b3a0
 
IA-64:
XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     aea7045f5c8d04eb38d0b97041d55c66
XFree86-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     47a41e5c8cba5a8079b4465092cac04e
XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1b14fddae22bc81fdfbcdc9d2bdfb555
XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     a1f5386949b35900754ec1ee5e1cea03
XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     63d46f97a1c299e78e1533be26d8928e
XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     04bc6f8f8a9d37d4196415480b658b91
XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     9d2812f74cb1338d797ea0479054c561
XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     919e7a7ec805ab270c054b49903a14b9
XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     e5859b013ab1261e07a9bdba001ce74f
XFree86-Xnest-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     935eaac390eb39688640bb0786e07b86
XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     3d9f3eee7b87d021a92983872e360239
XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     f93e1c20d097f2d0b924f33a56b6d2b6
XFree86-devel-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1b487e8a99a56bb05535ec9946442615
XFree86-doc-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     61e302813770eb4c37d7b587180088fd
XFree86-libs-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1f745348f8367cfbeb842c30fdb6b3f6
XFree86-tools-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     c879bae86bf53a287925d7b3cfd37090
XFree86-twm-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     80697a8acd47fefeff093d234660d350
XFree86-xdm-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7e3c7f981d80e3af491dd906bcb682cd
XFree86-xfs-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     4ce5284ba83525462fb37e6b103b2530
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
XFree86-4.1.0-62.EL.src.rpm
File outdated by:  RHSA-2008:0512		     03ca53981bde89caf4ff3804128eea00
 
IA-32:
XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     ac50d13c0122ca08c3beb46c4b1aca93
XFree86-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     c87c6c1d96badd9a2c68ec157a8cc7e1
XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0c889bf913ef6d9c0d1a7d1f7fa9973f
XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     597b840878ef479b390b423b270f064b
XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d093383d556c84febeafa750fb5a40e6
XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     02243d07f708fe54a6646fe6e06e94f8
XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     271622a7f059bc81a291967e396789bc
XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     5e44ee29269a7fbdbccc0bcdca17ec59
XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7fbb1e77517ba04d03245e80df7a7ff2
XFree86-Xnest-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     66ca6d9d9ddda4bea9bd03f0a6ff4bbb
XFree86-Xvfb-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8bb3c8d0e5c003cda283810e60722f93
XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     9fa6512e970a363e8f99b51bd9db615a
XFree86-devel-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7170d3ae6df25f6722acebe5c112c2e6
XFree86-doc-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     649699ca8abc13b81be783acf760a7a6
XFree86-libs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     b42552b25408e7c71b13158fc4384f68
XFree86-tools-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0d995305ec63d934965a61f8e2ec6a50
XFree86-twm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0196887df4b36ee12961f04351ab7d24
XFree86-xdm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d1b19195d9809ab7353ff0b096a820dd
XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     e25e4bfbbda07a642398849d87a85e04
XFree86-xfs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2c9b4edac0d92ff778eace853de3b3a0
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
XFree86-4.1.0-62.EL.src.rpm
File outdated by:  RHSA-2008:0512		     03ca53981bde89caf4ff3804128eea00
 
IA-32:
XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     ac50d13c0122ca08c3beb46c4b1aca93
XFree86-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     c87c6c1d96badd9a2c68ec157a8cc7e1
XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0c889bf913ef6d9c0d1a7d1f7fa9973f
XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     597b840878ef479b390b423b270f064b
XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d093383d556c84febeafa750fb5a40e6
XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     02243d07f708fe54a6646fe6e06e94f8
XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     271622a7f059bc81a291967e396789bc
XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     5e44ee29269a7fbdbccc0bcdca17ec59
XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7fbb1e77517ba04d03245e80df7a7ff2
XFree86-Xnest-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     66ca6d9d9ddda4bea9bd03f0a6ff4bbb
XFree86-Xvfb-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8bb3c8d0e5c003cda283810e60722f93
XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     9fa6512e970a363e8f99b51bd9db615a
XFree86-devel-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7170d3ae6df25f6722acebe5c112c2e6
XFree86-doc-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     649699ca8abc13b81be783acf760a7a6
XFree86-libs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     b42552b25408e7c71b13158fc4384f68
XFree86-tools-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0d995305ec63d934965a61f8e2ec6a50
XFree86-twm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0196887df4b36ee12961f04351ab7d24
XFree86-xdm-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     d1b19195d9809ab7353ff0b096a820dd
XFree86-xf86cfg-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     e25e4bfbbda07a642398849d87a85e04
XFree86-xfs-4.1.0-62.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2c9b4edac0d92ff778eace853de3b3a0
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
XFree86-4.1.0-62.EL.src.rpm
File outdated by:  RHSA-2008:0512		     03ca53981bde89caf4ff3804128eea00
 
IA-64:
XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     aea7045f5c8d04eb38d0b97041d55c66
XFree86-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     47a41e5c8cba5a8079b4465092cac04e
XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1b14fddae22bc81fdfbcdc9d2bdfb555
XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     a1f5386949b35900754ec1ee5e1cea03
XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     63d46f97a1c299e78e1533be26d8928e
XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     04bc6f8f8a9d37d4196415480b658b91
XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     9d2812f74cb1338d797ea0479054c561
XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     919e7a7ec805ab270c054b49903a14b9
XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     e5859b013ab1261e07a9bdba001ce74f
XFree86-Xnest-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     935eaac390eb39688640bb0786e07b86
XFree86-Xvfb-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     3d9f3eee7b87d021a92983872e360239
XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     f93e1c20d097f2d0b924f33a56b6d2b6
XFree86-devel-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1b487e8a99a56bb05535ec9946442615
XFree86-doc-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     61e302813770eb4c37d7b587180088fd
XFree86-libs-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     1f745348f8367cfbeb842c30fdb6b3f6
XFree86-tools-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     c879bae86bf53a287925d7b3cfd37090
XFree86-twm-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     80697a8acd47fefeff093d234660d350
XFree86-xdm-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7e3c7f981d80e3af491dd906bcb682cd
XFree86-xfs-4.1.0-62.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     4ce5284ba83525462fb37e6b103b2530
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

129797 - Radeon driver (7000m) TVDAC output too high for DELL Server
131121 - CAN-2004-0687/8 libXpm stack and integer overflows.


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0692

Keywords

7000m, ATI, Radeon

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/