| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: joel.esler at rcert-s.army.mil (Esler, Joel - Contractor) Subject: unsubscribe This is not the way you do it!! -- -----Original Message----- -- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure- -- admin@...ts.netsys.com] On Behalf Of 4cray -- Sent: Tuesday, November 25, 2003 5:08 PM -- To: bugzilla@...hat.com; redhat-watch-list@...hat.com; -- bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com -- Subject: [Full-Disclosure] unsubscribe -- -- i want to unsubscribe this newsletter! -- Thanks -- ----- Original Message ----- -- From: <bugzilla@...hat.com> -- To: <redhat-watch-list@...hat.com>; <bugtraq@...urityfocus.com>; -- <full-disclosure@...ts.netsys.com> -- Sent: Tuesday, November 25, 2003 10:56 AM -- Subject: [RHSA-2003:287-01] Updated XFree86 packages provide security and -- bug fixes -- -- -- -----BEGIN PGP SIGNED MESSAGE----- -- Hash: SHA1 -- -- - --------------------------------------------------------------------- -- Red Hat Security Advisory -- -- Synopsis: Updated XFree86 packages provide security and bug -- fixes -- Advisory ID: RHSA-2003:287-01 -- Issue date: 2003-11-25 -- Updated on: 2003-11-25 -- Product: Red Hat Linux -- Keywords: -- Cross references: -- Obsoletes: RHSA-2003:066 RHSA-2003:067 -- CVE Names: CAN-2003-0690 CAN-2003-0730 -- - --------------------------------------------------------------------- -- -- 1. Topic: -- -- Updated XFree86 packages for Red Hat Linux 7.3 and 8.0 provide security -- fixes to font libraries and XDM. -- -- 2. Relevant releases/architectures: -- -- Red Hat Linux 7.3 - i386 -- Red Hat Linux 8.0 - i386 -- -- 3. Problem description: -- -- XFree86 is an implementation of the X Window System providing the core -- graphical user interface and video drivers in Red Hat Linux. XDM is the X -- display manager. -- -- Multiple integer overflows in the transfer and enumeration of font -- libraries in XFree86 allow local or remote attackers to cause a denial of -- service or execute arbitrary code via heap-based and stack-based buffer -- overflow attacks. The Common Vulnerabilities and Exposures project -- (cve.mitre.org) has assigned the name CAN-2003-0730 to this issue. -- -- The risk to users from this vulnerability is limited because only -- clients -- can be affected by these bugs, however in some (non default) -- configurations, both xfs and the X Server can act as clients -- to remote font servers. -- -- XDM does not verify whether the pam_setcred function call succeeds, which -- may allow attackers to gain root privileges by triggering error -- conditions -- within PAM modules, as demonstrated in certain configurations of the -- pam_krb5 module. The Common Vulnerabilities and Exposures project -- (cve.mitre.org) has assigned the name CAN-2003-0690 to this issue. -- -- Users are advised to upgrade to these updated XFree86 4.2.1 packages, -- which -- contain backported security patches and are not vulnerable to these -- issues. -- -- 4. Solution: -- -- Before applying this update, make sure all previously released errata -- relevant to your system have been applied. -- -- To update all RPMs for your particular architecture, run: -- -- rpm -Fvh [filenames] -- -- where [filenames] is a list of the RPMs you wish to upgrade. Only those -- RPMs which are currently installed will be updated. Those RPMs which are -- not installed but included in the list will not be updated. Note that -- you -- can also use wildcards (*.rpm) if your current directory *only* contains -- the -- desired RPMs. -- -- Please note that this update is also available via Red Hat Network. Many -- people find this an easier way to apply updates. To use Red Hat Network, -- launch the Red Hat Update Agent with the following command: -- -- up2date -- -- This will start an interactive process that will result in the -- appropriate -- RPMs being upgraded on your system. -- -- If up2date fails to connect to Red Hat Network due to SSL Certificate -- Errors, you need to install a version of the up2date client with an -- updated -- certificate. The latest version of up2date is available from the Red Hat -- FTP site and may also be downloaded directly from the RHN website: -- -- https://rhn.redhat.com/help/latest-up2date.pxt -- -- 5. RPMs required: -- -- Red Hat Linux 7.3: -- -- SRPMS: -- ftp://updates.redhat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm -- -- i386: -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1- -- 13.73.23. -- i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1- -- 13.73.23.i -- 386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts- -- 4.2. -- 1-13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts- -- 4.2.1 -- -13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts- -- 4.2.1 -- -13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts- -- 4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts- -- 4.2.1 -- -13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts- -- 4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xnest-4.2.1- -- 13.73.23.i386.rp -- m -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xvfb-4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-base-fonts-4.2.1- -- 13.73.23.i3 -- 86.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1- -- 13.73.2 -- 3.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-devel-4.2.1- -- 13.73.23.i386.rp -- m -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-doc-4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-font-utils-4.2.1- -- 13.73.23.i3 -- 86.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-libs-4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-tools-4.2.1- -- 13.73.23.i386.rp -- m -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-truetype-fonts-4.2.1- -- 13.73.2 -- 3.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-twm-4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xdm-4.2.1- -- 13.73.23.i386.rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xf86cfg-4.2.1- -- 13.73.23.i386. -- rpm -- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xfs-4.2.1- -- 13.73.23.i386.rpm -- -- Red Hat Linux 8.0: -- -- SRPMS: -- ftp://updates.redhat.com/8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm -- -- i386: -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1- -- 23.i386.r -- pm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1- -- 23.i386.rp -- m -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts- -- 4.2. -- 1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts- -- 4.2.1 -- -23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts- -- 4.2.1 -- -23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts- -- 4.2.1- -- 23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts- -- 4.2.1 -- -23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts- -- 4.2.1- -- 23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1- -- 23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1- -- 23.i386.rp -- m -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-base-fonts-4.2.1- -- 23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1- -- 23.i386 -- .rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-font-utils-4.2.1- -- 23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-truetype-fonts-4.2.1- -- 23.i386 -- .rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm -- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm -- -- -- -- 6. Verification: -- -- MD5 sum Package Name -- - ----------------------------------------------------------------------- -- --- -- 6dc1b32efd505aafd4acf61115077e9e -- 7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm -- e814707b495c8d0a30adb16daec18c33 -- 7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.23.i386.rpm -- b87cfe1e01934b80e7bb7c6e0dc719a9 -- 7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm -- b1d5c0db0d7a05883c90d1c6ab9d18fb -- 7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.23.i386.rpm -- f4fd6d9868aacf9dcc48c4c07faf890d -- 7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23.i386.rpm -- 003a785d80fdfd838d222c96e559e391 -- 7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23.i386.rpm -- b773184b7b97e93544ca7ae5cd3fbd45 -- 7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23.i386.rpm -- cc89ae4346639c5f6cdd35e2702ad03d -- 7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23.i386.rpm -- ebb3a1937f9f34ed6b7b1f4c09f5ebfb -- 7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23.i386.rpm -- 57a1058465aaa805655322ba7f18cfda -- 7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23.i386.rpm -- d45d6f8cf3cdffa608a7e2ba90729002 -- 7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.23.i386.rpm -- 0b7b1e2273dabd54123e1f9a9f02398b -- 7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.23.i386.rpm -- 3bcb7efa42b5c27a5af605b65c30cf92 -- 7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.23.i386.rpm -- 3ed229277a41413514200c2beedc9aef -- 7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.23.i386.rpm -- 4802948ad7fdaf554ff4c49f7e01eb9b -- 7.3/en/os/i386/XFree86-devel-4.2.1-13.73.23.i386.rpm -- 9a6854ffc8209e1ade2c049847778cf7 -- 7.3/en/os/i386/XFree86-doc-4.2.1-13.73.23.i386.rpm -- 27d6b5d5c6e4cd9178cb9f04fde31336 -- 7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.23.i386.rpm -- 9174c97c5b1eeec77e978be2f0fb4759 -- 7.3/en/os/i386/XFree86-libs-4.2.1-13.73.23.i386.rpm -- bb4ddc7f291cbb2d942924af3a3e382d -- 7.3/en/os/i386/XFree86-tools-4.2.1-13.73.23.i386.rpm -- 926875650771bf4e35d7d8f9f2b88581 -- 7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.23.i386.rpm -- f8e8b836b2fef31e330310b250f235d5 -- 7.3/en/os/i386/XFree86-twm-4.2.1-13.73.23.i386.rpm -- 3370b7c640c370a5fae7882c19de346d -- 7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.23.i386.rpm -- 6b0835732bd88f3e58551208fd88a694 -- 7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.23.i386.rpm -- e796a4ecba0c8cd577e556bfefd0d1f8 -- 7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.23.i386.rpm -- 5b23a90a4fbcec116264f987a1fa2fc6 8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm -- 83205dd6d709b1cd0c89bc3ac1fbdcf7 -- 8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-23.i386.rpm -- 0d0b76a5b9c918335fcefe9e96e43400 8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm -- c0bff3283737f329e52a44987316905a -- 8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-23.i386.rpm -- 468f8042474082e887c49d76eec846cc -- 8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-23.i386.rpm -- 6800179468ad3937a761e18d5a58e9a6 -- 8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-23.i386.rpm -- 8cb666742b3603bb1b5f03c6516f583a -- 8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-23.i386.rpm -- 2b6c1b0e013e6dc6ace6ce3411034ea5 -- 8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-23.i386.rpm -- 421ff4186cf4723ee93cb913aa4759ac -- 8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-23.i386.rpm -- 3959c4b6b73f544f57adc30930fc33f5 -- 8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-23.i386.rpm -- 89f84c356a1db508a7bf5a676a21a8e8 -- 8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-23.i386.rpm -- 41781ae1dd9259db03f0ea88d8a01791 -- 8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-23.i386.rpm -- 055a156c76ea4064f423b1910137421f -- 8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm -- c1e17db9962f4f94b54dc10d65369102 -- 8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm -- 73d13ff4ad503f803e85c21735d4b4fd -- 8.0/en/os/i386/XFree86-base-fonts-4.2.1-23.i386.rpm -- a4867e700dcbf2d1626a91e85c52b585 -- 8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-23.i386.rpm -- 845a3a2974ce06fc9df51b578dc1183a -- 8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm -- 03d9603e1941e5b79f8539208b226dda -- 8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm -- 5128b77c384b1d9bf12829469e7372ca -- 8.0/en/os/i386/XFree86-font-utils-4.2.1-23.i386.rpm -- a3944d3f49beda3c7f496f7f45e0cc42 -- 8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm -- 45a425d5e5df31f284c7e541f7ca1df3 -- 8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm -- 04cacefa0f0a0021a37a90195353ea63 -- 8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-23.i386.rpm -- 70d9a72ac0fb0e21f9fa053cde55c683 -- 8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm -- 38b1ee5b9a5218e13bde7ac1ecf4ac8b -- 8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm -- 22dcddd4c3960a1e6e499627a2255936 -- 8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm -- c230f65b0a619a10e3331b68855d6c71 -- 8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm -- -- -- These packages are GPG signed by Red Hat for security. Our key is -- available from https://www.redhat.com/security/keys.html -- -- You can verify each package with the following command: -- -- rpm --checksig -v <filename> -- -- If you only wish to verify that each package has not been corrupted or -- tampered with, examine only the md5sum with the following command: -- -- md5sum <filename> -- -- -- 7. References: -- -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690 -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730 -- -- 8. Contact: -- -- The Red Hat security contact is <secalert@...hat.com>. More contact -- details at https://www.redhat.com/solutions/security/news/contact.html -- -- Copyright 2003 Red Hat, Inc. -- -----BEGIN PGP SIGNATURE----- -- Version: GnuPG v1.0.7 (GNU/Linux) -- -- iD8DBQE/wydnXlSAg2UNWIIRAgwKAJ9PiyrkkqZlkp/b3g0P6b7sr7Z2NQCfZhzn -- 2JjXxt7qQqdRrHJF7V98Axg= -- =PjfC -- -----END PGP SIGNATURE----- -- -- -- -- -- _______________________________________________ -- Full-Disclosure - We believe in it. -- Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists