-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

          ESB-2003.0816 -- RHSA-2003:286-01 and RHSA-2003:287-01
          Updated XFree86 packages provide security and bug fixes
                             26 November 2003

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                XFree86
Publisher:              Red Hat
Operating System:       Red Hat Linux 8
                        Red Hat Linux 7.3
                        Red Hat Linux 7.2
                        Red Hat Linux 7.1
                        Linux
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access Required:        Remote
CVE Names:              CAN-2003-0690 CAN-2003-0730

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages provide security and bug fixes
Advisory ID:       RHSA-2003:286-01
Issue date:        2003-11-25
Updated on:        2003-11-25
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2003:064
CVE Names:         CAN-2003-0690 CAN-2003-0730
- - ---------------------------------------------------------------------

1. Topic:

Updated XFree86 packages for Red Hat Linux 7.1 and 7.2 provide security
fixes to font libraries and XDM.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64

3. Problem description:

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers in Red Hat Linux. XDM is the X
display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0730 to this issue.  

The risk to users from this vulnerability is  limited because only clients
can be affected by these bugs, however in some (non default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0690 to this issue.  

Users are advised to upgrade to these updated XFree86 4.1.0 packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/XFree86-4.1.0-50.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/XFree86-4.1.0-50.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-Xnest-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-Xvfb-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-devel-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-doc-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-libs-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-tools-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-twm-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-xdm-4.1.0-50.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/XFree86-xfs-4.1.0-50.ia64.rpm



