lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <440E192F.1070104@videotron.ca>
Date: Tue Mar  7 23:40:27 2006
From: marcdeslauriers at videotron.ca (Marc Deslauriers)
Subject: [FLSA-2006:168264-2] Updated X.org packages fix
	security issue

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated X.org packages fix security issue
Advisory ID:       FLSA:168264-2
Issue date:        2006-03-07
Product:           Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2495
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated X.org packages that fix a security issue are now available.

X.org is an open source implementation of the X Window System. It
provides the basic low-level functionality that full-fledged graphical
user interfaces (GUIs) such as GNOME and KDE are designed upon.

2. Relevant releases/architectures:

Fedora Core 2 - i386

3. Problem description:

Several integer overflow bugs were found in the way X.org parses
pixmap images. It is possible for a user to gain elevated privileges by
loading a specially crafted pixmap image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to
this issue.

Users of X.org should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264

6. RPMs required:

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

fb2e8bbd5c2f1132d19ee20bd773be9d3179db9d
fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
02ff368c88f7907764b2da5e385f2e079f3849cd
fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
c81dda89910ea896c7070eab733df161dba54a39
fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
501f87e1196be0a33d95f0d52ead826677a34f22
fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm
1e0c6b43d3965b5e7d2d049bbc790d9a8c73a7d0
fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm
82eb2326f5b8494f96761e6092e34056e700a809
fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
c0d1461ddb2c070cdabddf6b3ebccc34ec66d3ef
fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
3f6382954c75e22ab177abbe1707140feea0170d
fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm
6f0c373860e9d64c5efea95e77d3e6d5872dacc0
fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
c861aa4032a4f169929f225d46e798f5e0f18890
fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
83eb270f4395c14edd17cc55a1d78965e5f602e8
fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
a99b042654bd86640eea6e7e1b76bda402d49b85
fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
52b7c9ff7e29265605c4bb1d08a735b279287fc5
fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
4e3900230a90728563f1173c8af82af2272dec03
fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
5091477dffb64324caae7d3d558882ab73e26609
fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
9ef03f7f4355a5e1d3f19f71d597e541cad3e831
fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
f1ea8740e9802ad98b194284e8afb3eee8e1106d
fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
222037711ead385d31fac145142c10c9c93f8c51
fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
c21a7c11d52eaabe8bae5145e270c5301fcf8c17
fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm
3314b29f2bc32e4ccd837b7973fc07847d073df0
fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm
3eac8219f4e3753644511090657ddc513a75c0c8
fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
f99d01e683755302d4ed5ea8a03f09b4828b7ea0
fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm
d265d17e698e8d2e3a40c9b8519fe70cd01a1ca2
fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
ff8ff747514e3b9bf7945aac37ed19ab00293fbd
fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm
e6141cfe3188c556c6e8ba54eba44d5e8645f09b
fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
05fc596a5a8956e8fcbd1ac788bbba855e87fbba
fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
70b47f7e0e944ef7402437135a044209cba064ae
fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
f6b74e278a54a2477bbda52155daad7787721a81
fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
c362a7d289c0c8d56ad63f0364e879819185871f
fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
fd3251aec6f906005c34d5a6e3324e38a0dcc510
fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm
af4f7aea4c1b550d1a0389c0f3213bc6c74d87e6
fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495

9. Contact:

The Fedora Legacy security contact is <secnotice@...oralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060307/ce26eea6/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