From security@immunix.com Sat Feb 14 05:48:11 2004 From: Immunix Security Team To: bugtraq@securityfocus.com Date: Thu, 12 Feb 2004 21:19:01 -0800 Subject: Immunix Secured OS 7.3 XFree86 update ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: XFree86 Affected products: Immunix OS 7.3 Bugs fixed: CAN-2004-0083, CAN-2004-0084, CAN-2004-0106 Date: Thu Feb 12 2004 Advisory ID: IMNX-2004-73-002-01 Author: Seth Arnold ----------------------------------------------------------------------- Description: Greg MacManus, of iDEFENSE Labs, reports finding several potentially exploitable buffer overflows in XFree86's font code. David Dawes provided a patch to fix these, and other, errors. Thanks also to Patrick Volkerding for working with the patch, to allow it to more easily apply to our version of XFree86. As the overflowed buffers are auto variables and the functions manipulating the buffers are string operations, StackGuard will prevent successful exploitation of this vulnerability to gain new privileges; however, StackGuard will kill any process that attempts to execute exploit code. We recommend all our users upgrade to fixed packages, which will prevent this denial of service attack. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106 http://www.idefense.com/application/poi/display?id=72 http://www.idefense.com/application/poi/display?id=73 Immunix 7.3 users may use our up2date service to install fixed packages: you may run either "up2date" within X, and follow the directions, or run "up2date -u" to ensure your system is current. Package names and locations: Precompiled binary packages for Immunix 7.3 are available at: http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-Xnest-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-Xvfb-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-base-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-cyrillic-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-devel-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-doc-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-font-utils-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-libs-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-tools-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-truetype-fonts-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-twm-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xdm-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xf86cfg-4.2.1-13.73.23_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xfs-4.2.1-13.73.23_imnx_2.i386.rpm Source packages for Immunix 7.3 are available at: http://download.immunix.org/ImmunixOS/7.3/Updates/SRPMS/XFree86-4.2.1-13.73.23_imnx_2.src.rpm Immunix OS 7.3 md5sums: 4ce0720899ed71eaa9ccf762ed91d63f RPMS/XFree86-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm fc9454ef6093155b394ffd277ed6e690 RPMS/XFree86-4.2.1-13.73.23_imnx_2.i386.rpm 8dc075d66836d32d8f2f59441eb352cc RPMS/XFree86-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm 255132bacc53054618579bad4174de8b RPMS/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm ac4aee7f3ac570eeb34df940d0390a7c RPMS/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm 2a00dd0b8478af96a2494b8f861fe8be RPMS/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm fdf21bdffa7a6eb806ae91eaa90ff140 RPMS/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm 7e9b97c42fa0dbb5c2ada01c9b918aa7 RPMS/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm b99d9129e75999a8f27e048de02fa596 RPMS/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm 5e39a2f95d8aa763a9147c439f311a39 RPMS/XFree86-Xnest-4.2.1-13.73.23_imnx_2.i386.rpm 1f31ac8f8dace2d74a29d11f7e131162 RPMS/XFree86-Xvfb-4.2.1-13.73.23_imnx_2.i386.rpm fee0fd253130c6667dfd8469a05ccb18 RPMS/XFree86-base-fonts-4.2.1-13.73.23_imnx_2.i386.rpm 6f0524ea7c222b0a2824f622b0fd008e RPMS/XFree86-cyrillic-fonts-4.2.1-13.73.23_imnx_2.i386.rpm b683d1468d4e2d288926e31b988d06ff RPMS/XFree86-devel-4.2.1-13.73.23_imnx_2.i386.rpm c354336c26bdd2f35553c64634f2804e RPMS/XFree86-doc-4.2.1-13.73.23_imnx_2.i386.rpm cf6380fd0e5c0006569fd3bdea24fb51 RPMS/XFree86-font-utils-4.2.1-13.73.23_imnx_2.i386.rpm 2e0136d6b8c6d9fbef8111dd52f59004 RPMS/XFree86-libs-4.2.1-13.73.23_imnx_2.i386.rpm 3199457f2feeba2f794f4d0c3536371f RPMS/XFree86-tools-4.2.1-13.73.23_imnx_2.i386.rpm 07cb4a6c4498c5cc761e80ad953391f4 RPMS/XFree86-truetype-fonts-4.2.1-13.73.23_imnx_2.i386.rpm be6f5dfa8ef80df76bffdae11fc3f2de RPMS/XFree86-twm-4.2.1-13.73.23_imnx_2.i386.rpm ba82ddab4f3ab5444e7948d67a456b99 RPMS/XFree86-xdm-4.2.1-13.73.23_imnx_2.i386.rpm 172746c34007862f709ce158f3aee4db RPMS/XFree86-xf86cfg-4.2.1-13.73.23_imnx_2.i386.rpm aff205b03f1979b63b4da99b960485eb RPMS/XFree86-xfs-4.2.1-13.73.23_imnx_2.i386.rpm 6db108f170672ea6143bf9774734b96a SRPMS/XFree86-4.2.1-13.73.23_imnx_2.src.rpm GPG verification: Our public keys are available at http://download.immunix.org/GPG_KEY Immunix, Inc., has changed policy with GPG keys. We maintain several keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for Immunix 7.3 package signing, and 1B7456DA for general security issues. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 7.3 will not be officially supported after March 31 2005. ImmunixOS 7+ will not be officially supported after March 1 2004. ImmunixOS 7.0 is no longer officially supported. ImmunixOS 6.2 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@immunix.com. Immunix attempts to conform to the RFP vulnerability disclosure protocol http://www.wiretrip.net/rfp/policy.html. [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]