lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.02.1310141718490.3108@connie.slackware.com>
Date: Mon, 14 Oct 2013 17:19:03 -0700 (PDT)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security]  xorg-server (SSA:2013-287-05)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2013-287-05)

New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1,
13.37, 14.0, and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
  Patched a use-after-free bug that can cause an X server crash or
  memory corruption.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-1.4.2-i486-3_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-1.4.2-i486-3_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.14.3-i486-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.14.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.1 packages:
ef233277d73f30e759df824af80cd0e4  xorg-server-1.4.2-i486-3_slack12.1.tgz
c12a4e3431a9a44477f407a212b43e00  xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
f7b4d111a7e31c63b2c996a3d0589d96  xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz

Slackware 12.2 packages:
4ddafe641d32fd03d5a4c00b635e656b  xorg-server-1.4.2-i486-3_slack12.2.tgz
476c7be787f06648309e8896a6cf6a02  xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
dc1e372a735936ee41e6aa94e9604614  xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz

Slackware 13.0 packages:
254f0eabdf20693f94d188498e48c256  xorg-server-1.6.3-i486-3_slack13.0.txz
1bdd1b84658d5c59e0628cbbe1921eb8  xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
a6d90303c5a7ca6c011dbac8eee4607e  xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
1c2c59bc2941e17dfa43b0b98f59f92e  xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz

Slackware x86_64 13.0 packages:
ad23cbef6787d1108cf8bad0772125e8  xorg-server-1.6.3-x86_64-3_slack13.0.txz
8a338aa65a6804db160bd5f15c7f379b  xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
80f96f34eb83b392828e53285fd472bc  xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
8575e2cd0385853eab994e5b8e69a64b  xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz

Slackware 13.1 packages:
5c51f895cde418ecb8f688390f93fcb1  xorg-server-1.7.7-i486-3_slack13.1.txz
ae847e54395d1f5f26732a483c2b14f2  xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
73f81dc775d11c1088d47ed3b3008eb6  xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
91bca29a7670c1f7351656e3bd80c103  xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz

Slackware x86_64 13.1 packages:
6b11f1c55b85e3f411145a1641ad5ea1  xorg-server-1.7.7-x86_64-3_slack13.1.txz
71152af1af3987fb8977d02515963cd7  xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
50dbbf40997dca93178d8cfa0cf85d13  xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
a2e855a63994d2651fcad0d5e2a81b7f  xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz

Slackware 13.37 packages:
97f2d5436a755b2a6ce825ae35c13b75  xorg-server-1.9.5-i486-3_slack13.37.txz
e78709fb9794e39dc6fec49dd4ec26e4  xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
3e88197c8fd9683bde5a9a212b0be9aa  xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
f1e937df516c72b5d14895e1451f3b9a  xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz

Slackware x86_64 13.37 packages:
5602ee11e2337ad6df84fe6c6263f09a  xorg-server-1.9.5-x86_64-3_slack13.37.txz
be8f63cff02433e24461862e191a2766  xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
7ef2877a8a6a2acaba88b216722281c4  xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
9761b6f2829b4155dcb16385aa459445  xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz

Slackware 14.0 packages:
c5261d5ff8a2d8216b370c442a5476fb  xorg-server-1.12.4-i486-2_slack14.0.txz
5a6db769fd8b0ce3558f244bf43751ef  xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
4a400005265699881f8428a6ffff1194  xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
58927f81581367deac8e93725dcd6a3e  xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz

Slackware x86_64 14.0 packages:
a37cf73a34f61fdca1bfd6ffe8d89a4b  xorg-server-1.12.4-x86_64-2_slack14.0.txz
fbdf1a0de0b8d9163d9741fd864e0c38  xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
7fc80fe92d44cb1dd226553d4bdb1eb8  xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
d98533c5ce95757e137611d75f676d79  xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz

Slackware -current packages:
a9aaea9c8475aa69ab4d6a5bdc57b0ce  x/xorg-server-1.14.3-i486-2.txz
49a7ab4095dbe7403b2a3feb21da483a  x/xorg-server-xephyr-1.14.3-i486-2.txz
37009849f0acdec2d398e1cd2c130567  x/xorg-server-xnest-1.14.3-i486-2.txz
cf0397cb1660de38e528b284517c83b1  x/xorg-server-xvfb-1.14.3-i486-2.txz

Slackware x86_64 -current packages:
628e0fa2eef95cfd02c213b6aa7260f2  x/xorg-server-1.14.3-x86_64-2.txz
9f86e0a8297b11064242af87476227f2  x/xorg-server-xephyr-1.14.3-x86_64-2.txz
762bb7da240799ae6128892377ced653  x/xorg-server-xnest-1.14.3-x86_64-2.txz
c80caf380942e53c2de54426d6dd831d  x/xorg-server-xvfb-1.14.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-1.12.4-i486-2_slack14.0.txz xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz xorg-server-xnest-1.12.4-i486-2_slack14.0.txz xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJcYAoACgkQakRjwEAQIjOuqACggFgshiciDrJwSLuxoVAehHC0
uzUAoJH4SrtTN79GBbdOo8GBJX8dsjqE
=Vdxi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