lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040213051901.GE23829@wirex.com>
Date: Thu, 12 Feb 2004 21:19:01 -0800
From: Immunix Security Team <security@...unix.com>
To: bugtraq@...urityfocus.com
Subject: Immunix Secured OS 7.3 XFree86 update

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	XFree86
Affected products:	Immunix OS 7.3
Bugs fixed:		CAN-2004-0083, CAN-2004-0084, CAN-2004-0106
Date:			Thu Feb 12 2004
Advisory ID:		IMNX-2004-73-002-01
Author:			Seth Arnold <sarnold@...unix.com>
-----------------------------------------------------------------------

Description:
  Greg MacManus, of iDEFENSE Labs, reports finding several potentially
  exploitable buffer overflows in XFree86's font code. David Dawes
  provided a patch to fix these, and other, errors. Thanks also to
  Patrick Volkerding for working with the patch, to allow it to more
  easily apply to our version of XFree86.

  As the overflowed buffers are auto variables and the functions
  manipulating the buffers are string operations, StackGuard will prevent
  successful exploitation of this vulnerability to gain new privileges;
  however, StackGuard will kill any process that attempts to execute
  exploit code. We recommend all our users upgrade to fixed packages,
  which will prevent this denial of service attack.

  References:
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
      http://www.idefense.com/application/poi/display?id=72
      http://www.idefense.com/application/poi/display?id=73

  Immunix 7.3 users may use our up2date service to install fixed 
  packages: you may run either "up2date" within X, and follow the
  directions, or run "up2date -u" to ensure your system is current.

Package names and locations:
  Precompiled binary packages for Immunix 7.3 are available at:
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-Xnest-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-Xvfb-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-base-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-cyrillic-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-devel-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-doc-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-font-utils-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-libs-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-tools-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-truetype-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-twm-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xdm-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xf86cfg-4.2.1-13.73.23_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7.3/Updates/RPMS/XFree86-xfs-4.2.1-13.73.23_imnx_2.i386.rpm

  Source packages for Immunix 7.3 are available at:
  http://download.immunix.org/ImmunixOS/7.3/Updates/SRPMS/XFree86-4.2.1-13.73.23_imnx_2.src.rpm

Immunix OS 7.3 md5sums:
  4ce0720899ed71eaa9ccf762ed91d63f  RPMS/XFree86-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  fc9454ef6093155b394ffd277ed6e690  RPMS/XFree86-4.2.1-13.73.23_imnx_2.i386.rpm
  8dc075d66836d32d8f2f59441eb352cc  RPMS/XFree86-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  255132bacc53054618579bad4174de8b  RPMS/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  ac4aee7f3ac570eeb34df940d0390a7c  RPMS/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  2a00dd0b8478af96a2494b8f861fe8be  RPMS/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  fdf21bdffa7a6eb806ae91eaa90ff140  RPMS/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  7e9b97c42fa0dbb5c2ada01c9b918aa7  RPMS/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  b99d9129e75999a8f27e048de02fa596  RPMS/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  5e39a2f95d8aa763a9147c439f311a39  RPMS/XFree86-Xnest-4.2.1-13.73.23_imnx_2.i386.rpm
  1f31ac8f8dace2d74a29d11f7e131162  RPMS/XFree86-Xvfb-4.2.1-13.73.23_imnx_2.i386.rpm
  fee0fd253130c6667dfd8469a05ccb18  RPMS/XFree86-base-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  6f0524ea7c222b0a2824f622b0fd008e  RPMS/XFree86-cyrillic-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  b683d1468d4e2d288926e31b988d06ff  RPMS/XFree86-devel-4.2.1-13.73.23_imnx_2.i386.rpm
  c354336c26bdd2f35553c64634f2804e  RPMS/XFree86-doc-4.2.1-13.73.23_imnx_2.i386.rpm
  cf6380fd0e5c0006569fd3bdea24fb51  RPMS/XFree86-font-utils-4.2.1-13.73.23_imnx_2.i386.rpm
  2e0136d6b8c6d9fbef8111dd52f59004  RPMS/XFree86-libs-4.2.1-13.73.23_imnx_2.i386.rpm
  3199457f2feeba2f794f4d0c3536371f  RPMS/XFree86-tools-4.2.1-13.73.23_imnx_2.i386.rpm
  07cb4a6c4498c5cc761e80ad953391f4  RPMS/XFree86-truetype-fonts-4.2.1-13.73.23_imnx_2.i386.rpm
  be6f5dfa8ef80df76bffdae11fc3f2de  RPMS/XFree86-twm-4.2.1-13.73.23_imnx_2.i386.rpm
  ba82ddab4f3ab5444e7948d67a456b99  RPMS/XFree86-xdm-4.2.1-13.73.23_imnx_2.i386.rpm
  172746c34007862f709ce158f3aee4db  RPMS/XFree86-xf86cfg-4.2.1-13.73.23_imnx_2.i386.rpm
  aff205b03f1979b63b4da99b960485eb  RPMS/XFree86-xfs-4.2.1-13.73.23_imnx_2.i386.rpm
  6db108f170672ea6143bf9774734b96a  SRPMS/XFree86-4.2.1-13.73.23_imnx_2.src.rpm


GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 7.3 will not be officially supported after March 31 2005.
  ImmunixOS 7+ will not be officially supported after March 1 2004.
  ImmunixOS 7.0 is no longer officially supported.
  ImmunixOS 6.2 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@...unix.com.
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