[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.02.1310141718490.3108@connie.slackware.com>
Date: Mon, 14 Oct 2013 17:19:03 -0700 (PDT)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security] xorg-server (SSA:2013-287-05)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] xorg-server (SSA:2013-287-05)
New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1,
13.37, 14.0, and -current to fix a security issue.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz: Rebuilt.
Patched a use-after-free bug that can cause an X server crash or
memory corruption.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
(* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz: Rebuilt.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-1.4.2-i486-3_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz
Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-1.4.2-i486-3_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.14.3-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.14.3-i486-2.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.14.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.14.3-x86_64-2.txz
MD5 signatures:
+-------------+
Slackware 12.1 packages:
ef233277d73f30e759df824af80cd0e4 xorg-server-1.4.2-i486-3_slack12.1.tgz
c12a4e3431a9a44477f407a212b43e00 xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
f7b4d111a7e31c63b2c996a3d0589d96 xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz
Slackware 12.2 packages:
4ddafe641d32fd03d5a4c00b635e656b xorg-server-1.4.2-i486-3_slack12.2.tgz
476c7be787f06648309e8896a6cf6a02 xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
dc1e372a735936ee41e6aa94e9604614 xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz
Slackware 13.0 packages:
254f0eabdf20693f94d188498e48c256 xorg-server-1.6.3-i486-3_slack13.0.txz
1bdd1b84658d5c59e0628cbbe1921eb8 xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
a6d90303c5a7ca6c011dbac8eee4607e xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
1c2c59bc2941e17dfa43b0b98f59f92e xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz
Slackware x86_64 13.0 packages:
ad23cbef6787d1108cf8bad0772125e8 xorg-server-1.6.3-x86_64-3_slack13.0.txz
8a338aa65a6804db160bd5f15c7f379b xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
80f96f34eb83b392828e53285fd472bc xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
8575e2cd0385853eab994e5b8e69a64b xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz
Slackware 13.1 packages:
5c51f895cde418ecb8f688390f93fcb1 xorg-server-1.7.7-i486-3_slack13.1.txz
ae847e54395d1f5f26732a483c2b14f2 xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
73f81dc775d11c1088d47ed3b3008eb6 xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
91bca29a7670c1f7351656e3bd80c103 xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz
Slackware x86_64 13.1 packages:
6b11f1c55b85e3f411145a1641ad5ea1 xorg-server-1.7.7-x86_64-3_slack13.1.txz
71152af1af3987fb8977d02515963cd7 xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
50dbbf40997dca93178d8cfa0cf85d13 xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
a2e855a63994d2651fcad0d5e2a81b7f xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz
Slackware 13.37 packages:
97f2d5436a755b2a6ce825ae35c13b75 xorg-server-1.9.5-i486-3_slack13.37.txz
e78709fb9794e39dc6fec49dd4ec26e4 xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
3e88197c8fd9683bde5a9a212b0be9aa xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
f1e937df516c72b5d14895e1451f3b9a xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz
Slackware x86_64 13.37 packages:
5602ee11e2337ad6df84fe6c6263f09a xorg-server-1.9.5-x86_64-3_slack13.37.txz
be8f63cff02433e24461862e191a2766 xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
7ef2877a8a6a2acaba88b216722281c4 xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
9761b6f2829b4155dcb16385aa459445 xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz
Slackware 14.0 packages:
c5261d5ff8a2d8216b370c442a5476fb xorg-server-1.12.4-i486-2_slack14.0.txz
5a6db769fd8b0ce3558f244bf43751ef xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
4a400005265699881f8428a6ffff1194 xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
58927f81581367deac8e93725dcd6a3e xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz
Slackware x86_64 14.0 packages:
a37cf73a34f61fdca1bfd6ffe8d89a4b xorg-server-1.12.4-x86_64-2_slack14.0.txz
fbdf1a0de0b8d9163d9741fd864e0c38 xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
7fc80fe92d44cb1dd226553d4bdb1eb8 xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
d98533c5ce95757e137611d75f676d79 xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz
Slackware -current packages:
a9aaea9c8475aa69ab4d6a5bdc57b0ce x/xorg-server-1.14.3-i486-2.txz
49a7ab4095dbe7403b2a3feb21da483a x/xorg-server-xephyr-1.14.3-i486-2.txz
37009849f0acdec2d398e1cd2c130567 x/xorg-server-xnest-1.14.3-i486-2.txz
cf0397cb1660de38e528b284517c83b1 x/xorg-server-xvfb-1.14.3-i486-2.txz
Slackware x86_64 -current packages:
628e0fa2eef95cfd02c213b6aa7260f2 x/xorg-server-1.14.3-x86_64-2.txz
9f86e0a8297b11064242af87476227f2 x/xorg-server-xephyr-1.14.3-x86_64-2.txz
762bb7da240799ae6128892377ced653 x/xorg-server-xnest-1.14.3-x86_64-2.txz
c80caf380942e53c2de54426d6dd831d x/xorg-server-xvfb-1.14.3-x86_64-2.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg xorg-server-1.12.4-i486-2_slack14.0.txz xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz xorg-server-xnest-1.12.4-i486-2_slack14.0.txz xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iEYEARECAAYFAlJcYAoACgkQakRjwEAQIjOuqACggFgshiciDrJwSLuxoVAehHC0
uzUAoJH4SrtTN79GBbdOo8GBJX8dsjqE
=Vdxi
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists