Skip to navigation

Security Advisory XFree86 security update

Advisory: RHSA-2004:060-16
Type: Security Advisory
Severity: Important
Issued on: 2004-02-13
Last updated on: 2004-02-13
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0083
CVE-2004-0084
CVE-2004-0106

Details

Updated XFree86 packages that fix a privilege escalation vulnerability are
now available.

XFree86 is an implementation of the X Window System, providing the core
graphical user interface and video drivers.

iDefense discovered two buffer overflows in the parsing of the 'font.alias'
file. A local attacker could exploit this vulnerability by creating a
carefully-crafted file and gaining root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

Additionally David Dawes discovered additional flaws in reading font files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0106 to these issues.

All users of XFree86 are advised to upgrade to these erratum packages,
which contain a backported fix and are not vulnerable to these issues.

Red Hat would like to thank David Dawes from XFree86 for the patches and
notification of these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
 
IA-32:
XFree86-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 14d7f1afbb4b906953883039eb157d26
XFree86-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: b3f22912467d5926d4ec232e44ae5474
XFree86-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 48f10cac170ac62ef30b009614948ba4
XFree86-ISO8859-15-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8e54ad13e3f5e90f013fe8e8f4e03a81
XFree86-ISO8859-15-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e72c85af8f8d21d8c2b1b46d2c5a04ee
XFree86-ISO8859-2-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 1da0dd1af1e942156e9d91dbeb533bb5
XFree86-ISO8859-2-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 161180c6ec8a912fad1fc0981a251030
XFree86-ISO8859-9-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 7dfb70e7ce0def97795620beeea954d7
XFree86-ISO8859-9-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c3881334ebaa69145846a4f907935cf
XFree86-Xnest-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 50dcd68ea6a9e07dee00f7d3869abc33
XFree86-Xvfb-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 69fd36a968a094990b8fe65efe2d7fed
XFree86-cyrillic-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c7b8cdaeb6c0675e92b81a04d7c61e4
XFree86-devel-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 19d8591f37880e8f2bbe6b4bd8176147
XFree86-doc-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 029df1e49a7c17c041e0386f2c69dea7
XFree86-libs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e4e1bd19b3a828176c3a11c546a807f7
XFree86-tools-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8747d0fac1efed1e6e5e922acb4d08ef
XFree86-twm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d1746f4894f083be9144be913795bdc3
XFree86-xdm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d0b551bede663c2a3743e5752f2dc1be
XFree86-xf86cfg-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 4d8ad5111c008509a2e4d23f829a2a38
XFree86-xfs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d3398ff570a4a598ae68b78faa7def36
 
IA-64:
XFree86-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 97ca141234bccde8d7f7afb7598fbd56
XFree86-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: ff0a28c7f0faa129ab64643e27b63fbb
XFree86-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 70871be890be6ca75667f7532e5ecf59
XFree86-ISO8859-15-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 1bc1eba638a7aef36b8265ab05a1c24c
XFree86-ISO8859-15-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: da708ec71a4f102d7d8094cc32e2db01
XFree86-ISO8859-2-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 508de46b24cbc639ed0c440f405a5be3
XFree86-ISO8859-2-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 39fe3032da4fdb8523fb35f9a3a49bbc
XFree86-ISO8859-9-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 786995ac0956e238e09d5e47b63fdbfb
XFree86-ISO8859-9-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 0abdcc694a9065715b7721bd3418e2a5
XFree86-Xnest-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 6565587f1974a03886c17470974a91b4
XFree86-Xvfb-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5bd863080ed43ad63cdb0f92956ebdc7
XFree86-cyrillic-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 901c899bcfcf58d1a6dcd2e74ecb3c7e
XFree86-devel-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8071a8b99c59a116963df6b7e4f648c3
XFree86-doc-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: fe9d46bf38622a12f925249604fceec2
XFree86-libs-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: f8a5b2720ca1df3c18e5c8e6c607b775
XFree86-tools-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 6bd9f9e9acfdfec45de9a107a29998f9
XFree86-twm-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: b6ae27a68de1cbaf51a488cd3f8acd59
XFree86-xdm-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: d1fdf97b2663efe6c5c7e5353503a8a9
XFree86-xfs-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 996a1c5144137312a3ed5abb1090c550
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
 
