[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] X security update

To: linux-security
Subject: [linux-security] X security update
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 6 Jul 2001 11:47:47 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
various buffer overflows in XFree86, version 3.3.x

Problem Description
===================
There are several buffer overflows in xdm (X window manager) that
at least allow denial-of-service (DoS) attacks against the X server.
Also there are several buffer overflows that may be locally exploitable
in several libraries. Furthermore, there exist race conditions in xauth
and libXau.

There are many more bugs (too many to be listed here) that have been fixed
in the newer version.

Affected Systems
================
All Linux systems that use XFree86, version 3.3.x.

Not Affected
============
RedHat 7.x, if only XFree86, version 4 was installed.
(check: "rpm -qa | grep XFree86")

Solution
========
Upgrade to newer version.

RedHat 6.x
----------
rpm -Fvh XFree86-3.3.6-29.i386.rpm \
         XFree86-100dpi-fonts-3.3.6-29.i386.rpm \
         XFree86-3DLabs-3.3.6-29.i386.rpm \
         XFree86-75dpi-fonts-3.3.6-29.i386.rpm \
         XFree86-8514-3.3.6-29.i386.rpm \
         XFree86-AGX-3.3.6-29.i386.rpm \
         XFree86-FBDev-3.3.6-29.i386.rpm \
         XFree86-I128-3.3.6-29.i386.rpm \
         XFree86-Mach32-3.3.6-29.i386.rpm \
         XFree86-Mach64-3.3.6-29.i386.rpm \
         XFree86-Mach8-3.3.6-29.i386.rpm \
         XFree86-Mono-3.3.6-29.i386.rpm \
         XFree86-P9000-3.3.6-29.i386.rpm \
         XFree86-S3-3.3.6-29.i386.rpm \
         XFree86-S3V-3.3.6-29.i386.rpm \
         XFree86-SVGA-3.3.6-29.i386.rpm \
         XFree86-VGA16-3.3.6-29.i386.rpm \
         XFree86-W32-3.3.6-29.i386.rpm \
         XFree86-XF86Setup-3.3.6-29.i386.rpm \
         XFree86-Xnest-3.3.6-29.i386.rpm \
         XFree86-Xvfb-3.3.6-29.i386.rpm \
         XFree86-cyrillic-fonts-3.3.6-29.i386.rpm \
         XFree86-devel-3.3.6-29.i386.rpm \
         XFree86-doc-3.3.6-29.i386.rpm \
         XFree86-libs-3.3.6-29.i386.rpm \
         XFree86-xfs-3.3.6-29.i386.rpm

RedHat 7.x
----------
rpm -Fvh XFree86-3DLabs-3.3.6-38.i386.rpm \
         XFree86-8514-3.3.6-38.i386.rpm \
         XFree86-AGX-3.3.6-38.i386.rpm \
         XFree86-FBDev-3.3.6-38.i386.rpm \
         XFree86-Mach32-3.3.6-38.i386.rpm \
         XFree86-Mach64-3.3.6-38.i386.rpm \
         XFree86-Mach8-3.3.6-38.i386.rpm \
         XFree86-Mono-3.3.6-38.i386.rpm \
         XFree86-P9000-3.3.6-38.i386.rpm \
         XFree86-S3-3.3.6-38.i386.rpm \
         XFree86-S3V-3.3.6-38.i386.rpm \
         XFree86-SVGA-3.3.6-38.i386.rpm \
         XFree86-VGA16-3.3.6-38.i386.rpm \
         XFree86-W32-3.3.6-38.i386.rpm

Other Distributions
-------------------
I have not seen security announcement about XFree86 for distributions other
than RedHat although various exploits against X are currently discussed
on security related mailing lists. Thus I expect new releases for other
distributions shortly. Check the the security announcements for your
distribution frequently.

Prev by Date: [linux-security] LPRng priviledges bugs
Next by Date: [linux-security] root exploit in samba
Prev by thread: [linux-security] root exploit in samba
Next by thread: [linux-security] LPRng priviledges bugs
Index(es):
- Date
- Thread