From marcdeslauriers@videotron.ca Tue Mar 7 18:36:05 2006 From: Marc Deslauriers To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk Date: Tue, 07 Mar 2006 18:37:19 -0500 Subject: [Full-disclosure] [FLSA-2006:168264-2] Updated X.org packages fix security issue --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated X.org packages fix security issue Advisory ID: FLSA:168264-2 Issue date: 2006-03-07 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2005-2495 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated X.org packages that fix a security issue are now available. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. 2. Relevant releases/architectures: Fedora Core 2 - i386 3. Problem description: Several integer overflow bugs were found in the way X.org parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264 6. RPMs required: Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- fb2e8bbd5c2f1132d19ee20bd773be9d3179db9d fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm 02ff368c88f7907764b2da5e385f2e079f3849cd fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm c81dda89910ea896c7070eab733df161dba54a39 fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm 501f87e1196be0a33d95f0d52ead826677a34f22 fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm 1e0c6b43d3965b5e7d2d049bbc790d9a8c73a7d0 fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm 82eb2326f5b8494f96761e6092e34056e700a809 fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm c0d1461ddb2c070cdabddf6b3ebccc34ec66d3ef fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm 3f6382954c75e22ab177abbe1707140feea0170d fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm 6f0c373860e9d64c5efea95e77d3e6d5872dacc0 fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm c861aa4032a4f169929f225d46e798f5e0f18890 fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm 83eb270f4395c14edd17cc55a1d78965e5f602e8 fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm a99b042654bd86640eea6e7e1b76bda402d49b85 fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm 52b7c9ff7e29265605c4bb1d08a735b279287fc5 fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm 4e3900230a90728563f1173c8af82af2272dec03 fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm 5091477dffb64324caae7d3d558882ab73e26609 fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm 9ef03f7f4355a5e1d3f19f71d597e541cad3e831 fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm f1ea8740e9802ad98b194284e8afb3eee8e1106d fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm 222037711ead385d31fac145142c10c9c93f8c51 fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm c21a7c11d52eaabe8bae5145e270c5301fcf8c17 fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm 3314b29f2bc32e4ccd837b7973fc07847d073df0 fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm 3eac8219f4e3753644511090657ddc513a75c0c8 fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm f99d01e683755302d4ed5ea8a03f09b4828b7ea0 fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm d265d17e698e8d2e3a40c9b8519fe70cd01a1ca2 fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm ff8ff747514e3b9bf7945aac37ed19ab00293fbd fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm e6141cfe3188c556c6e8ba54eba44d5e8645f09b fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm 05fc596a5a8956e8fcbd1ac788bbba855e87fbba fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm 70b47f7e0e944ef7402437135a044209cba064ae fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm f6b74e278a54a2477bbda52155daad7787721a81 fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm c362a7d289c0c8d56ad63f0364e879819185871f fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm fd3251aec6f906005c34d5a6e3324e38a0dcc510 fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm af4f7aea4c1b550d1a0389c0f3213bc6c74d87e6 fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- [ Part 1.2, "OpenPGP digital signature" Application/PGP-SIGNATURE ] [ 198bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/