| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031219123556.13516.qmail@updates.mandrakesoft.com>
Date: 19 Dec 2003 12:35:56 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2003:118 - Updated XFree86 packages fix xdm vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrake Linux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2003:118
Date: December 19th, 2003
Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability was discovered in the XDM display manager that ships
with XFree86. XDM does not check for successful completion of the
pam_setcred() call and in the case of error conditions in the
installed PAM modules, XDM may grant local root access to any user
with valid login credentials. It has been reported that a certain
configuration of the MIT pam_krb5 module can result in a failing
pam_setcred() call which leaves the session alive and would provide
root access to any regular user. It is also possible that this
vulnerability can likewise be exploited with other PAM modules in a
similar manner.
A backported patch from XFree86 4.3 that corrects this vulnerability
has been applied to these updated packages.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
7ba291697ec4355d7fa8641494fd6caf corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.6.C21mdk.i586.rpm
1a1334d9b639c099e330cc5684b9973e corporate/2.1/RPMS/XFree86-4.2.1-6.6.C21mdk.i586.rpm
14055e9c1990ffc0ae51eb8a62dc6ff1 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.6.C21mdk.i586.rpm
a9620d5d9c2db7a61ee02557ae63b4a9 corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.6.C21mdk.i586.rpm
50fb7ed66e9b3e63b510b0f307582ea9 corporate/2.1/RPMS/XFree86-devel-4.2.1-6.6.C21mdk.i586.rpm
fad9b5babd20b4f81107cac3229df28d corporate/2.1/RPMS/XFree86-doc-4.2.1-6.6.C21mdk.i586.rpm
7dffea0280f7a66456fffbde0611ff50 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.6.C21mdk.i586.rpm
501ee2b8f244272ac695b56d14c04472 corporate/2.1/RPMS/XFree86-libs-4.2.1-6.6.C21mdk.i586.rpm
34ce66ab9af42b521459d647442d3bae corporate/2.1/RPMS/XFree86-server-4.2.1-6.6.C21mdk.i586.rpm
7bc53030d35ede94c59fa994002ec558 corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.6.C21mdk.i586.rpm
3893ce26c8b2f6e50f0b6c478977d3c7 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.6.C21mdk.i586.rpm
7ac3a5b47f69873ac0e277d69dba5cbc corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.6.C21mdk.i586.rpm
76984657d4e3c078440fca9067327fa9 corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.6.C21mdk.i586.rpm
ddc5ff979384144f16884b7a05ec6d9d corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.6.C21mdk.i586.rpm
6443f5436266224800834b1d721da412 corporate/2.1/SRPMS/XFree86-4.2.1-6.6.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
b5cf0f68ffae1ca10a0c262d50b7cc33 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.6.C21mdk.x86_64.rpm
8bd52e36599a09636cc3810f08e2327b x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.6.C21mdk.x86_64.rpm
0535bc7f617edf7413e873baa1457454 x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.6.C21mdk.x86_64.rpm
fff3943f0e2cbdf8743164ab0fadda19 x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.6.C21mdk.x86_64.rpm
824df87aa0748428ead3df852f57922f x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.6.C21mdk.x86_64.rpm
547268b6e275e16d093936d2c1e34f77 x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.6.C21mdk.x86_64.rpm
b017b4c7835339dd020ed294aad87da8 x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.6.C21mdk.x86_64.rpm
72c016013e46b751e6c08417fc29e7a8 x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.6.C21mdk.x86_64.rpm
ed38fb77a841fd8298e48fc81fa461d0 x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.6.C21mdk.x86_64.rpm
59f0ce8c3e9056dcd2206626e95aff2e x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.6.C21mdk.x86_64.rpm
9f05560a2a1bc5948547ff7eb684ad08 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.6.C21mdk.x86_64.rpm
7b1dc02790f89447eb0c46632da13124 x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.6.C21mdk.x86_64.rpm
d8d73ef1e50c8b1a33b393d53abd7154 x86_64/corporate/2.1/RPMS/X11R6-contrib-4.2.1-6.6.C21mdk.x86_64.rpm
6443f5436266224800834b1d721da412 x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.6.C21mdk.src.rpm
Mandrake Linux 9.0:
dce0a2b05ecab57a22ada818db285fb8 9.0/RPMS/XFree86-100dpi-fonts-4.2.1-3.2.90mdk.i586.rpm
9fb3d81b3a14747d51044cdc87719bbc 9.0/RPMS/XFree86-4.2.1-3.2.90mdk.i586.rpm
5efb4c80ccc0e87dd22260c1b4d46603 9.0/RPMS/XFree86-75dpi-fonts-4.2.1-3.2.90mdk.i586.rpm
6457789af4a96220e43743c3b52eef58 9.0/RPMS/XFree86-cyrillic-fonts-4.2.1-3.2.90mdk.i586.rpm
2e5e81a71eabccffadd6999539f90032 9.0/RPMS/XFree86-devel-4.2.1-3.2.90mdk.i586.rpm
2f0c58d8c68b1aa024d42646a15e97cc 9.0/RPMS/XFree86-doc-4.2.1-3.2.90mdk.i586.rpm
a20f2a1172f2ad4dcdf1909072b4fbd2 9.0/RPMS/XFree86-glide-module-4.2.1-3.2.90mdk.i586.rpm
990a21d03523c464dd9b21728894b230 9.0/RPMS/XFree86-libs-4.2.1-3.2.90mdk.i586.rpm
4275d42f4822b0a37af29e076524c9a4 9.0/RPMS/XFree86-server-4.2.1-3.2.90mdk.i586.rpm
1a9439f73c6b77c4914d0bf7413ba474 9.0/RPMS/XFree86-static-libs-4.2.1-3.2.90mdk.i586.rpm
e8d58a1c16fc5b1e121ef9018ea1aef0 9.0/RPMS/XFree86-xfs-4.2.1-3.2.90mdk.i586.rpm
f26a7a481963ebd85184faaf13e8374b 9.0/RPMS/XFree86-Xnest-4.2.1-3.2.90mdk.i586.rpm
7386556507eccf518e3663e79622ecd9 9.0/RPMS/XFree86-Xvfb-4.2.1-3.2.90mdk.i586.rpm
df323b66b2942b7a3a6e4a1fba696237 9.0/RPMS/X11R6-contrib-4.2.1-3.2.90mdk.i586.rpm
b1154d5004fc50db40dd06592714dd08 9.0/SRPMS/XFree86-4.2.1-3.2.90mdk.src.rpm
Mandrake Linux 9.1:
accf02b52fa3d5022402d68219ac8142 9.1/RPMS/XFree86-100dpi-fonts-4.3-8.4.91mdk.i586.rpm
5d4685fcf62d6b94b3fcf5a7fe24b039 9.1/RPMS/XFree86-4.3-8.4.91mdk.i586.rpm
ab79c17b5b76e981632a2f9d56333548 9.1/RPMS/XFree86-75dpi-fonts-4.3-8.4.91mdk.i586.rpm
47d960baa8c3aa802594ab16f41eef3c 9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.4.91mdk.i586.rpm
8df0b06fb35c80541977df7462b11049 9.1/RPMS/XFree86-devel-4.3-8.4.91mdk.i586.rpm
a1d8100166c9102c75f4b98633f4f482 9.1/RPMS/XFree86-doc-4.3-8.4.91mdk.i586.rpm
ac369ce428570a11a4ae8d11c3311c9c 9.1/RPMS/XFree86-glide-module-4.3-8.4.91mdk.i586.rpm
1ff23138ecce0cf758c96bad2392abd0 9.1/RPMS/XFree86-libs-4.3-8.4.91mdk.i586.rpm
330daab58436828598fe25d611855723 9.1/RPMS/XFree86-server-4.3-8.4.91mdk.i586.rpm
fbd0852d9ad9f794a241defb5453d9a1 9.1/RPMS/XFree86-static-libs-4.3-8.4.91mdk.i586.rpm
671f7179566a4cd590bb1554ad950edd 9.1/RPMS/XFree86-xfs-4.3-8.4.91mdk.i586.rpm
40021e3303ae73b918e2394572ee2e29 9.1/RPMS/XFree86-Xnest-4.3-8.4.91mdk.i586.rpm
f57ff155ba975a12c896ea90aade93c7 9.1/RPMS/XFree86-Xvfb-4.3-8.4.91mdk.i586.rpm
e849a55ac77f5739763e81818eb8f1fe 9.1/RPMS/X11R6-contrib-4.3-8.4.91mdk.i586.rpm
acd2a322042fa0d9e89fa28b110ad678 9.1/SRPMS/XFree86-4.3-8.4.91mdk.src.rpm
Mandrake Linux 9.1/PPC:
9f840aa8de13b8e9549bac8f3f401511 ppc/9.1/RPMS/XFree86-100dpi-fonts-4.3-8.4.91mdk.ppc.rpm
ebc9b0fb7b4039525bc07e43bd9812cd ppc/9.1/RPMS/XFree86-4.3-8.4.91mdk.ppc.rpm
c314d2a6444b8f69aa52a208d597db64 ppc/9.1/RPMS/XFree86-75dpi-fonts-4.3-8.4.91mdk.ppc.rpm
e0803ca9429bbf99bb6d3a704e6dbe01 ppc/9.1/RPMS/XFree86-cyrillic-fonts-4.3-8.4.91mdk.ppc.rpm
7228f302044d983be022a5b78ea75a60 ppc/9.1/RPMS/XFree86-devel-4.3-8.4.91mdk.ppc.rpm