IA-32:
XFree86-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 14d7f1afbb4b906953883039eb157d26
XFree86-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: b3f22912467d5926d4ec232e44ae5474
XFree86-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 48f10cac170ac62ef30b009614948ba4
XFree86-ISO8859-15-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8e54ad13e3f5e90f013fe8e8f4e03a81
XFree86-ISO8859-15-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e72c85af8f8d21d8c2b1b46d2c5a04ee
XFree86-ISO8859-2-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 1da0dd1af1e942156e9d91dbeb533bb5
XFree86-ISO8859-2-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 161180c6ec8a912fad1fc0981a251030
XFree86-ISO8859-9-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 7dfb70e7ce0def97795620beeea954d7
XFree86-ISO8859-9-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c3881334ebaa69145846a4f907935cf
XFree86-Xnest-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 50dcd68ea6a9e07dee00f7d3869abc33
XFree86-Xvfb-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 69fd36a968a094990b8fe65efe2d7fed
XFree86-cyrillic-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c7b8cdaeb6c0675e92b81a04d7c61e4
XFree86-devel-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 19d8591f37880e8f2bbe6b4bd8176147
XFree86-doc-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 029df1e49a7c17c041e0386f2c69dea7
XFree86-libs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e4e1bd19b3a828176c3a11c546a807f7
XFree86-tools-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8747d0fac1efed1e6e5e922acb4d08ef
XFree86-twm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d1746f4894f083be9144be913795bdc3
XFree86-xdm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d0b551bede663c2a3743e5752f2dc1be
XFree86-xf86cfg-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 4d8ad5111c008509a2e4d23f829a2a38
XFree86-xfs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d3398ff570a4a598ae68b78faa7def36
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
 
IA-32:
XFree86-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 14d7f1afbb4b906953883039eb157d26
XFree86-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: b3f22912467d5926d4ec232e44ae5474
XFree86-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 48f10cac170ac62ef30b009614948ba4
XFree86-ISO8859-15-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8e54ad13e3f5e90f013fe8e8f4e03a81
XFree86-ISO8859-15-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e72c85af8f8d21d8c2b1b46d2c5a04ee
XFree86-ISO8859-2-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 1da0dd1af1e942156e9d91dbeb533bb5
XFree86-ISO8859-2-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 161180c6ec8a912fad1fc0981a251030
XFree86-ISO8859-9-100dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 7dfb70e7ce0def97795620beeea954d7
XFree86-ISO8859-9-75dpi-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c3881334ebaa69145846a4f907935cf
XFree86-Xnest-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 50dcd68ea6a9e07dee00f7d3869abc33
XFree86-Xvfb-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 69fd36a968a094990b8fe65efe2d7fed
XFree86-cyrillic-fonts-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5c7b8cdaeb6c0675e92b81a04d7c61e4
XFree86-devel-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 19d8591f37880e8f2bbe6b4bd8176147
XFree86-doc-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 029df1e49a7c17c041e0386f2c69dea7
XFree86-libs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: e4e1bd19b3a828176c3a11c546a807f7
XFree86-tools-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8747d0fac1efed1e6e5e922acb4d08ef
XFree86-twm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d1746f4894f083be9144be913795bdc3
XFree86-xdm-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d0b551bede663c2a3743e5752f2dc1be
XFree86-xf86cfg-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: 4d8ad5111c008509a2e4d23f829a2a38
XFree86-xfs-4.1.0-56.EL.i386.rpm
File outdated by:  RHSA-2008:0512
    MD5: d3398ff570a4a598ae68b78faa7def36
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
XFree86-4.1.0-56.EL.src.rpm
File outdated by:  RHSA-2008:0512
    MD5: c61684beb0887265a0e8feca0004959d
 
IA-64:
XFree86-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 97ca141234bccde8d7f7afb7598fbd56
XFree86-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: ff0a28c7f0faa129ab64643e27b63fbb
XFree86-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 70871be890be6ca75667f7532e5ecf59
XFree86-ISO8859-15-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 1bc1eba638a7aef36b8265ab05a1c24c
XFree86-ISO8859-15-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: da708ec71a4f102d7d8094cc32e2db01
XFree86-ISO8859-2-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 508de46b24cbc639ed0c440f405a5be3
XFree86-ISO8859-2-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 39fe3032da4fdb8523fb35f9a3a49bbc
XFree86-ISO8859-9-100dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 786995ac0956e238e09d5e47b63fdbfb
XFree86-ISO8859-9-75dpi-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 0abdcc694a9065715b7721bd3418e2a5
XFree86-Xnest-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 6565587f1974a03886c17470974a91b4
XFree86-Xvfb-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 5bd863080ed43ad63cdb0f92956ebdc7
XFree86-cyrillic-fonts-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 901c899bcfcf58d1a6dcd2e74ecb3c7e
XFree86-devel-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 8071a8b99c59a116963df6b7e4f648c3
XFree86-doc-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: fe9d46bf38622a12f925249604fceec2
XFree86-libs-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: f8a5b2720ca1df3c18e5c8e6c607b775
XFree86-tools-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 6bd9f9e9acfdfec45de9a107a29998f9
XFree86-twm-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: b6ae27a68de1cbaf51a488cd3f8acd59
XFree86-xdm-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: d1fdf97b2663efe6c5c7e5353503a8a9
XFree86-xfs-4.1.0-56.EL.ia64.rpm
File outdated by:  RHSA-2008:0512
    MD5: 996a1c5144137312a3ed5abb1090c550
 

Bugs fixed (see bugzilla for more information)

114902 - CAN-2004-0083 XFree86 font.alias overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/