Security Advisory XFree86 security update

Advisory: RHSA-2004:610-13
Type: Security Advisory
Severity: Moderate
Issued on: 2004-12-20
Last updated on: 2004-12-20
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0914

Details

Updated XFree86 packages that fix several security flaws in libXpm are now
available for Red Hat Enterprise Linux 2.1.

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs), such as GNOME and KDE are designed upon.

Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XP file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain
backported security patches and other bug fixes.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
XFree86-4.1.0-64.EL.src.rpm     0f2ec7e09cfaa37314c2a4d86f22ab72
 
IA-32:
XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     619cba76e3db1708c4ddaa571746f7a3
XFree86-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2b16fa711f16f5551ed7d81d3570955f
XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     26b4754be230b746c3d7851d2ec63e34
XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8d3b284157293f6289adfb73404a00e9
XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     af869655958f5118050494bbc2aa8f64
XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7f2123c84e1161d0f899021c505326a4
XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f18101e8f31e4b61765f9039d9143b7d
XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     492c079042fe73e81ad8209e175e376b
XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     a5e849fec6ee87de20a3d1dd7d33c5af
XFree86-Xnest-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     aa86b8d77b837e377f9fe0bd0175ae2b
XFree86-Xvfb-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f1f668073ac78f0ac09f1074295094db
XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16d01c6c1a5102ca2053c9b1d5dc1e2
XFree86-devel-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     1d7eba36f929a6e7386951fa10089fc0
XFree86-doc-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     836a435dcb8045a5a12879793bf14790
XFree86-libs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     522e953d868d3cacbe8087fe396e80a9
XFree86-tools-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     3f4ea7ac9ff130a726820df0dc0e03ea
XFree86-twm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0b0357dfc6be4c7a415f0b194b52ceaf
XFree86-xdm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16b5abf0a2292b0c6594a2dfb6e435e
XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     6b58d9114caa524859054d06621878e9
XFree86-xfs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     524cdc6f6d432304f8d0cb755ca7a357
 
IA-64:
XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     3187d46c885cc192d84eaff99dd438f5
XFree86-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6278c684f22524f5f7da958aeef90074
XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     bf42add1eb21b91cda0e30ad8e2686f6
XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     40e9d9d6cbff18a6b950e8f0d7710cd6
XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7be2eed8481a8063dd386cdfa3623e6a
XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     ced2a72750408ac4c46240886886dd7c
XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     b4fa57d16717844c81f322b12eddb8b3
XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     34464f4f3ef6e4c5110f7fd171bb2969
XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7e655529fb5a6f583e2c3c37826dd83f
XFree86-Xnest-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     de6d74fee0882d509fc1de32047d4970
XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     da8b33ca947559b528985fd093932b9e
XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     83d7db57d75aa30ede0f956faa467f1d
XFree86-devel-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     eec017bf9bdc5c9ac59c57391a4f891c
XFree86-doc-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     9e90851f484096e380edbb793b1aaaae
XFree86-libs-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     19274ae09f218a5f919054abfc0364f2
XFree86-tools-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6f6a7192bfbc26d62751197da36f8a80
XFree86-twm-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     cb31a0833f32786205fba5256968c5ea
XFree86-xdm-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     18dfe291c815d7a1850a9ca72d1307c1
XFree86-xfs-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6d2f9fb6412391ac5c1eac8fdcdaf95c
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
XFree86-4.1.0-64.EL.src.rpm     0f2ec7e09cfaa37314c2a4d86f22ab72
 
IA-32:
XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     619cba76e3db1708c4ddaa571746f7a3
XFree86-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2b16fa711f16f5551ed7d81d3570955f
XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     26b4754be230b746c3d7851d2ec63e34
XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8d3b284157293f6289adfb73404a00e9
XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     af869655958f5118050494bbc2aa8f64
XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7f2123c84e1161d0f899021c505326a4
XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f18101e8f31e4b61765f9039d9143b7d
XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     492c079042fe73e81ad8209e175e376b
XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     a5e849fec6ee87de20a3d1dd7d33c5af
XFree86-Xnest-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     aa86b8d77b837e377f9fe0bd0175ae2b
XFree86-Xvfb-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f1f668073ac78f0ac09f1074295094db
XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16d01c6c1a5102ca2053c9b1d5dc1e2
XFree86-devel-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     1d7eba36f929a6e7386951fa10089fc0
XFree86-doc-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     836a435dcb8045a5a12879793bf14790
XFree86-libs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     522e953d868d3cacbe8087fe396e80a9
XFree86-tools-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     3f4ea7ac9ff130a726820df0dc0e03ea
XFree86-twm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0b0357dfc6be4c7a415f0b194b52ceaf
XFree86-xdm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16b5abf0a2292b0c6594a2dfb6e435e
XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     6b58d9114caa524859054d06621878e9
XFree86-xfs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     524cdc6f6d432304f8d0cb755ca7a357
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
XFree86-4.1.0-64.EL.src.rpm     0f2ec7e09cfaa37314c2a4d86f22ab72
 
IA-32:
XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     619cba76e3db1708c4ddaa571746f7a3
XFree86-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     2b16fa711f16f5551ed7d81d3570955f
XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     26b4754be230b746c3d7851d2ec63e34
XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     8d3b284157293f6289adfb73404a00e9
XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     af869655958f5118050494bbc2aa8f64
XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     7f2123c84e1161d0f899021c505326a4
XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f18101e8f31e4b61765f9039d9143b7d
XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     492c079042fe73e81ad8209e175e376b
XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     a5e849fec6ee87de20a3d1dd7d33c5af
XFree86-Xnest-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     aa86b8d77b837e377f9fe0bd0175ae2b
XFree86-Xvfb-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f1f668073ac78f0ac09f1074295094db
XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16d01c6c1a5102ca2053c9b1d5dc1e2
XFree86-devel-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     1d7eba36f929a6e7386951fa10089fc0
XFree86-doc-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     836a435dcb8045a5a12879793bf14790
XFree86-libs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     522e953d868d3cacbe8087fe396e80a9
XFree86-tools-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     3f4ea7ac9ff130a726820df0dc0e03ea
XFree86-twm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     0b0357dfc6be4c7a415f0b194b52ceaf
XFree86-xdm-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     f16b5abf0a2292b0c6594a2dfb6e435e
XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     6b58d9114caa524859054d06621878e9
XFree86-xfs-4.1.0-64.EL.i386.rpm
File outdated by:  RHSA-2008:0512		     524cdc6f6d432304f8d0cb755ca7a357
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
XFree86-4.1.0-64.EL.src.rpm     0f2ec7e09cfaa37314c2a4d86f22ab72
 
IA-64:
XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     3187d46c885cc192d84eaff99dd438f5
XFree86-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6278c684f22524f5f7da958aeef90074
XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     bf42add1eb21b91cda0e30ad8e2686f6
XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     40e9d9d6cbff18a6b950e8f0d7710cd6
XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7be2eed8481a8063dd386cdfa3623e6a
XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     ced2a72750408ac4c46240886886dd7c
XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     b4fa57d16717844c81f322b12eddb8b3
XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     34464f4f3ef6e4c5110f7fd171bb2969
XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     7e655529fb5a6f583e2c3c37826dd83f
XFree86-Xnest-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     de6d74fee0882d509fc1de32047d4970
XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     da8b33ca947559b528985fd093932b9e
XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     83d7db57d75aa30ede0f956faa467f1d
XFree86-devel-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     eec017bf9bdc5c9ac59c57391a4f891c
XFree86-doc-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     9e90851f484096e380edbb793b1aaaae
XFree86-libs-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     19274ae09f218a5f919054abfc0364f2
XFree86-tools-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6f6a7192bfbc26d62751197da36f8a80
XFree86-twm-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     cb31a0833f32786205fba5256968c5ea
XFree86-xdm-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     18dfe291c815d7a1850a9ca72d1307c1
XFree86-xfs-4.1.0-64.EL.ia64.rpm
File outdated by:  RHSA-2008:0512		     6d2f9fb6412391ac5c1eac8fdcdaf95c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

136164 - CAN-2004-0914 libXpm integer overflows


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0914

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/