[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41C902FBC7F1EA47933D76631B1704EE068907@rcertsexch.rcert-s.army.mil>
From: joel.esler at rcert-s.army.mil (Esler, Joel - Contractor)
Subject: unsubscribe
This is not the way you do it!!
-- -----Original Message-----
-- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
-- admin@...ts.netsys.com] On Behalf Of 4cray
-- Sent: Tuesday, November 25, 2003 5:08 PM
-- To: bugzilla@...hat.com; redhat-watch-list@...hat.com;
-- bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
-- Subject: [Full-Disclosure] unsubscribe
--
-- i want to unsubscribe this newsletter!
-- Thanks
-- ----- Original Message -----
-- From: <bugzilla@...hat.com>
-- To: <redhat-watch-list@...hat.com>; <bugtraq@...urityfocus.com>;
-- <full-disclosure@...ts.netsys.com>
-- Sent: Tuesday, November 25, 2003 10:56 AM
-- Subject: [RHSA-2003:287-01] Updated XFree86 packages provide security
and
-- bug fixes
--
--
-- -----BEGIN PGP SIGNED MESSAGE-----
-- Hash: SHA1
--
-- -
---------------------------------------------------------------------
-- Red Hat Security Advisory
--
-- Synopsis: Updated XFree86 packages provide security and bug
-- fixes
-- Advisory ID: RHSA-2003:287-01
-- Issue date: 2003-11-25
-- Updated on: 2003-11-25
-- Product: Red Hat Linux
-- Keywords:
-- Cross references:
-- Obsoletes: RHSA-2003:066 RHSA-2003:067
-- CVE Names: CAN-2003-0690 CAN-2003-0730
-- -
---------------------------------------------------------------------
--
-- 1. Topic:
--
-- Updated XFree86 packages for Red Hat Linux 7.3 and 8.0 provide
security
-- fixes to font libraries and XDM.
--
-- 2. Relevant releases/architectures:
--
-- Red Hat Linux 7.3 - i386
-- Red Hat Linux 8.0 - i386
--
-- 3. Problem description:
--
-- XFree86 is an implementation of the X Window System providing the
core
-- graphical user interface and video drivers in Red Hat Linux. XDM is
the X
-- display manager.
--
-- Multiple integer overflows in the transfer and enumeration of font
-- libraries in XFree86 allow local or remote attackers to cause a
denial of
-- service or execute arbitrary code via heap-based and stack-based
buffer
-- overflow attacks. The Common Vulnerabilities and Exposures project
-- (cve.mitre.org) has assigned the name CAN-2003-0730 to this issue.
--
-- The risk to users from this vulnerability is limited because only
-- clients
-- can be affected by these bugs, however in some (non default)
-- configurations, both xfs and the X Server can act as clients
-- to remote font servers.
--
-- XDM does not verify whether the pam_setcred function call succeeds,
which
-- may allow attackers to gain root privileges by triggering error
-- conditions
-- within PAM modules, as demonstrated in certain configurations of the
-- pam_krb5 module. The Common Vulnerabilities and Exposures project
-- (cve.mitre.org) has assigned the name CAN-2003-0690 to this issue.
--
-- Users are advised to upgrade to these updated XFree86 4.2.1 packages,
-- which
-- contain backported security patches and are not vulnerable to these
-- issues.
--
-- 4. Solution:
--
-- Before applying this update, make sure all previously released errata
-- relevant to your system have been applied.
--
-- To update all RPMs for your particular architecture, run:
--
-- rpm -Fvh [filenames]
--
-- where [filenames] is a list of the RPMs you wish to upgrade. Only
those
-- RPMs which are currently installed will be updated. Those RPMs which
are
-- not installed but included in the list will not be updated. Note
that
-- you
-- can also use wildcards (*.rpm) if your current directory *only*
contains
-- the
-- desired RPMs.
--
-- Please note that this update is also available via Red Hat Network.
Many
-- people find this an easier way to apply updates. To use Red Hat
Network,
-- launch the Red Hat Update Agent with the following command:
--
-- up2date
--
-- This will start an interactive process that will result in the
-- appropriate
-- RPMs being upgraded on your system.
--
-- If up2date fails to connect to Red Hat Network due to SSL Certificate
-- Errors, you need to install a version of the up2date client with an
-- updated
-- certificate. The latest version of up2date is available from the Red
Hat
-- FTP site and may also be downloaded directly from the RHN website:
--
-- https://rhn.redhat.com/help/latest-up2date.pxt
--
-- 5. RPMs required:
--
-- Red Hat Linux 7.3:
--
-- SRPMS:
--
ftp://updates.redhat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm
--
-- i386:
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-
-- 13.73.23.
-- i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-
-- 13.73.23.i
-- 386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-
-- 4.2.
-- 1-13.73.23.i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-
-- 4.2.1
-- -13.73.23.i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-
-- 4.2.1
-- -13.73.23.i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-
-- 4.2.1-
-- 13.73.23.i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-
-- 4.2.1
-- -13.73.23.i386.rpm
--
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-
-- 4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xnest-4.2.1-
-- 13.73.23.i386.rp
-- m
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xvfb-4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-base-fonts-4.2.1-
-- 13.73.23.i3
-- 86.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-
-- 13.73.2
-- 3.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-devel-4.2.1-
-- 13.73.23.i386.rp
-- m
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-doc-4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-font-utils-4.2.1-
-- 13.73.23.i3
-- 86.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-libs-4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-tools-4.2.1-
-- 13.73.23.i386.rp
-- m
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-
-- 13.73.2
-- 3.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-twm-4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xdm-4.2.1-
-- 13.73.23.i386.rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xf86cfg-4.2.1-
-- 13.73.23.i386.
-- rpm
-- ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xfs-4.2.1-
-- 13.73.23.i386.rpm
--
-- Red Hat Linux 8.0:
--
-- SRPMS:
-- ftp://updates.redhat.com/8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm
--
-- i386:
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-
-- 23.i386.r
-- pm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-
-- 23.i386.rp
-- m
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-
-- 4.2.
-- 1-23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-
-- 4.2.1
-- -23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-
-- 4.2.1
-- -23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-
-- 4.2.1-
-- 23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-
-- 4.2.1
-- -23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-
-- 4.2.1-
-- 23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-
-- 23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-
-- 23.i386.rp
-- m
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-base-fonts-4.2.1-
-- 23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-
-- 23.i386
-- .rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-font-utils-4.2.1-
-- 23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-
-- 23.i386
-- .rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm
--
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm
-- ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm
--
--
--
-- 6. Verification:
--
-- MD5 sum Package Name
-- -
-----------------------------------------------------------------------
-- ---
-- 6dc1b32efd505aafd4acf61115077e9e
-- 7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm
-- e814707b495c8d0a30adb16daec18c33
-- 7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.23.i386.rpm
-- b87cfe1e01934b80e7bb7c6e0dc719a9
-- 7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm
-- b1d5c0db0d7a05883c90d1c6ab9d18fb
-- 7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.23.i386.rpm
-- f4fd6d9868aacf9dcc48c4c07faf890d
--
7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23.i386.rpm
-- 003a785d80fdfd838d222c96e559e391
-- 7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23.i386.rpm
-- b773184b7b97e93544ca7ae5cd3fbd45
-- 7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23.i386.rpm
-- cc89ae4346639c5f6cdd35e2702ad03d
-- 7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23.i386.rpm
-- ebb3a1937f9f34ed6b7b1f4c09f5ebfb
-- 7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23.i386.rpm
-- 57a1058465aaa805655322ba7f18cfda
-- 7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23.i386.rpm
-- d45d6f8cf3cdffa608a7e2ba90729002
-- 7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.23.i386.rpm
-- 0b7b1e2273dabd54123e1f9a9f02398b
-- 7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.23.i386.rpm
-- 3bcb7efa42b5c27a5af605b65c30cf92
-- 7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.23.i386.rpm
-- 3ed229277a41413514200c2beedc9aef
-- 7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.23.i386.rpm
-- 4802948ad7fdaf554ff4c49f7e01eb9b
-- 7.3/en/os/i386/XFree86-devel-4.2.1-13.73.23.i386.rpm
-- 9a6854ffc8209e1ade2c049847778cf7
-- 7.3/en/os/i386/XFree86-doc-4.2.1-13.73.23.i386.rpm
-- 27d6b5d5c6e4cd9178cb9f04fde31336
-- 7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.23.i386.rpm
-- 9174c97c5b1eeec77e978be2f0fb4759
-- 7.3/en/os/i386/XFree86-libs-4.2.1-13.73.23.i386.rpm
-- bb4ddc7f291cbb2d942924af3a3e382d
-- 7.3/en/os/i386/XFree86-tools-4.2.1-13.73.23.i386.rpm
-- 926875650771bf4e35d7d8f9f2b88581
-- 7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.23.i386.rpm
-- f8e8b836b2fef31e330310b250f235d5
-- 7.3/en/os/i386/XFree86-twm-4.2.1-13.73.23.i386.rpm
-- 3370b7c640c370a5fae7882c19de346d
-- 7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.23.i386.rpm
-- 6b0835732bd88f3e58551208fd88a694
-- 7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.23.i386.rpm
-- e796a4ecba0c8cd577e556bfefd0d1f8
-- 7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.23.i386.rpm
-- 5b23a90a4fbcec116264f987a1fa2fc6
8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm
-- 83205dd6d709b1cd0c89bc3ac1fbdcf7
-- 8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-23.i386.rpm
-- 0d0b76a5b9c918335fcefe9e96e43400
8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm
-- c0bff3283737f329e52a44987316905a
-- 8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-23.i386.rpm
-- 468f8042474082e887c49d76eec846cc
-- 8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-23.i386.rpm
-- 6800179468ad3937a761e18d5a58e9a6
-- 8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-23.i386.rpm
-- 8cb666742b3603bb1b5f03c6516f583a
-- 8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-23.i386.rpm
-- 2b6c1b0e013e6dc6ace6ce3411034ea5
-- 8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-23.i386.rpm
-- 421ff4186cf4723ee93cb913aa4759ac
-- 8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-23.i386.rpm
-- 3959c4b6b73f544f57adc30930fc33f5
-- 8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-23.i386.rpm
-- 89f84c356a1db508a7bf5a676a21a8e8
-- 8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-23.i386.rpm
-- 41781ae1dd9259db03f0ea88d8a01791
-- 8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-23.i386.rpm
-- 055a156c76ea4064f423b1910137421f
-- 8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm
-- c1e17db9962f4f94b54dc10d65369102
-- 8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm
-- 73d13ff4ad503f803e85c21735d4b4fd
-- 8.0/en/os/i386/XFree86-base-fonts-4.2.1-23.i386.rpm
-- a4867e700dcbf2d1626a91e85c52b585
-- 8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-23.i386.rpm
-- 845a3a2974ce06fc9df51b578dc1183a
-- 8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm
-- 03d9603e1941e5b79f8539208b226dda
-- 8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm
-- 5128b77c384b1d9bf12829469e7372ca
-- 8.0/en/os/i386/XFree86-font-utils-4.2.1-23.i386.rpm
-- a3944d3f49beda3c7f496f7f45e0cc42
-- 8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm
-- 45a425d5e5df31f284c7e541f7ca1df3
-- 8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm
-- 04cacefa0f0a0021a37a90195353ea63
-- 8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-23.i386.rpm
-- 70d9a72ac0fb0e21f9fa053cde55c683
-- 8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm
-- 38b1ee5b9a5218e13bde7ac1ecf4ac8b
-- 8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm
-- 22dcddd4c3960a1e6e499627a2255936
-- 8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm
-- c230f65b0a619a10e3331b68855d6c71
-- 8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm
--
--
-- These packages are GPG signed by Red Hat for security. Our key is
-- available from https://www.redhat.com/security/keys.html
--
-- You can verify each package with the following command:
--
-- rpm --checksig -v <filename>
--
-- If you only wish to verify that each package has not been corrupted
or
-- tampered with, examine only the md5sum with the following command:
--
-- md5sum <filename>
--
--
-- 7. References:
--
-- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
-- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730
--
-- 8. Contact:
--
-- The Red Hat security contact is <secalert@...hat.com>. More contact
-- details at
https://www.redhat.com/solutions/security/news/contact.html
--
-- Copyright 2003 Red Hat, Inc.
-- -----BEGIN PGP SIGNATURE-----
-- Version: GnuPG v1.0.7 (GNU/Linux)
--
-- iD8DBQE/wydnXlSAg2UNWIIRAgwKAJ9PiyrkkqZlkp/b3g0P6b7sr7Z2NQCfZhzn
-- 2JjXxt7qQqdRrHJF7V98Axg=
-- =PjfC
-- -----END PGP SIGNATURE-----
--
--
--
--
-- _______________________________________________
-- Full-Disclosure - We believe in it.
-- Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists