Fedora Legacy Test Update Notification: XFree86

Dominic Hargreaves dom at earth.li
Wed Sep 29 23:53:22 UTC 2004 

Please test these packages and report to bugzilla. Note these packages are
for Redhat 7.3; the previous test update was for Redhat 9.

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORALEGACY-2004-1289
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1289
2004-09-30
---------------------------------------------------------------------
 
Name        : XFree86
Version     : 4.2.1-16.73.27
Summary     : The basic fonts, programs and docs for an X workstation.
Description :
XFree86 is an open source implementation of the X Window System.  It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.

---------------------------------------------------------------------
Update Information:
 
iDefense discovered two buffer overflows in the parsing of the 'font.alias'
file. A local attacker could exploit this vulnerability by creating a
carefully-crafted file and gaining root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

Additionally David Dawes discovered additional flaws in reading font files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0106 to these issues.

---------------------------------------------------------------------
Changelog:

* Tue Sep 28 2004 Dominic Hargrewaves <dom at earth.li> 4.2.1-27

- Fixed permissions of a few source files
- Added gcc-c++ BuildRequires

* Fri May 14 2004 John P. Dalbec <jpdalbec at ysu.edu> 4.2.1-26

- Disabled parallel building (not fixable?).

* Wed May 12 2004 John P. Dalbec <jpdalbec at ysu.edu> 4.2.1-25

- Fixed parallel building (reversed order of two lines in Makefile patches).
- Added conditional BuildRequires for Glide3-devel.
- Commented out rpm -q test for Glide3-devel.

* Tue Feb 24 2004 John P. Dalbec <jpdalbec at ysu.edu> 4.2.1-24

- [SECURITY] XFree86-4.2.1-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2-430-backport.patch
  added containing fixes for libXfont buffer overflow issues CAN-2004-0083,
  CAN-2004-0084, and CAN-2004-0106 (copied from RH 9 SRPM).
- Added missing BuildRequires for libtool
- Converted all BuildPrereq to BuildRequires
 

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/

b311b22fe4d6d4e08f99ea7e59d4be7a6158d66d  7.3/updates-testing/SRPMS/XFree86-4.2.
1-16.73.27.src.rpm 
8a5738fc0d2aeff3b98e3cfdf28135eeee4385f0  7.3/updates-testing/i386/XFree86-100dp
i-fonts-4.2.1-16.73.27.i386.rpm
77ae3b1c10ce7a001f5822c66f6b91f58c94a475  7.3/updates-testing/i386/XFree86-4.2.1
-16.73.27.i386.rpm 
9c899aab10f09516a9003199620d0fc2e04dd014  7.3/updates-testing/i386/XFree86-75dpi
-fonts-4.2.1-16.73.27.i386.rpm
7e365574c9d4c4e56ed042f7119423bc6114dbb5  7.3/updates-testing/i386/XFree86-base-
fonts-4.2.1-16.73.27.i386.rpm
477b6fa1d9bec3a1bb9f285c8c57622d4d131656  7.3/updates-testing/i386/XFree86-cyril
lic-fonts-4.2.1-16.73.27.i386.rpm
704f039490bb3a0e56400f7ec71a9cfb43de129b  7.3/updates-testing/i386/XFree86-devel
-4.2.1-16.73.27.i386.rpm
56f083d57e4fd5048d5a0548193c03ecb39332f9  7.3/updates-testing/i386/XFree86-doc-4
.2.1-16.73.27.i386.rpm
cef766b8f14f497279905516cc0743ca0b484a6a  7.3/updates-testing/i386/XFree86-font-utils-4.2.1-16.73.27.i386.rpm
9dbf4535e9499d5e3ca21ce44b14859d88a45ac7  7.3/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.27.i386.rpm
50782370c7d3a524649085b039cb704e1361754b  7.3/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.27.i386.rpm
28f087c281057110a3dd1ca84c564033b5510c67  7.3/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.27.i386.rpm
074a8115455791cbfc09c02c4796533c2d00fa57  7.3/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.27.i386.rpm
1f23b76f196979b8ae5d91cda87f1eb7905be0e7  7.3/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.27.i386.rpm
65d0f074cade8ac011ec881e91862541f2b7de63  7.3/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.27.i386.rpm
fa8d73c984479350425bda006a168d19a4f724a5  7.3/updates-testing/i386/XFree86-libs-4.2.1-16.73.27.i386.rpm
f4e2d367b3ac930e68d4c2dae3d4fa78e45eb7e9  7.3/updates-testing/i386/XFree86-tools-4.2.1-16.73.27.i386.rpm
8dd9a32c44beb8110897adeaeac66e10a02e5ec2  7.3/updates-testing/i386/XFree86-truetype-fonts-4.2.1-16.73.27.i386.rpm
0083535709b3e46c646551e48d3c6793a0797c6c  7.3/updates-testing/i386/XFree86-twm-4.2.1-16.73.27.i386.rpm
889acef55be6e8cc1fa67d1133b03e68d6e4a2b3  7.3/updates-testing/i386/XFree86-xdm-4.2.1-16.73.27.i386.rpm
e0f95f9a79dcb83b73bfc284714f1ea9b8f8eeba  7.3/updates-testing/i386/XFree86-xf86cfg-4.2.1-16.73.27.i386.rpm
d963b8d19b4cef53c70e60597a57ff2b215af244  7.3/updates-testing/i386/XFree86-xfs-4.2.1-16.73.27.i386.rpm
708d06c728c2df4eb526403eb132630b027da0f2  7.3/updates-testing/i386/XFree86-Xnest-4.2.1-16.73.27.i386.rpm
74ba7b4eaae9ca8d44c053afbc18fba9e163f59d  7.3/updates-testing/i386/XFree86-Xvfb-4.2.1-16.73.27.i386.rpm

 
Please note that this update is also available via yum and apt through the 
updates-testing channel.  Many people find this an easier way to apply 
updates.
---------------------------------------------------------------------

More information about the fedora-legacy-list mailing list