Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

XFree86
TLSA-2004-5
Published: 2004-02-17 16:37:37
Updated: 2004-02-17 16:37:37

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 17 Feb 2004
 Last revised           : 17 Feb 2004

 Package : XFree86

 Summary : Font file buffer overlows

 More information :
    XFree86 is an implementation of the X Window System, providing the core
    graphical user interface and video drivers.
    Two buffer overflow vulnerabilities were found in XFree86's parsing of the font.alias file. 
    Additional vulnerabilities were found, also in the reading of font files.

 Impact :
    A local attacker could exploit this vulnerability by creating a carefully-crafted file
    and gaining root privileges.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xvfb XFree86-contrib             XFree86-cyrillic-fonts XFree86-devel XFree86-fonts XFree86-libs XFree86-twm             XFree86-xcursor XFree86-xcursor-devel XFree86-xf86config XFree86-xfs             XFree86-xft XFree86-xft-devel

 [other]
 # zabom update XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-contrib                 XFree86-cyrillic-fonts XFree86-devel XFree86-libs XFree86-xfs
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/XFree86-4.3.0-49.src.rpm
     49987853 f10b5ecc163cefd8eb447761d517d1e8

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-100dpi-fonts-4.3.0-49.i586.rpm
     12434164 38e861e226a498d1b65312bfd84cb380
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-4.3.0-49.i586.rpm
     15518381 ea1e0e2164b26e105d6341a9e3d6cdfb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-75dpi-fonts-4.3.0-49.i586.rpm
     10765388 ced245b87fee236e92aa594a354b3fa8
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-Xvfb-4.3.0-49.i586.rpm
      1710994 03a70f08b674a0cfb7463453e88e4b1b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-contrib-4.3.0-49.i586.rpm
       465675 257511eb6b403240b301d018e733d853
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-cyrillic-fonts-4.3.0-49.i586.rpm
       408861 d3587c8dcc5fa7c5be5e196f76f33d65
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-devel-4.3.0-49.i586.rpm
      4354455 b2aad37da34b03910ea233ad32ec999a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-fonts-4.3.0-49.i586.rpm
      8766539 73b90228be7eb1b4224a2f1f250d75d5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-libs-4.3.0-49.i586.rpm
      2815832 db7433064328a92fadb7ee6cc1a043cd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-twm-4.3.0-49.i586.rpm
       114819 e97a779eedaf5fc371e863a68d407474
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-4.3.0-49.i586.rpm
        50159 d8ccfa38c8e611c5fc75e77e25c85027
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xcursor-devel-4.3.0-49.i586.rpm
        44740 24a0fe661a0b9acd44dff151882b723d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xf86config-4.3.0-49.i586.rpm
       311890 881e381c5937c2a6cd4dc6c65d2a80dc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xfs-4.3.0-49.i586.rpm
        80682 84ef32bb5d904009272bc1334c29ef24
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-4.3.0-49.i586.rpm
        82711 a6906b064fa0f47f51a5c4bffa96ba20
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/XFree86-xft-devel-4.3.0-49.i586.rpm
        62585 4e575393885b4e2f0540a6bc9334862c

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/XFree86-4.2.0-28.src.rpm
     59352192 d84b0c26765a63bdb860f3a082a1cef2

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-28.i586.rpm
     12401451 e04ba088ed3f62417806ddb7c128227f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-4.2.0-28.i586.rpm
     22743318 b6c3a70b3348f5e52eaf056a2b3a3370
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-28.i586.rpm
     10731481 4db9a6e6b8247b1caa51119c57bc4c3e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-contrib-4.2.0-28.i586.rpm
       307639 ffd4d64e1232aec5b0cbe0c34631b014
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-28.i586.rpm
       397269 5590e16defd270ddc27c3d848c553fb5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-devel-4.2.0-28.i586.rpm
      4613139 408e1cbb0cd0adddfa1f8a970d82c815
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-libs-4.2.0-28.i586.rpm
      2128154 13a3d6b92397aa2634bbd9230f08371d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/XFree86-xfs-4.2.0-28.i586.rpm
        71416 112431996304e2add60e5fe37df1f145

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/XFree86-4.2.0-28.src.rpm
     59352192 2dcd6cbf38ed6e34f982f405a8a646b9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-100dpi-fonts-4.2.0-28.i586.rpm
     12400559 fe4a13a1fe9010b9f882c0177ce8f0f9
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-4.2.0-28.i586.rpm
     22743334 b96ed06b4bbb64ed9cffdb98c4baffbc
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-75dpi-fonts-4.2.0-28.i586.rpm
     10731317 248e0db5499be61115595964618d4096
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-contrib-4.2.0-28.i586.rpm
       307551 9af30e882cfc0b7cf1a1eccbb3c198c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-cyrillic-fonts-4.2.0-28.i586.rpm
       397207 a3f679ccaefc325166cbadd3f21d5420
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-devel-4.2.0-28.i586.rpm
      4613821 f9058a850074a8a6de1df1347db10b27
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-libs-4.2.0-28.i586.rpm
      2128279 2ce0dc29cb7fab004d58fa6b07a4aa06
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/XFree86-xfs-4.2.0-28.i586.rpm
        71463 09b54fefc54a76c648d2cd1aff751750

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/XFree86-4.1.0-39.src.rpm
     56804083 f1940f27567de6bfdb04685b3d4971b6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-39.i586.rpm
     12396518 8443bbcc0ffe250deba3b9e93c2f373e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-4.1.0-39.i586.rpm
     20305692 8669afb7107435e14611fe8ab03e0c94
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-39.i586.rpm
     10726487 59f06e7876f67b8cd5f11914cdb5d198
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-contrib-4.1.0-39.i586.rpm
       241138 b871606d6521410270812cea3fcac576
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-39.i586.rpm
       392897 65c5d02bcebff7ca1f6b367cce894f24
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-devel-4.1.0-39.i586.rpm
      4081203 0dba3cce0063096f6c6c38d1c81f7563
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-libs-4.1.0-39.i586.rpm
      2151000 93d2e1554e3dc3db8abcb14777226c35
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/XFree86-xfs-4.1.0-39.i586.rpm
        65115 72a30b483b363d46bfec4cfb158c50d1

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/XFree86-4.1.0-39.src.rpm
     56804083 9d918f347a337336a4178025f79fe591

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-100dpi-fonts-4.1.0-39.i586.rpm
     12396025 d126e379dce0e49da81e6cf01c6a4619
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-4.1.0-39.i586.rpm
     20305803 e97bdb9cbe2cb0f3c1fa81360b3d175e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-75dpi-fonts-4.1.0-39.i586.rpm
     10726176 f3f4dde9fe9170f4df7d5714e6ae4a87
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-contrib-4.1.0-39.i586.rpm
       241081 ba59a2bb0fe53a219de7ce46790392c0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-cyrillic-fonts-4.1.0-39.i586.rpm
       392893 26352be1de62984b3453ee56a6a04495
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-devel-4.1.0-39.i586.rpm
      4079894 2546655d620639865bd0b3fed5ab2f74
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-libs-4.1.0-39.i586.rpm
      2149797 e84a259da54c95fcfac4525a185b8a9c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/XFree86-xfs-4.1.0-39.i586.rpm
        65093 dec2188eefb51a216659b7c778055ed4


 References :

 XFree86 Security Issues
   http://www.xfree86.org/security/index.html

 CVE
   [CAN-2004-0083]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
   [CAN-2004-0084]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
   [CAN-2004-0106]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106


 --------------------------------------------------------------------------
 Revision History
    17 Feb 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAMZc0K0LzjOqIJMwRAhfBAKC97OFtWGDY022lmpaycCwFqA0n+gCeO0B/
ZnGTPzYFT8dddy4J8N/uvT0=
=bR8x
-----END PGP SIGNATURE-----




 

Privacy Statement
Copyright 2008, SecurityFocus