Published:
22 June 1999
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-1999.083 -- RHSA-1999:013-02
New XFree86 packages for Red Hat Linux 6.0
23 June 1999
===========================================================================
Red Hat Software, Inc. has released the following advisory concerning
vulnerabilities in XFree86 packages shipped with Red Hat Linux 6.0.
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: New XFree86 packages for Red Hat Linux 6.0
Advisory ID: RHSA-1999:013-02
Issue date: 1999-06-15
Updated on: 1999-06-17
Keywords: xfree86 utmp xterm xdm xinit xfs xinitrc
- ---------------------------------------------------------------------
Revision History:
1999-06-17: Updated xinitrc packages
1. Topic:
New XFree86 packages are available that fix problems related to those
originally shipped with Red Hat Linux 6.0. A new xinit configuration
file package is also available.
2. Bug IDs fixed:
2192 2382 2402 2423 2484 2759 3524 3537
3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel: ftp://updates.redhat.com/6.0/i386/
XFree86-3.3.3.1-52.i386.rpm
XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm
XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm
XFree86-3DLabs-3.3.3.1-52.i386.rpm
XFree86-8514-3.3.3.1-52.i386.rpm
XFree86-AGX-3.3.3.1-52.i386.rpm
XFree86-FBDev-3.3.3.1-52.i386.rpm
XFree86-I128-3.3.3.1-52.i386.rpm
XFree86-Mach32-3.3.3.1-52.i386.rpm
XFree86-Mach64-3.3.3.1-52.i386.rpm
XFree86-Mach8-3.3.3.1-52.i386.rpm
XFree86-Mono-3.3.3.1-52.i386.rpm
XFree86-P9000-3.3.3.1-52.i386.rpm
XFree86-S3-3.3.3.1-52.i386.rpm
XFree86-S3V-3.3.3.1-52.i386.rpm
XFree86-SVGA-3.3.3.1-52.i386.rpm
XFree86-VGA16-3.3.3.1-52.i386.rpm
XFree86-W32-3.3.3.1-52.i386.rpm
XFree86-XF86Setup-3.3.3.1-52.i386.rpm
XFree86-Xnest-3.3.3.1-52.i386.rpm
XFree86-Xvfb-3.3.3.1-52.i386.rpm
XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm
XFree86-devel-3.3.3.1-52.i386.rpm
XFree86-doc-3.3.3.1-52.i386.rpm
XFree86-libs-3.3.3.1-52.i386.rpm
XFree86-xfs-3.3.3.1-52.i386.rpm
Alpha: ftp://updates.redhat.com/6.0/alpha/
XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm
XFree86-3.3.3.1-52.alpha.rpm
XFree86-3DLabs-3.3.3.1-52.alpha.rpm
XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm
XFree86-FBDev-3.3.3.1-52.alpha.rpm
XFree86-Mach64-3.3.3.1-52.alpha.rpm
XFree86-Mono-3.3.3.1-52.alpha.rpm
XFree86-P9000-3.3.3.1-52.alpha.rpm
XFree86-S3-3.3.3.1-52.alpha.rpm
XFree86-S3V-3.3.3.1-52.alpha.rpm
XFree86-SVGA-3.3.3.1-52.alpha.rpm
XFree86-TGA-3.3.3.1-52.alpha.rpm
XFree86-Xnest-3.3.3.1-52.alpha.rpm
XFree86-Xvfb-3.3.3.1-52.alpha.rpm
XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm
XFree86-devel-3.3.3.1-52.alpha.rpm
XFree86-doc-3.3.3.1-52.alpha.rpm
XFree86-libs-3.3.3.1-52.alpha.rpm
XFree86-xfs-3.3.3.1-52.alpha.rpm
Sparc: ftp://updates.redhat.com/6.0/sparc/
XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm
XFree86-3.3.3.1-52.sparc.rpm
XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm
XFree86-Mach64-3.3.3.1-52.sparc.rpm
XFree86-Sun-3.3.3.1-52.sparc.rpm
XFree86-Sun24-3.3.3.1-52.sparc.rpm
XFree86-SunMono-3.3.3.1-52.sparc.rpm
XFree86-VGA16-3.3.3.1-52.sparc.rpm
XFree86-Xnest-3.3.3.1-52.sparc.rpm
XFree86-Xvfb-3.3.3.1-52.sparc.rpm
XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm
XFree86-devel-3.3.3.1-52.sparc.rpm
XFree86-doc-3.3.3.1-52.sparc.rpm
XFree86-libs-3.3.3.1-52.sparc.rpm
XFree86-xfs-3.3.3.1-52.sparc.rpm
Architecture neutral: ftp://updates.redhat.com/6.0/noarch/
xinitrc-2.4.1-1.noarch.rpm
7. Problem description:
A number of problems exist with the XFree86 RPMs shipped with Red Hat
Linux 6.0. The font server is hardcoded not to accept TCP
connections. A race condition leads to slow startups on X servers
which are entirely cached in memory. There are some problems with
inputting ISO-8859-1 characters with an ISO-8859-2 language in use.
By default, the directory /etc/X11/xdm/authdir does not exist, which
causes the X server to fall back to no authentication at all.
Additionally, those users who did not use Xkb keyboard extension had
problems wwith backspace and Motif applications.
(1999-06-17)
The original xinitrc packages released for this update,
xinitrc-2.4-1, had errors (the xinitrc and Xclients files
were not executable). This has been fixed in the currently
available errata pacakges.
8. Solution:
Upgrade to the latest errata release of XFree86 for Red Hat Linux 6.0
on your particular platform. In some circumstances, you may be
required to add --force and/or --nodeps to the rpm command line
options to insure a proper upgrade. Add these options if the command
line given gives an error. You should upgrade at least the core
XFree86 package, the font server (xfs) package, the libraries, and the
server for your video card.
More detailed instructions on installing XFree86 are available from:
http://www.redhat.com/corp/support/docs/XFree86-upgrade/XFree86-upgrade.html
Also upgrade your xinit package:
rpm -Uvh xinitrc-2.4.1-1.noarch.rpm
9. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
3377f5374367c105090eb4c23e648820 XFree86-100dpi-fonts-3.3.3.1-52.i386.rpm
af163b327e77b488a8321eed14e9afa8 XFree86-3.3.3.1-52.i386.rpm
0700b24bae6e6da2d2b8961a0542d10e XFree86-3DLabs-3.3.3.1-52.i386.rpm
45dde95cc292c6afd24eb619ba3454c6 XFree86-75dpi-fonts-3.3.3.1-52.i386.rpm
b37321cbe24e432a766a92b3c729a92b XFree86-8514-3.3.3.1-52.i386.rpm
e9a6e936d14a6e85c6609c6649ec134b XFree86-AGX-3.3.3.1-52.i386.rpm
83400a15f0dc2a74191aa330a49fca77 XFree86-FBDev-3.3.3.1-52.i386.rpm
77d6e57ed3fd66cceaa907b844bbb5aa XFree86-I128-3.3.3.1-52.i386.rpm
5459a5978bda4abbc047d2d3c03ee2dd XFree86-Mach32-3.3.3.1-52.i386.rpm
aed71d4c59e702f017106f5f5b5a605e XFree86-Mach64-3.3.3.1-52.i386.rpm
56e1f93493eac4b05efa40da9592e2b6 XFree86-Mach8-3.3.3.1-52.i386.rpm
8d0a2a313c22a1ee51ea13d0811c057c XFree86-Mono-3.3.3.1-52.i386.rpm
0b34bd6500724dd0d6281eb1820e5fb9 XFree86-P9000-3.3.3.1-52.i386.rpm
e44910789f7b9e93df129ee6f46aae5b XFree86-S3-3.3.3.1-52.i386.rpm
6b72f690750adb8c68326b82e0400cae XFree86-S3V-3.3.3.1-52.i386.rpm
0a146763bbb39bf3da7f0ad1cf2df9d4 XFree86-SVGA-3.3.3.1-52.i386.rpm
0901e5d5f1fe8bd6d672d234ad5a6122 XFree86-VGA16-3.3.3.1-52.i386.rpm
80889547256cf8b3f2c36a3828a91915 XFree86-W32-3.3.3.1-52.i386.rpm
944c201a78392b26d883ac9206c8ca89 XFree86-XF86Setup-3.3.3.1-52.i386.rpm
a89b22a3b0c5b539ed4364b4f64a180d XFree86-Xnest-3.3.3.1-52.i386.rpm
3a241af7121044aa257879d0b8181faa XFree86-Xvfb-3.3.3.1-52.i386.rpm
be9d96cc20bca5227d66040855f502a7 XFree86-cyrillic-fonts-3.3.3.1-52.i386.rpm
697c2b7bcc4b7827119d2e2af1ad834c XFree86-devel-3.3.3.1-52.i386.rpm
0ed4dbc9f58ffa8bf5c81e093f91b4b1 XFree86-doc-3.3.3.1-52.i386.rpm
ac04ec3bcbbcfc002850c07881d0be19 XFree86-libs-3.3.3.1-52.i386.rpm
efa2e2c157e9fcf76dc62351b649fb28 XFree86-xfs-3.3.3.1-52.i386.rpm