6. Verification:

MD5 sum                          Package Name
- - --------------------------------------------------------------------------
7efb4b0fabfdda2ce4c1b373a572bfd1 7.1/en/os/SRPMS/XFree86-4.1.0-50.src.rpm
fd4e32571a13c5abeac8b206d968b689 7.1/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
63c7e312a7ad1a86fbdd4ec4a9adf0c3 7.1/en/os/i386/XFree86-4.1.0-50.i386.rpm
8da27539132b330a8c31395e096d608f 7.1/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
6be72fce1104a5f128be37cbd8cad8b5 7.1/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
00a776519a3f973a5b765caf509e29d1 7.1/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
2fee21094915ebd82d4ae8abe4edbd16 7.1/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
339fd5f8da5bf336516c5e5f9bbc758f 7.1/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
6e32757dd225257b0aa246894f6e8e24 7.1/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
23f38f513ab37bc8a83dce375fdbb802 7.1/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
c0497149120bd251de7edabc8ed325db 7.1/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ae667bca67f4df9180d82e450d61a45b 7.1/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
7185badb6ccb5b3b501f6495a904a9a9 7.1/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
514a2e738887b93cbb3aacdf17917165 7.1/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
27cd532f5e87326132b4ed5ab5eefd2a 7.1/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
0b86ef4d64f189ca92190354a5490f3f 7.1/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
091cb83eeef310889aabd49308878f3b 7.1/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
0d96ad2763f609c683cb53900158ad81 7.1/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ed04b15ee5d410db9de3678f9c245f7f 7.1/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
d98872d9b717d954f60b0e99089a0017 7.1/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
8309b090164a173e4af439fd70b5bfac 7.1/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm
7efb4b0fabfdda2ce4c1b373a572bfd1 7.2/en/os/SRPMS/XFree86-4.1.0-50.src.rpm
fd4e32571a13c5abeac8b206d968b689 7.2/en/os/i386/XFree86-100dpi-fonts-4.1.0-50.i386.rpm
63c7e312a7ad1a86fbdd4ec4a9adf0c3 7.2/en/os/i386/XFree86-4.1.0-50.i386.rpm
8da27539132b330a8c31395e096d608f 7.2/en/os/i386/XFree86-75dpi-fonts-4.1.0-50.i386.rpm
6be72fce1104a5f128be37cbd8cad8b5 7.2/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.i386.rpm
00a776519a3f973a5b765caf509e29d1 7.2/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.i386.rpm
2fee21094915ebd82d4ae8abe4edbd16 7.2/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.i386.rpm
339fd5f8da5bf336516c5e5f9bbc758f 7.2/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.i386.rpm
6e32757dd225257b0aa246894f6e8e24 7.2/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.i386.rpm
23f38f513ab37bc8a83dce375fdbb802 7.2/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.i386.rpm
c0497149120bd251de7edabc8ed325db 7.2/en/os/i386/XFree86-Xnest-4.1.0-50.i386.rpm
ae667bca67f4df9180d82e450d61a45b 7.2/en/os/i386/XFree86-Xvfb-4.1.0-50.i386.rpm
7185badb6ccb5b3b501f6495a904a9a9 7.2/en/os/i386/XFree86-cyrillic-fonts-4.1.0-50.i386.rpm
514a2e738887b93cbb3aacdf17917165 7.2/en/os/i386/XFree86-devel-4.1.0-50.i386.rpm
27cd532f5e87326132b4ed5ab5eefd2a 7.2/en/os/i386/XFree86-doc-4.1.0-50.i386.rpm
0b86ef4d64f189ca92190354a5490f3f 7.2/en/os/i386/XFree86-libs-4.1.0-50.i386.rpm
091cb83eeef310889aabd49308878f3b 7.2/en/os/i386/XFree86-tools-4.1.0-50.i386.rpm
0d96ad2763f609c683cb53900158ad81 7.2/en/os/i386/XFree86-twm-4.1.0-50.i386.rpm
ed04b15ee5d410db9de3678f9c245f7f 7.2/en/os/i386/XFree86-xdm-4.1.0-50.i386.rpm
d98872d9b717d954f60b0e99089a0017 7.2/en/os/i386/XFree86-xf86cfg-4.1.0-50.i386.rpm
8309b090164a173e4af439fd70b5bfac 7.2/en/os/i386/XFree86-xfs-4.1.0-50.i386.rpm
bc62b3524b6345c789de0bb7854b9764 7.2/en/os/ia64/XFree86-100dpi-fonts-4.1.0-50.ia64.rpm
7eff39e90e945a43000aa8d25d2cacda 7.2/en/os/ia64/XFree86-4.1.0-50.ia64.rpm
25f7bbbdb2ed35fece85f8c365ac2178 7.2/en/os/ia64/XFree86-75dpi-fonts-4.1.0-50.ia64.rpm
b6afcf366aa7dda3247cec2bda5144e6 7.2/en/os/ia64/XFree86-ISO8859-15-100dpi-fonts-4.1.0-50.ia64.rpm
70f7d87704b953afc85dda704b601dd8 7.2/en/os/ia64/XFree86-ISO8859-15-75dpi-fonts-4.1.0-50.ia64.rpm
c95a4efbab26c06e26c50f43475bfb2a 7.2/en/os/ia64/XFree86-ISO8859-2-100dpi-fonts-4.1.0-50.ia64.rpm
517bc70e140f328d1f4bb2d068aa1773 7.2/en/os/ia64/XFree86-ISO8859-2-75dpi-fonts-4.1.0-50.ia64.rpm
38874cb6cc0b12bb7e866a2296cd2ad7 7.2/en/os/ia64/XFree86-ISO8859-9-100dpi-fonts-4.1.0-50.ia64.rpm
c1871a3e04b343e01cdef62eae4c2e64 7.2/en/os/ia64/XFree86-ISO8859-9-75dpi-fonts-4.1.0-50.ia64.rpm
8c923b7686a1c8e301a0e80c8e675743 7.2/en/os/ia64/XFree86-Xnest-4.1.0-50.ia64.rpm
52da9ca96b1e1f3f7b74b709d464235a 7.2/en/os/ia64/XFree86-Xvfb-4.1.0-50.ia64.rpm
50338cb8cfba15210fe5f9bd5b7133a7 7.2/en/os/ia64/XFree86-cyrillic-fonts-4.1.0-50.ia64.rpm
fc84db81718a3840d35a26e9bbc29d6b 7.2/en/os/ia64/XFree86-devel-4.1.0-50.ia64.rpm
0f76c791684c9ff42ae28125701cd8a5 7.2/en/os/ia64/XFree86-doc-4.1.0-50.ia64.rpm
e50744592053813ce6eb36a3fee741aa 7.2/en/os/ia64/XFree86-libs-4.1.0-50.ia64.rpm
44e6ce7b970dcb7e35f87b96e3d233db 7.2/en/os/ia64/XFree86-tools-4.1.0-50.ia64.rpm
a1948bdee2293010d85022212d9e0c4a 7.2/en/os/ia64/XFree86-twm-4.1.0-50.ia64.rpm
dd58fc137d671b92ff257482174da8f9 7.2/en/os/ia64/XFree86-xdm-4.1.0-50.ia64.rpm
fe57efa8fa1ed81137f511a71d499b68 7.2/en/os/ia64/XFree86-xfs-4.1.0-50.ia64.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/wyYyXlSAg2UNWIIRArJKAJ9IX9RF52m/qYXmSFnUyFfTL9EiHACggmoN
g7bG012X2eajTGNTf/jRgzg=
=sSbU
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages provide security and bug fixes
Advisory ID:       RHSA-2003:287-01
Issue date:        2003-11-25
Updated on:        2003-11-25
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2003:066 RHSA-2003:067
CVE Names:         CAN-2003-0690 CAN-2003-0730
- - ---------------------------------------------------------------------

