Multiple Vendor X Font Server Remote Buffer Overrun Vulnerability Solution:
The initial temporary fixes released by HP enabled the SHLIB_PATH, which may expose systems to additional vulnerabilities. HP has released an updated advisory instructing users that have applied the first set of fixes to either download revised fixes, or perform the following task on vulnerable fixes:
chatr +s disable xfs.1020
chatr +s disable xfs.1100
chatr +s disable xfs.1111
HP has released an advisory which contains patches. The following manual fix information was also included:
HP-UX 10.24 users should extract xfs from the 10.20 patch
HP-UX 11.04 users should extract xfs from the 11.00 patch.
HP-UX 10.10 users should contact the vendor for fix information.
Further details are available in the referenced HP Advisory.
SGI has released a security advisory. Users are advised to upgrade to IRIX v6.5.14 or later. Further details can be obtained from the referenced advisory.
Sun has released a preliminary advisory addressing this issue. Sun has advised users to disable the vulnerable server until fixes are available. See the referenced advisory for more details.
Fixes available:
Sun Solaris 8
Sun Solaris 2.6_x86
IBM AIX 5.1
Sun Solaris 7.0
IBM AIX 5.2
Sun Solaris 9
Sun Solaris 7.0_x86
Sun Solaris 2.6
Sun Solaris 8_x86
HP HP-UX 10.20
HP HP-UX 11.0
HP HP-UX 11.11
HP HP-UX 11.22
XFree86 X11R6 3.3
-
XFree86 X11R6 4.2.0 installation script
This is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh
XFree86 X11R6 3.3.2
-
XFree86 X11R6 4.2.0 installation script
This is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh
XFree86 X11R6 3.3.3
-
XFree86 X11R6 4.2.0 installation script
This is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh
XFree86 X11R6 3.3.4
-
XFree86 X11R6 4.2.0 installation script
This is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh
XFree86 X11R6 3.3.5
-
XFree86 X11R6 4.2.0 installation script
This is just the installation script. You must acquire the platform specific binary for this distribution from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ or http://ftp.xfree86.org/pub/XFree86/4.2.0/binaries/ . To determine which distribution you need to download, obtain the installation scr
ftp://ftp.xfree86.org/pub/XFree86/4.2.0/Xinstall.sh
IBM AIX 4.3.1
IBM AIX 4.3.2
IBM AIX 4.3.3
