Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0800 -- RHSA-2003:288-01 Updated XFree86 packages provide security and bug fixes 19 November 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: XFree86 Publisher: Red Hat Operating System: Red Hat Linux 9 Linux Impact: Execute Arbitrary Code/Commands Denial of Service Access Required: Remote CVE Names: CAN-2003-0690 CAN-2003-0692 CAN-2003-0730 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated XFree86 packages provide security and bug fixes Advisory ID: RHSA-2003:288-01 Issue date: 2003-11-17 Updated on: 2003-11-17 Product: Red Hat Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2003-0690 CAN-2003-0692 CAN-2003-0730 - - --------------------------------------------------------------------- 1. Topic: Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM. 2. Relevant releases/architectures: Red Hat Linux 9 - i386 3. Problem description: XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0730 to this issue. The risk to users from this vulnerability is limited because only clients can be affected by these bugs, however in some (non-default) configurations, both xfs and the X Server can act as clients to remote font servers. XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0690 to this issue. XDM uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0692 to this issue. Users are advised to upgrade to these updated XFree86 4.3.0 packages, which contain backported security patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. RPMs required: Red Hat Linux 9: SRPMS: ftp://updates.redhat.com/9/en/os/SRPMS/XFree86-4.3.0-2.90.43.src.rpm i386: ftp://updates.redhat.com/9/en/os/i386/XFree86-100dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-75dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-Mesa-libGL-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-Mesa-libGLU-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-Xnest-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-Xvfb-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-base-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-cyrillic-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-devel-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-doc-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-font-utils-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-libs-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-libs-data-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-sdk-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-syriac-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-tools-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-truetype-fonts-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-twm-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-xauth-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-xdm-4.3.0-2.90.43.i386.rpm ftp://updates.redhat.com/9/en/os/i386/XFree86-xfs-4.3.0-2.90.43.i386.rpm 6. Verification: MD5 sum Package Name - - -------------------------------------------------------------------------- 197d83599eabea9ab424a9390fe7d753 9/en/os/SRPMS/XFree86-4.3.0-2.90.43.src.rpm 89864dfb981aaa052499e338cb85acd9 9/en/os/i386/XFree86-100dpi-fonts-4.3.0-2.90.43.i386.rpm 31bbf1f22ba1fa6dea820b88e9a2059e 9/en/os/i386/XFree86-4.3.0-2.90.43.i386.rpm edd5121ecf72d39fd7581145c8b7fcbc 9/en/os/i386/XFree86-75dpi-fonts-4.3.0-2.90.43.i386.rpm 826d4f7c2914b732ca43485266b3daad 9/en/os/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.43.i386.rpm 89088cdc60bb8569da301d50e05d8f63 9/en/os/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.43.i386.rpm 91b062cc8015a5898894bfdf90d6ff99 9/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.43.i386.rpm 9f59c6547411fd257c45a953ab6e5921 9/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.43.i386.rpm 4e1c0ac39a47f968a2e7299be1efaf48 9/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.43.i386.rpm bf9432be1a3ce7d4b24901420f07fb5d 9/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.43.i386.rpm 96aa54b74718fdbdd72e8ccec8415b3f 9/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.43.i386.rpm bc79f57efa4e1a845382827d9021fd1e 9/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.43.i386.rpm 5f72d9cb4aac84f6dfd2fc0439037272 9/en/os/i386/XFree86-Mesa-libGL-4.3.0-2.90.43.i386.rpm 50b9edb13b54d3769602da54bb3183af 9/en/os/i386/XFree86-Mesa-libGLU-4.3.0-2.90.43.i386.rpm b37d0aefee6a1b379be3ab30cd1923df 9/en/os/i386/XFree86-Xnest-4.3.0-2.90.43.i386.rpm dd3a8c3271854b8e26dad948998e8952 9/en/os/i386/XFree86-Xvfb-4.3.0-2.90.43.i386.rpm 6f2aca8b9f3137b5da779c56eb73ec14 9/en/os/i386/XFree86-base-fonts-4.3.0-2.90.43.i386.rpm 5aa4659e2ec992b1b087e8d6c7190ff6 9/en/os/i386/XFree86-cyrillic-fonts-4.3.0-2.90.43.i386.rpm c6f870637e148f1da88e93181191f8da 9/en/os/i386/XFree86-devel-4.3.0-2.90.43.i386.rpm 0a427f41d4558bdd0b5cbcc857b9f766 9/en/os/i386/XFree86-doc-4.3.0-2.90.43.i386.rpm b3d53e1f9112010e9d3d2a866cfe4157 9/en/os/i386/XFree86-font-utils-4.3.0-2.90.43.i386.rpm d3b427915a56fcf2a4de2a26266f7903 9/en/os/i386/XFree86-libs-4.3.0-2.90.43.i386.rpm 83dd0d4ecae97e40f0bd47ed07309b93 9/en/os/i386/XFree86-libs-data-4.3.0-2.90.43.i386.rpm 7b970292113693ae24285baca7effcd5 9/en/os/i386/XFree86-sdk-4.3.0-2.90.43.i386.rpm aef8d7a6c6639c8ae9b5c8d554e458d2 9/en/os/i386/XFree86-syriac-fonts-4.3.0-2.90.43.i386.rpm 99a9274e87f44f1186fb53acf0e47553 9/en/os/i386/XFree86-tools-4.3.0-2.90.43.i386.rpm 371796a37e8f6f15d07cbbb4a2d35539 9/en/os/i386/XFree86-truetype-fonts-4.3.0-2.90.43.i386.rpm aa51b88ccb54f3cf3b93cc02271d107e 9/en/os/i386/XFree86-twm-4.3.0-2.90.43.i386.rpm d6c6c99723f3711befd8071567f79550 9/en/os/i386/XFree86-xauth-4.3.0-2.90.43.i386.rpm f3b70dbc805125764fb118e6bd81fd3a 9/en/os/i386/XFree86-xdm-4.3.0-2.90.43.i386.rpm f97f679e9543b2506d41deff0afc2042 9/en/os/i386/XFree86-xfs-4.3.0-2.90.43.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/unmfXlSAg2UNWIIRAt/gAKCIiIxv0ak2lObXuHoIEjJEkmy1SACfX1W1 hyWtMD8nBSkGXyyC1bu6OWk= =2PQ8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBP7q6oSh9+71yA2DNAQGtTAP/ZN4abMOClNW/78ZFsaTfLntCScERxdqO k8NpvaLTanGrFF7y5Aq+YzrCSUDQIIMRY0yIbSTtTsQVTItA3vfMq86EW4MA3OGI qJFZvbpOEYQqU3PWfptzVksT3+V8LnDSskoo3SkbBCVLdc7EdqX222o3oeir6HBh L/cDDru2ztE= =Hreb -----END PGP SIGNATURE-----