1. Topic:

Updated XFree86 packages for Red Hat Linux 7.3 and 8.0 provide security
fixes to font libraries and XDM.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers in Red Hat Linux. XDM is the X
display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0730 to this issue.  

The risk to users from this vulnerability is  limited because only clients
can be affected by these bugs, however in some (non default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0690 to this issue.  

Users are advised to upgrade to these updated XFree86 4.2.1 packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-devel-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-doc-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-libs-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-tools-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-twm-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.23.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.23.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-base-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-font-utils-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm



6. Verification:

MD5 sum                          Package Name
- - --------------------------------------------------------------------------
6dc1b32efd505aafd4acf61115077e9e 7.3/en/os/SRPMS/XFree86-4.2.1-13.73.23.src.rpm
e814707b495c8d0a30adb16daec18c33 7.3/en/os/i386/XFree86-100dpi-fonts-4.2.1-13.73.23.i386.rpm
b87cfe1e01934b80e7bb7c6e0dc719a9 7.3/en/os/i386/XFree86-4.2.1-13.73.23.i386.rpm
b1d5c0db0d7a05883c90d1c6ab9d18fb 7.3/en/os/i386/XFree86-75dpi-fonts-4.2.1-13.73.23.i386.rpm
f4fd6d9868aacf9dcc48c4c07faf890d 7.3/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-13.73.23.i386.rpm
003a785d80fdfd838d222c96e559e391 7.3/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-13.73.23.i386.rpm
b773184b7b97e93544ca7ae5cd3fbd45 7.3/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-13.73.23.i386.rpm
cc89ae4346639c5f6cdd35e2702ad03d 7.3/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-13.73.23.i386.rpm
ebb3a1937f9f34ed6b7b1f4c09f5ebfb 7.3/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-13.73.23.i386.rpm
57a1058465aaa805655322ba7f18cfda 7.3/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-13.73.23.i386.rpm
d45d6f8cf3cdffa608a7e2ba90729002 7.3/en/os/i386/XFree86-Xnest-4.2.1-13.73.23.i386.rpm
0b7b1e2273dabd54123e1f9a9f02398b 7.3/en/os/i386/XFree86-Xvfb-4.2.1-13.73.23.i386.rpm
3bcb7efa42b5c27a5af605b65c30cf92 7.3/en/os/i386/XFree86-base-fonts-4.2.1-13.73.23.i386.rpm
3ed229277a41413514200c2beedc9aef 7.3/en/os/i386/XFree86-cyrillic-fonts-4.2.1-13.73.23.i386.rpm
4802948ad7fdaf554ff4c49f7e01eb9b 7.3/en/os/i386/XFree86-devel-4.2.1-13.73.23.i386.rpm
9a6854ffc8209e1ade2c049847778cf7 7.3/en/os/i386/XFree86-doc-4.2.1-13.73.23.i386.rpm
27d6b5d5c6e4cd9178cb9f04fde31336 7.3/en/os/i386/XFree86-font-utils-4.2.1-13.73.23.i386.rpm
9174c97c5b1eeec77e978be2f0fb4759 7.3/en/os/i386/XFree86-libs-4.2.1-13.73.23.i386.rpm
bb4ddc7f291cbb2d942924af3a3e382d 7.3/en/os/i386/XFree86-tools-4.2.1-13.73.23.i386.rpm
926875650771bf4e35d7d8f9f2b88581 7.3/en/os/i386/XFree86-truetype-fonts-4.2.1-13.73.23.i386.rpm
f8e8b836b2fef31e330310b250f235d5 7.3/en/os/i386/XFree86-twm-4.2.1-13.73.23.i386.rpm
3370b7c640c370a5fae7882c19de346d 7.3/en/os/i386/XFree86-xdm-4.2.1-13.73.23.i386.rpm
6b0835732bd88f3e58551208fd88a694 7.3/en/os/i386/XFree86-xf86cfg-4.2.1-13.73.23.i386.rpm
e796a4ecba0c8cd577e556bfefd0d1f8 7.3/en/os/i386/XFree86-xfs-4.2.1-13.73.23.i386.rpm
5b23a90a4fbcec116264f987a1fa2fc6 8.0/en/os/SRPMS/XFree86-4.2.1-23.src.rpm
83205dd6d709b1cd0c89bc3ac1fbdcf7 8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-23.i386.rpm
0d0b76a5b9c918335fcefe9e96e43400 8.0/en/os/i386/XFree86-4.2.1-23.i386.rpm
c0bff3283737f329e52a44987316905a 8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-23.i386.rpm
468f8042474082e887c49d76eec846cc 8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-23.i386.rpm
6800179468ad3937a761e18d5a58e9a6 8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-23.i386.rpm
8cb666742b3603bb1b5f03c6516f583a 8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-23.i386.rpm
2b6c1b0e013e6dc6ace6ce3411034ea5 8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-23.i386.rpm
421ff4186cf4723ee93cb913aa4759ac 8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-23.i386.rpm
3959c4b6b73f544f57adc30930fc33f5 8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-23.i386.rpm
89f84c356a1db508a7bf5a676a21a8e8 8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-23.i386.rpm
41781ae1dd9259db03f0ea88d8a01791 8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-23.i386.rpm
055a156c76ea4064f423b1910137421f 8.0/en/os/i386/XFree86-Xnest-4.2.1-23.i386.rpm
c1e17db9962f4f94b54dc10d65369102 8.0/en/os/i386/XFree86-Xvfb-4.2.1-23.i386.rpm
73d13ff4ad503f803e85c21735d4b4fd 8.0/en/os/i386/XFree86-base-fonts-4.2.1-23.i386.rpm
a4867e700dcbf2d1626a91e85c52b585 8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-23.i386.rpm
845a3a2974ce06fc9df51b578dc1183a 8.0/en/os/i386/XFree86-devel-4.2.1-23.i386.rpm
03d9603e1941e5b79f8539208b226dda 8.0/en/os/i386/XFree86-doc-4.2.1-23.i386.rpm
5128b77c384b1d9bf12829469e7372ca 8.0/en/os/i386/XFree86-font-utils-4.2.1-23.i386.rpm
a3944d3f49beda3c7f496f7f45e0cc42 8.0/en/os/i386/XFree86-libs-4.2.1-23.i386.rpm
45a425d5e5df31f284c7e541f7ca1df3 8.0/en/os/i386/XFree86-tools-4.2.1-23.i386.rpm
04cacefa0f0a0021a37a90195353ea63 8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-23.i386.rpm
70d9a72ac0fb0e21f9fa053cde55c683 8.0/en/os/i386/XFree86-twm-4.2.1-23.i386.rpm
38b1ee5b9a5218e13bde7ac1ecf4ac8b 8.0/en/os/i386/XFree86-xauth-4.2.1-23.i386.rpm
22dcddd4c3960a1e6e499627a2255936 8.0/en/os/i386/XFree86-xdm-4.2.1-23.i386.rpm
c230f65b0a619a10e3331b68855d6c71 8.0/en/os/i386/XFree86-xfs-4.2.1-23.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/wydnXlSAg2UNWIIRAgwKAJ9PiyrkkqZlkp/b3g0P6b7sr7Z2NQCfZhzn
2JjXxt7qQqdRrHJF7V98Axg=
=PjfC
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBP8P9vyh9+71yA2DNAQEKewQAkAOdDg5QTu2QDDczVMOOwW8uY+b/+3oI
ecuI7qIvZf8g1GE40lV3ZLaZYJvccqDbwWU+Xb/e+wGVXckxMaGCA/eeF/ZDVyul
peZlJTWV2UuiayUdNDfAoMoGhflp5X61rvAi/aCH/76Ibv0WCgqG2L6gpoXamREb
l9Zn7aKM6pQ=
=p+sH
-----END PGP SIGNATURE-----