0877964c712c27f1a0f100d056da6dbf XFree86-100dpi-fonts-3.3.3.1-52.alpha.rpm
3ededf4e92c99378d8c3495ca49e3905 XFree86-3.3.3.1-52.alpha.rpm
6cdd03b551762f8b559670a43d99b503 XFree86-3DLabs-3.3.3.1-52.alpha.rpm
43d775f70152009f18e1cfe9c0cebbb0 XFree86-75dpi-fonts-3.3.3.1-52.alpha.rpm
a80217fa5c5db2373004926cfce11c28 XFree86-FBDev-3.3.3.1-52.alpha.rpm
aac5040b65988ab3535d45f58bccf5f2 XFree86-Mach64-3.3.3.1-52.alpha.rpm
e77bba6e2e78ac988357c5900543dd1d XFree86-Mono-3.3.3.1-52.alpha.rpm
633b96d224154aeae50aa9379c977c4f XFree86-P9000-3.3.3.1-52.alpha.rpm
72d8368a09369988313eecd17227a3a3 XFree86-S3-3.3.3.1-52.alpha.rpm
a5112a42e796c26290e0e84055261fe9 XFree86-S3V-3.3.3.1-52.alpha.rpm
d7c097507ce8095cf44f73bf191b07c5 XFree86-SVGA-3.3.3.1-52.alpha.rpm
bcea15049e980761a8c25f0bc41e6552 XFree86-TGA-3.3.3.1-52.alpha.rpm
cb1e110fc2b18c32accf4ef2d4460d3c XFree86-Xnest-3.3.3.1-52.alpha.rpm
fde07a114cc77176f74e359e62d83790 XFree86-Xvfb-3.3.3.1-52.alpha.rpm
009437fe3539d8372885f96565dc3761 XFree86-cyrillic-fonts-3.3.3.1-52.alpha.rpm
66dccef6d028d5b1122b8f4cbb6c51ab XFree86-devel-3.3.3.1-52.alpha.rpm
2aec3a68c6b028363a8cbcc72c0fcb55 XFree86-doc-3.3.3.1-52.alpha.rpm
2956de346bc64bc90ff24570d0f3caaa XFree86-libs-3.3.3.1-52.alpha.rpm
06e2b95a14a9c87b1901b78520e0326f XFree86-xfs-3.3.3.1-52.alpha.rpm
658c9e77ffbe39916932f705b3d150d1 XFree86-100dpi-fonts-3.3.3.1-52.sparc.rpm
1c40a497fc8c091098b2bb0186345fa8 XFree86-3.3.3.1-52.sparc.rpm
a5796eca284e77106dd362ad2ce841c8 XFree86-75dpi-fonts-3.3.3.1-52.sparc.rpm
85f8424c776516b0e74fd22accfdc02d XFree86-Mach64-3.3.3.1-52.sparc.rpm
e97064dc422a5db6aa4cd340e6a9f257 XFree86-Sun-3.3.3.1-52.sparc.rpm
13cedd2ae3f5aef0649818fe29cd3f39 XFree86-Sun24-3.3.3.1-52.sparc.rpm
1a8dadfeec1070628c5c998300742da8 XFree86-SunMono-3.3.3.1-52.sparc.rpm
6785b217b6eb749df33fdb5c862c647f XFree86-VGA16-3.3.3.1-52.sparc.rpm
27baf5de31046604db3f92912c5d4f12 XFree86-Xnest-3.3.3.1-52.sparc.rpm
bbe3d199637e99d6998389706cad19e0 XFree86-Xvfb-3.3.3.1-52.sparc.rpm
5901848d4b50a19410e70356fdb507c6 XFree86-cyrillic-fonts-3.3.3.1-52.sparc.rpm
48e48161525d43d46ca915e84d880b09 XFree86-devel-3.3.3.1-52.sparc.rpm
9da16c4c6a005c13695a6e74d6532bf9 XFree86-doc-3.3.3.1-52.sparc.rpm
2433faee144ea90e017d5b704c59d72a XFree86-libs-3.3.3.1-52.sparc.rpm
ba046424292a7482d33dc105a89738f5 XFree86-xfs-3.3.3.1-52.sparc.rpm
a285601c26bcae993540af94f37e523b xinitrc-2.4.1-1.noarch.rpm
3e5d457b933d5dabeea9af65c5d480f4 XFree86-3.3.3.1-52.src.rpm
3c9e5676e86c0a7b7f3d89d3eb6d32e9 xinitrc-2.4.1-1.src.rpm
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html
10. References:
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBN3jZaih9+71yA2DNAQFJegP5ATGcKlwBsUMnY/+EEV4Xyye/4OzpTR/l
Emesw2ifHzd3JAVlHVjueaqfGjLDg45zqLlqePbJQdTnBkazTjOPTlo1C3i7MkDX
e1qE7SsE6voSSjxCxvAze9LnenxTjgdItnFe/DDigT3J5Ml3vyhvJLC9FOT/fOIi
4hDNB5xntlg=
=cP7E
-----END PGP SIGNATURE-----