3ace40d9e04f7c6f66119efab195d40e ppc/9.1/RPMS/XFree86-doc-4.3-8.4.91mdk.ppc.rpm
e60088fa6f57ac942d7a7a3308b114e5 ppc/9.1/RPMS/XFree86-libs-4.3-8.4.91mdk.ppc.rpm
07a8d306c4e7d3a7a9e6277ecc16301d ppc/9.1/RPMS/XFree86-server-4.3-8.4.91mdk.ppc.rpm
c9678b2addd7539f0ee927d34058052d ppc/9.1/RPMS/XFree86-static-libs-4.3-8.4.91mdk.ppc.rpm
002a58462dafe69d98b70d515ac5ba60 ppc/9.1/RPMS/XFree86-xfs-4.3-8.4.91mdk.ppc.rpm
48adafdbf3a73bbfc4b72498f09a180d ppc/9.1/RPMS/XFree86-Xnest-4.3-8.4.91mdk.ppc.rpm
1d45b2108bb885e02390534d76f54752 ppc/9.1/RPMS/XFree86-Xvfb-4.3-8.4.91mdk.ppc.rpm
e55a6cdd3fe8ac35e76be48e766f45dd ppc/9.1/RPMS/X11R6-contrib-4.3-8.4.91mdk.ppc.rpm
acd2a322042fa0d9e89fa28b110ad678 ppc/9.1/SRPMS/XFree86-4.3-8.4.91mdk.src.rpm
Mandrake Linux 9.2:
3819f8fb1f7cc944dd34ef18eca5288f 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.1.92mdk.i586.rpm
7e692f391ef5599be19cec344f2bab98 9.2/RPMS/XFree86-4.3-24.1.92mdk.i586.rpm
dc94b3fb11a6095df83ebd87248b7f4c 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.1.92mdk.i586.rpm
f37af40fd524665d9652782199409138 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.1.92mdk.i586.rpm
ab8eb966751fd413130ea5d3b604a5f8 9.2/RPMS/XFree86-doc-4.3-24.1.92mdk.i586.rpm
10c78b71783ffed3162ef528b2c301b9 9.2/RPMS/XFree86-glide-module-4.3-24.1.92mdk.i586.rpm
96a17618e021c5e9ff694a17b3d4dcde 9.2/RPMS/XFree86-server-4.3-24.1.92mdk.i586.rpm
2f1e7168f8e2f953c0a73a48b86276da 9.2/RPMS/XFree86-xfs-4.3-24.1.92mdk.i586.rpm
41ca5f78e5cbefc73c5cc4bc9d80d72b 9.2/RPMS/XFree86-Xnest-4.3-24.1.92mdk.i586.rpm
7d109f19ff97b1abb53507ec3b5797c8 9.2/RPMS/XFree86-Xvfb-4.3-24.1.92mdk.i586.rpm
f957f0483d87b760cf02d0295e4afa8f 9.2/RPMS/X11R6-contrib-4.3-24.1.92mdk.i586.rpm
da7ba782fbf305f53deae646c286faae 9.2/RPMS/libxfree86-4.3-24.1.92mdk.i586.rpm
0786fd53b28cce825e335f91293ac260 9.2/RPMS/libxfree86-devel-4.3-24.1.92mdk.i586.rpm
5e4db773a8df489cd8a6191c824c7458 9.2/RPMS/libxfree86-static-devel-4.3-24.1.92mdk.i586.rpm
2725a3aafbd92245fada4012ffed5072 9.2/SRPMS/XFree86-4.3-24.1.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
840df90ccb53c8c5b622b91d35fae2a7 amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.1.92mdk.amd64.rpm
0551119938d20d37feabe7b5d5622d4e amd64/9.2/RPMS/XFree86-4.3-24.1.92mdk.amd64.rpm
8c40f36a224c680f6ee067b77406262a amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.1.92mdk.amd64.rpm
56e2cf4946504da6bafeb0213865db14 amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.1.92mdk.amd64.rpm
953decec9c8d06244c6255c6e6e85243 amd64/9.2/RPMS/XFree86-doc-4.3-24.1.92mdk.amd64.rpm
9c6586b303a66060664efac85b61c4a4 amd64/9.2/RPMS/XFree86-server-4.3-24.1.92mdk.amd64.rpm
d37d759d8288d9608608fb4f074a4337 amd64/9.2/RPMS/XFree86-xfs-4.3-24.1.92mdk.amd64.rpm
dd093c2632d1cbe05c6562cfc169e866 amd64/9.2/RPMS/XFree86-Xnest-4.3-24.1.92mdk.amd64.rpm
2ec74fd37a2240ada6911a0d1534cea6 amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.1.92mdk.amd64.rpm
2e69a9003740454ee3a729b549fc0938 amd64/9.2/RPMS/X11R6-contrib-4.3-24.1.92mdk.amd64.rpm
6f53b91faee94c0f281fa00f7b236aa1 amd64/9.2/RPMS/lib64xfree86-4.3-24.1.92mdk.amd64.rpm
26363c79205d8e8918993668c559d8f5 amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.1.92mdk.amd64.rpm
a0fb588cc0dde5c53584ffc625865f59 amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.1.92mdk.amd64.rpm
2725a3aafbd92245fada4012ffed5072 amd64/9.2/SRPMS/XFree86-4.3-24.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/4vCsmqjQ0CJFipgRAjsfAKCOTl9ISJZTjR4Tp/9hS5zdDv1EdACeLI8R
1NSRqCqktl2C34KGeXMWO0I=
=fH2K
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists