
---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New updated XFree86 packages available
Advisory ID:       RHSA-2001:071-05
Issue date:        2001-05-24
Updated on:        2001-06-22
Product:           Red Hat Linux
Keywords:          XFree86 update security vulnerablity stable s3 savage i815 i810
Cross references:  
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

New updated XFree86 3.3.6 packages are available for Red Hat Linux 7.1,
7.0, and 6.2 which contain many security updates, bug fixes, and updated
drivers for various different families of video hardware including:

S3 Savage, S3 Trio64, S3 ViRGE, Intel i810/i815, ATI Rage Mobility Mach64,
and numerous other driver fixes and improvements.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - i386

3. Problem description:

Since the initial release of XFree86 3.3.6, many bugs have been fixed
in the XFree86 stable branch of CVS (xf-3_3-branch).  This includes
several security updates, various driver and library bug fixes, and
performance improvements.  In addition to the updated release from
XFree86.org are several further enhancements included - such as updated
S3 drivers, i810/815, and other improvements.

Below is a list of some of the important security updates taken from
the XFree86 CHANGELOG document.  The complete list of updates is quite
lengthy however, so I list only some of the highlights here.  This is
not an exhaustive or complete list.  Please refer to the XFree86
CHANGELOG document contained in the source code RPM package for the
complete list.

1630. [SECURITY] Avoid DoS attacks on xdm (Keith Packard).
1629. [SECURITY] Check for negative reply length/overflow in _XAsyncReply
      (Xlib) (#4601, Mike Harris).
1625. Include  in Xos.h to get struct tm (based on #4464, Mike
      Harris, and H.J. Lu).
1624. [SECURITY] fix possible buffer overflow (NOT on stack) in xdm
      xdmcp code (patch69 from Red Hat SRPMS).
1623. [SECURITY] Pull fixed from 4.0.2 for following problems:
      - XlibInt buffer overflow
      - libICE denial of service
      - XOpenDisplay buffer overflow (#4450, Branden Robinson)
1621. [SECURITY]: Fix temp file problem in Imake.rules,
      InstallManPageAliases (Matthieu Herrb)
1620. [SECURITY]: Pull fixes from the main branch:
      - XCSECURITY DoS (Paulo Caesar Pereira de Andrade and Keith Packard),
      - _XAsyncReply() Xlib stack corruption,
      - Xaw temp file handling (Branden Robinson).
1619. [SECURITY] Safe tempfile handline for imake's probing of glibc
      version (based on #4257, Colin Phipps).
1618. Fix a libXt bug that affects multidisplay applications when Xt is
      built to use select(2) rather than poll(2) (#A.181, Antony Uspensky).
1617. Back port GeForce2 support for the nv driver from 4.x (#4103,
      Jarno Paananen).
1616. [SECURITY] Fix a 1-byte overflow in Xtrans.c (#4182, Aaron Campbell).
1615. [SECURITY] Back port fix for
        from 4.0
      (#4181, Matthieu Herrb).
1613. Add DPMS support to I128 driver (Robin Cutshaw).
1611. [SECURITY] Fix tmp file problem with makedepend scripts (based on
      report from Alan Cox).
1605. [SECURITY] Fix a buffer overflow with the -xkbmap X server flag
      (#A.91, Trevor Johnson).
1604. Fix an xfs crash that shows up when many clients connect (#A.48,
      Remy Card).
1602. Fix a core dump in fstobdf when using 16 bit fonts (#A.25,
      Morten Storgaard Nielsen).
1601. Fix memleak warning when doing realloc(NULL, size) (#A.7,
      Charles G Waldman).
1599. Fix mode restore bug in ATI driver (Marc La France).
1596. Fix Rage 128 detection bug in ATI driver (Marc La France).
1594. Fix an Xlib bug that causes freed memory to be accessed.  This is
      exposed by Netscape (#3738, Keith Packard).
1593. Add DGA support to I128 server (Robin Cutshaw).
1592. Fix remaining ATI Mobility problems (Marc La France).
1591. Fix for dead keys in XKB Swedish, Norwegian and Finnish keyboards
      (#3702, 3703, Preston Brown).
1590. [SECURITY] Fix possible races in xauth and libXau (#3690, 3694,
      Colin Phipps).
1586. Fix the pam_close_session problems in xdm (#3621, Preston Brown).
1585. Fix an Xserver core dump that can happen when xdmcp-related command
      line options have missing arguments (#3614, Harald Koenig).
1578. rage128 driver fix (Marc La France).

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (  for more info):

10877 - Red Hat 6.x X Font Server DoS Vulnerability
10897 - X11 font server vulnerability
10951 - X Font Server DoS and Buffer Overflow Vulnerabilities
10960 - X enters endless loop calling select() when window is closed
18636 - Bug on XFree86-SVGA-3.3.6-33.i386.rpm
32302 - i815 X Server won't start after install

6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
 

alpha: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

sparc: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

Red Hat Linux 7.0:

SRPMS: 
 

alpha: 
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
 

Red Hat Linux 7.1:

SRPMS: 
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
 


7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
19813b3684ae50af586e7514e70a49d3 6.2/en/os/SRPMS/XFree86-3.3.6-29.src.rpm
5f58f0f0aac229cebdb0d2e7a90b3efc 6.2/en/os/alpha/XFree86-100dpi-fonts-3.3.6-29.alpha.rpm
ff29ca70bf332bb1420a2c100cf8e8ce 6.2/en/os/alpha/XFree86-3.3.6-29.alpha.rpm
b90b0cd803be522004c5a5a52dc211c6 6.2/en/os/alpha/XFree86-3DLabs-3.3.6-29.alpha.rpm
fa94cd814cbfd44890b4dd5224225eed 6.2/en/os/alpha/XFree86-75dpi-fonts-3.3.6-29.alpha.rpm
e42de1537d7ba9872b51c718d46ff8d7 6.2/en/os/alpha/XFree86-FBDev-3.3.6-29.alpha.rpm
bb399dad4535d44292a8725f2136fc38 6.2/en/os/alpha/XFree86-Mach64-3.3.6-29.alpha.rpm
7c13affcb2d42df542eccd35a324dfd6 6.2/en/os/alpha/XFree86-Mono-3.3.6-29.alpha.rpm
b87029be7ba981ada69bebb4a0577fab 6.2/en/os/alpha/XFree86-P9000-3.3.6-29.alpha.rpm
369cc08d8a33480939d66d51034285f2 6.2/en/os/alpha/XFree86-S3-3.3.6-29.alpha.rpm
dc04787a6eb0961105aa2588780cdd79 6.2/en/os/alpha/XFree86-S3V-3.3.6-29.alpha.rpm
3e6fe15ca495c24b2d521a168721c0de 6.2/en/os/alpha/XFree86-SVGA-3.3.6-29.alpha.rpm
074ad137b1d99d16e6678003e2176aa3 6.2/en/os/alpha/XFree86-TGA-3.3.6-29.alpha.rpm
dfa6ce8154846c43af7d0918fda07035 6.2/en/os/alpha/XFree86-Xnest-3.3.6-29.alpha.rpm
c3adc27129de2887cac407151442e041 6.2/en/os/alpha/XFree86-Xvfb-3.3.6-29.alpha.rpm
1dd3b2379a1bef51fda47436b30ccdf9 6.2/en/os/alpha/XFree86-cyrillic-fonts-3.3.6-29.alpha.rpm
cf94bade8244d4a55f9bdaf65d19515b 6.2/en/os/alpha/XFree86-devel-3.3.6-29.alpha.rpm
df1a49546c6fdec8d98b4de450957745 6.2/en/os/alpha/XFree86-doc-3.3.6-29.alpha.rpm
9cda3f7867f3ab4d52091bfce0aa0d15 6.2/en/os/alpha/XFree86-libs-3.3.6-29.alpha.rpm
0715e906d8b2fde971b42f5912222ccf 6.2/en/os/alpha/XFree86-xfs-3.3.6-29.alpha.rpm
0c44c3d05e9f15899a69eae09c62172c 6.2/en/os/i386/XFree86-100dpi-fonts-3.3.6-29.i386.rpm
d2a84baa948c734981e59a7e0b412561 6.2/en/os/i386/XFree86-3.3.6-29.i386.rpm
efe99af08f10fedab027cdff52b06269 6.2/en/os/i386/XFree86-3DLabs-3.3.6-29.i386.rpm
50617b3502bae1016bdde105f1a61e55 6.2/en/os/i386/XFree86-75dpi-fonts-3.3.6-29.i386.rpm
01c4655b99478055c9bb728b1df74fbc 6.2/en/os/i386/XFree86-8514-3.3.6-29.i386.rpm
51700e364fb4a2f108617764dcabb1c6 6.2/en/os/i386/XFree86-AGX-3.3.6-29.i386.rpm
f5c1d127d3ab7624f1d4d37dbbf84581 6.2/en/os/i386/XFree86-FBDev-3.3.6-29.i386.rpm
01c2707b23968c9fd92bfe69f0bfad51 6.2/en/os/i386/XFree86-I128-3.3.6-29.i386.rpm
fb870cbf5a3f39302d394ad3cd7afaf4 6.2/en/os/i386/XFree86-Mach32-3.3.6-29.i386.rpm
a83ff83f54ca0e8955c722cde0b88c41 6.2/en/os/i386/XFree86-Mach64-3.3.6-29.i386.rpm
6802ae00bed64134e33a87309e0c9708 6.2/en/os/i386/XFree86-Mach8-3.3.6-29.i386.rpm
bac9a2652da59c9cc86329f7de48fd32 6.2/en/os/i386/XFree86-Mono-3.3.6-29.i386.rpm
299ba09bb1f1ad93d377cb3d63ec89f7 6.2/en/os/i386/XFree86-P9000-3.3.6-29.i386.rpm
ec39a5247dd53b91d4be0d17873ecde2 6.2/en/os/i386/XFree86-S3-3.3.6-29.i386.rpm
1964fc031658347ae268ec2c9057d007 6.2/en/os/i386/XFree86-S3V-3.3.6-29.i386.rpm
7107186ddb1528d1b7170974329682ae 6.2/en/os/i386/XFree86-SVGA-3.3.6-29.i386.rpm
5ff1cfad68180c758182c42282dac628 6.2/en/os/i386/XFree86-VGA16-3.3.6-29.i386.rpm
afb360a461ddea2da341cfcd15421e10 6.2/en/os/i386/XFree86-W32-3.3.6-29.i386.rpm
e1be55b778fea16a9a08ad7d7788f183 6.2/en/os/i386/XFree86-XF86Setup-3.3.6-29.i386.rpm
767d7f124bd190ed4f72a91c9c0e89e8 6.2/en/os/i386/XFree86-Xnest-3.3.6-29.i386.rpm
2bfd30cf6ec9c70b7da093f55c097780 6.2/en/os/i386/XFree86-Xvfb-3.3.6-29.i386.rpm
63ebf73724e9be5b6d00f976b4bbd86f 6.2/en/os/i386/XFree86-cyrillic-fonts-3.3.6-29.i386.rpm
089618f588314037237218186c698c00 6.2/en/os/i386/XFree86-devel-3.3.6-29.i386.rpm
2ee6d026e168e916dacd0081ad0b33ce 6.2/en/os/i386/XFree86-doc-3.3.6-29.i386.rpm
6987a9f54aac77e70d5ad79e4985b21f 6.2/en/os/i386/XFree86-libs-3.3.6-29.i386.rpm
793694a7894a322ca904289ade45271c 6.2/en/os/i386/XFree86-xfs-3.3.6-29.i386.rpm
e9497afa2b12b8b8fe7ea98862572b26 6.2/en/os/sparc/XFree86-100dpi-fonts-3.3.6-29.sparc.rpm
e63e94578e25f8e7d84af1bea8932334 6.2/en/os/sparc/XFree86-3.3.6-29.sparc.rpm
550ba24a17ea713b6c9a05b2de83dbc2 6.2/en/os/sparc/XFree86-3DLabs-3.3.6-29.sparc.rpm
61c83a54529c6421abc89fa01b928c4d 6.2/en/os/sparc/XFree86-75dpi-fonts-3.3.6-29.sparc.rpm
adf13b0f543f0416316b1ec19f506708 6.2/en/os/sparc/XFree86-FBDev-3.3.6-29.sparc.rpm
b80672bcdc457961fac59be7661ae65e 6.2/en/os/sparc/XFree86-Mach64-3.3.6-29.sparc.rpm
447582290e1a64435bd68481129b1ce2 6.2/en/os/sparc/XFree86-Sun-3.3.6-29.sparc.rpm
589aec452139ce4c73dada41cd85ad97 6.2/en/os/sparc/XFree86-Sun24-3.3.6-29.sparc.rpm
63fbf18163db79f66b9dc4c848a2fe5f 6.2/en/os/sparc/XFree86-SunMono-3.3.6-29.sparc.rpm
9c9523d8870c83396be1b8928cde54dd 6.2/en/os/sparc/XFree86-VGA16-3.3.6-29.sparc.rpm
b045949efe566ad149060e6a039a2828 6.2/en/os/sparc/XFree86-Xnest-3.3.6-29.sparc.rpm
be93b37438a6a1ff9ba389834912e466 6.2/en/os/sparc/XFree86-Xvfb-3.3.6-29.sparc.rpm
4db1ceb5319477c192ab0915b924c8b3 6.2/en/os/sparc/XFree86-cyrillic-fonts-3.3.6-29.sparc.rpm
9018738a9e3b7b35be85852ce85bebcc 6.2/en/os/sparc/XFree86-devel-3.3.6-29.sparc.rpm
256424e5df867ac2aeeec4bc705a96bb 6.2/en/os/sparc/XFree86-doc-3.3.6-29.sparc.rpm
0ac394745bbfd6902316ebee8702c90f 6.2/en/os/sparc/XFree86-libs-3.3.6-29.sparc.rpm
248cb3d242930018b9790ac7f5ae4a96 6.2/en/os/sparc/XFree86-xfs-3.3.6-29.sparc.rpm
4821e654068ae8e493dfe75b74c553f9 7.0/en/os/SRPMS/XFree86-Servers-3.3.6-38.src.rpm
9907035893dd07c3d3c36e799bae1d61 7.0/en/os/alpha/XFree86-3DLabs-3.3.6-38.alpha.rpm
7216839cafd60f49199a513872a7cb2c 7.0/en/os/alpha/XFree86-FBDev-3.3.6-38.alpha.rpm
fd44ffcce8b1809656268223856a065b 7.0/en/os/alpha/XFree86-Mach64-3.3.6-38.alpha.rpm
26fd7598f6bddaff6b9101ace876bfaf 7.0/en/os/alpha/XFree86-Mono-3.3.6-38.alpha.rpm
8c962b6a9c441acc768d93e907ce236e 7.0/en/os/alpha/XFree86-P9000-3.3.6-38.alpha.rpm
092c3845ec3aac774dbdf5f31d2c35b6 7.0/en/os/alpha/XFree86-S3-3.3.6-38.alpha.rpm
9f208cf4cb82008b97d31370f2ed36b2 7.0/en/os/alpha/XFree86-S3V-3.3.6-38.alpha.rpm
375060c0c57cce2c50e4a45064776e8e 7.0/en/os/alpha/XFree86-SVGA-3.3.6-38.alpha.rpm
4729b1e13151192e592766a20f34b4bf 7.0/en/os/alpha/XFree86-TGA-3.3.6-38.alpha.rpm
95d29d457cbe2fd35384ffb696af0e1b 7.0/en/os/i386/XFree86-3DLabs-3.3.6-38.i386.rpm
28f798c4139371d87120f70efd4f1fb9 7.0/en/os/i386/XFree86-8514-3.3.6-38.i386.rpm
fb9d1bfac98821c7ce9077776a8cc0d5 7.0/en/os/i386/XFree86-AGX-3.3.6-38.i386.rpm
015c6b42bcf7c3ee98159d15262c10b8 7.0/en/os/i386/XFree86-FBDev-3.3.6-38.i386.rpm
ea42d8450b89ae9d82634f4e8eb96d76 7.0/en/os/i386/XFree86-Mach32-3.3.6-38.i386.rpm
59528253726edf935c4b08a46b3e6140 7.0/en/os/i386/XFree86-Mach64-3.3.6-38.i386.rpm
42509874ce06478e7022d981e7198cf0 7.0/en/os/i386/XFree86-Mach8-3.3.6-38.i386.rpm
45d812c301d6ae6ef6e0daf108acebec 7.0/en/os/i386/XFree86-Mono-3.3.6-38.i386.rpm
0b869da7a2a80c7a3d70c78ac90346f5 7.0/en/os/i386/XFree86-P9000-3.3.6-38.i386.rpm
1bbbfcfba7bcc1fc00b1a48038bf621e 7.0/en/os/i386/XFree86-S3-3.3.6-38.i386.rpm
0c8db5a07bdf586d37d86da95d807d07 7.0/en/os/i386/XFree86-S3V-3.3.6-38.i386.rpm
601693c9545227a4021357ce7c455f13 7.0/en/os/i386/XFree86-SVGA-3.3.6-38.i386.rpm
be837f3b9dec6872e480521a6fc3495e 7.0/en/os/i386/XFree86-VGA16-3.3.6-38.i386.rpm
6132be4d08c23aa293b26bfc60fae63c 7.0/en/os/i386/XFree86-W32-3.3.6-38.i386.rpm
4821e654068ae8e493dfe75b74c553f9 7.1/en/os/SRPMS/XFree86-Servers-3.3.6-38.src.rpm
95d29d457cbe2fd35384ffb696af0e1b 7.1/en/os/i386/XFree86-3DLabs-3.3.6-38.i386.rpm
28f798c4139371d87120f70efd4f1fb9 7.1/en/os/i386/XFree86-8514-3.3.6-38.i386.rpm
fb9d1bfac98821c7ce9077776a8cc0d5 7.1/en/os/i386/XFree86-AGX-3.3.6-38.i386.rpm
015c6b42bcf7c3ee98159d15262c10b8 7.1/en/os/i386/XFree86-FBDev-3.3.6-38.i386.rpm
ea42d8450b89ae9d82634f4e8eb96d76 7.1/en/os/i386/XFree86-Mach32-3.3.6-38.i386.rpm
59528253726edf935c4b08a46b3e6140 7.1/en/os/i386/XFree86-Mach64-3.3.6-38.i386.rpm
42509874ce06478e7022d981e7198cf0 7.1/en/os/i386/XFree86-Mach8-3.3.6-38.i386.rpm
45d812c301d6ae6ef6e0daf108acebec 7.1/en/os/i386/XFree86-Mono-3.3.6-38.i386.rpm
0b869da7a2a80c7a3d70c78ac90346f5 7.1/en/os/i386/XFree86-P9000-3.3.6-38.i386.rpm
1bbbfcfba7bcc1fc00b1a48038bf621e 7.1/en/os/i386/XFree86-S3-3.3.6-38.i386.rpm
0c8db5a07bdf586d37d86da95d807d07 7.1/en/os/i386/XFree86-S3V-3.3.6-38.i386.rpm
601693c9545227a4021357ce7c455f13 7.1/en/os/i386/XFree86-SVGA-3.3.6-38.i386.rpm
be837f3b9dec6872e480521a6fc3495e 7.1/en/os/i386/XFree86-VGA16-3.3.6-38.i386.rpm
6132be4d08c23aa293b26bfc60fae63c 7.1/en/os/i386/XFree86-W32-3.3.6-38.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
      

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

The complete list of changes that have occured since the official release
of XFree86 3.3.6 can be found in the XFree86 changelog, located at:

  XFree86 Changes (3.3)

or in the XFree86 source code in the directory:

 xc/programs/Xserver/hw/xfree86/CHANGELOG


Copyright(c) 2000, 2001 Red Hat, Inc.

RedHat: XFree86 security updates

Many bugfixes and security fixes are available for XFree86-3.3.6.

Summary

Since the initial release of XFree86 3.3.6, many bugs have been fixedin the XFree86 stable branch of CVS (xf-3_3-branch). This includesseveral security updates, various driver and library bug fixes, andperformance improvements. In addition to the updated release fromXFree86.org are several further enhancements included - such as updatedS3 drivers, i810/815, and other improvements.Below is a list of some of the important security updates taken fromthe XFree86 CHANGELOG document. The complete list of updates is quitelengthy however, so I list only some of the highlights here. This isnot an exhaustive or complete list. Please refer to the XFree86CHANGELOG document contained in the source code RPM package for thecomplete list.1630. [SECURITY] Avoid DoS attacks on xdm (Keith Packard).1629. [SECURITY] Check for negative reply length/overflow in _XAsyncReply (Xlib) (#4601, Mike Harris).1625. Include in Xos.h to get struct tm (based on #4464, Mike Harris, and H.J. Lu).1624. [SECURITY] fix possible buffer overflow (NOT on stack) in xdm xdmcp code (patch69 from Red Hat SRPMS).1623. [SECURITY] Pull fixed from 4.0.2 for following problems: - XlibInt buffer overflow - libICE denial of service - XOpenDisplay buffer overflow (#4450, Branden Robinson)1621. [SECURITY]: Fix temp file problem in Imake.rules, InstallManPageAliases (Matthieu Herrb)1620. [SECURITY]: Pull fixes from the main branch: - XCSECURITY DoS (Paulo Caesar Pereira de Andrade and Keith Packard), - _XAsyncReply() Xlib stack corruption, - Xaw temp file handling (Branden Robinson).1619. [SECURITY] Safe tempfile handline for imake's probing of glibc version (based on #4257, Colin Phipps).1618. Fix a libXt bug that affects multidisplay applications when Xt is built to use select(2) rather than poll(2) (#A.181, Antony Uspensky).1617. Back port GeForce2 support for the nv driver from 4.x (#4103, Jarno Paananen).1616. [SECURITY] Fix a 1-byte overflow in Xtrans.c (#4182, Aaron Campbell).1615. [SECURITY] Back port fix for from 4.0 (#4181, Matthieu Herrb).1613. Add DPMS support to I128 driver (Robin Cutshaw).1611. [SECURITY] Fix tmp file problem with makedepend scripts (based on report from Alan Cox).1605. [SECURITY] Fix a buffer overflow with the -xkbmap X server flag (#A.91, Trevor Johnson).1604. Fix an xfs crash that shows up when many clients connect (#A.48, Remy Card).1602. Fix a core dump in fstobdf when using 16 bit fonts (#A.25, Morten Storgaard Nielsen).1601. Fix memleak warning when doing realloc(NULL, size) (#A.7, Charles G Waldman).1599. Fix mode restore bug in ATI driver (Marc La France).1596. Fix Rage 128 detection bug in ATI driver (Marc La France).1594. Fix an Xlib bug that causes freed memory to be accessed. This is exposed by Netscape (#3738, Keith Packard).1593. Add DGA support to I128 server (Robin Cutshaw).1592. Fix remaining ATI Mobility problems (Marc La France).1591. Fix for dead keys in XKB Swedish, Norwegian and Finnish keyboards (#3702, 3703, Preston Brown).1590. [SECURITY] Fix possible races in xauth and libXau (#3690, 3694, Colin Phipps).1586. Fix the pam_close_session problems in xdm (#3621, Preston Brown).1585. Fix an Xserver core dump that can happen when xdmcp-related command line options have missing arguments (#3614, Harald Koenig).1578. rage128 driver fix (Marc La France).

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed ( for more info):
10877 - Red Hat 6.x X Font Server DoS Vulnerability 10897 - X11 font server vulnerability 10951 - X Font Server DoS and Buffer Overflow Vulnerabilities 10960 - X enters endless loop calling select() when window is closed 18636 - Bug on XFree86-SVGA-3.3.6-33.i386.rpm 32302 - i815 X Server won't start after install
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:

alpha:

i386:

sparc:

Red Hat Linux 7.0:
SRPMS:

alpha:

i386:

Red Hat Linux 7.1:
SRPMS:

i386:

7. Verification:
MD5 sum Package Name 19813b3684ae50af586e7514e70a49d3 6.2/en/os/SRPMS/XFree86-3.3.6-29.src.rpm 5f58f0f0aac229cebdb0d2e7a90b3efc 6.2/en/os/alpha/XFree86-100dpi-fonts-3.3.6-29.alpha.rpm ff29ca70bf332bb1420a2c100cf8e8ce 6.2/en/os/alpha/XFree86-3.3.6-29.alpha.rpm b90b0cd803be522004c5a5a52dc211c6 6.2/en/os/alpha/XFree86-3DLabs-3.3.6-29.alpha.rpm fa94cd814cbfd44890b4dd5224225eed 6.2/en/os/alpha/XFree86-75dpi-fonts-3.3.6-29.alpha.rpm e42de1537d7ba9872b51c718d46ff8d7 6.2/en/os/alpha/XFree86-FBDev-3.3.6-29.alpha.rpm bb399dad4535d44292a8725f2136fc38 6.2/en/os/alpha/XFree86-Mach64-3.3.6-29.alpha.rpm 7c13affcb2d42df542eccd35a324dfd6 6.2/en/os/alpha/XFree86-Mono-3.3.6-29.alpha.rpm b87029be7ba981ada69bebb4a0577fab 6.2/en/os/alpha/XFree86-P9000-3.3.6-29.alpha.rpm 369cc08d8a33480939d66d51034285f2 6.2/en/os/alpha/XFree86-S3-3.3.6-29.alpha.rpm dc04787a6eb0961105aa2588780cdd79 6.2/en/os/alpha/XFree86-S3V-3.3.6-29.alpha.rpm 3e6fe15ca495c24b2d521a168721c0de 6.2/en/os/alpha/XFree86-SVGA-3.3.6-29.alpha.rpm 074ad137b1d99d16e6678003e2176aa3 6.2/en/os/alpha/XFree86-TGA-3.3.6-29.alpha.rpm dfa6ce8154846c43af7d0918fda07035 6.2/en/os/alpha/XFree86-Xnest-3.3.6-29.alpha.rpm c3adc27129de2887cac407151442e041 6.2/en/os/alpha/XFree86-Xvfb-3.3.6-29.alpha.rpm 1dd3b2379a1bef51fda47436b30ccdf9 6.2/en/os/alpha/XFree86-cyrillic-fonts-3.3.6-29.alpha.rpm cf94bade8244d4a55f9bdaf65d19515b 6.2/en/os/alpha/XFree86-devel-3.3.6-29.alpha.rpm df1a49546c6fdec8d98b4de450957745 6.2/en/os/alpha/XFree86-doc-3.3.6-29.alpha.rpm 9cda3f7867f3ab4d52091bfce0aa0d15 6.2/en/os/alpha/XFree86-libs-3.3.6-29.alpha.rpm 0715e906d8b2fde971b42f5912222ccf 6.2/en/os/alpha/XFree86-xfs-3.3.6-29.alpha.rpm 0c44c3d05e9f15899a69eae09c62172c 6.2/en/os/i386/XFree86-100dpi-fonts-3.3.6-29.i386.rpm d2a84baa948c734981e59a7e0b412561 6.2/en/os/i386/XFree86-3.3.6-29.i386.rpm efe99af08f10fedab027cdff52b06269 6.2/en/os/i386/XFree86-3DLabs-3.3.6-29.i386.rpm 50617b3502bae1016bdde105f1a61e55 6.2/en/os/i386/XFree86-75dpi-fonts-3.3.6-29.i386.rpm 01c4655b99478055c9bb728b1df74fbc 6.2/en/os/i386/XFree86-8514-3.3.6-29.i386.rpm 51700e364fb4a2f108617764dcabb1c6 6.2/en/os/i386/XFree86-AGX-3.3.6-29.i386.rpm f5c1d127d3ab7624f1d4d37dbbf84581 6.2/en/os/i386/XFree86-FBDev-3.3.6-29.i386.rpm 01c2707b23968c9fd92bfe69f0bfad51 6.2/en/os/i386/XFree86-I128-3.3.6-29.i386.rpm fb870cbf5a3f39302d394ad3cd7afaf4 6.2/en/os/i386/XFree86-Mach32-3.3.6-29.i386.rpm a83ff83f54ca0e8955c722cde0b88c41 6.2/en/os/i386/XFree86-Mach64-3.3.6-29.i386.rpm 6802ae00bed64134e33a87309e0c9708 6.2/en/os/i386/XFree86-Mach8-3.3.6-29.i386.rpm bac9a2652da59c9cc86329f7de48fd32 6.2/en/os/i386/XFree86-Mono-3.3.6-29.i386.rpm 299ba09bb1f1ad93d377cb3d63ec89f7 6.2/en/os/i386/XFree86-P9000-3.3.6-29.i386.rpm ec39a5247dd53b91d4be0d17873ecde2 6.2/en/os/i386/XFree86-S3-3.3.6-29.i386.rpm 1964fc031658347ae268ec2c9057d007 6.2/en/os/i386/XFree86-S3V-3.3.6-29.i386.rpm 7107186ddb1528d1b7170974329682ae 6.2/en/os/i386/XFree86-SVGA-3.3.6-29.i386.rpm 5ff1cfad68180c758182c42282dac628 6.2/en/os/i386/XFree86-VGA16-3.3.6-29.i386.rpm afb360a461ddea2da341cfcd15421e10 6.2/en/os/i386/XFree86-W32-3.3.6-29.i386.rpm e1be55b778fea16a9a08ad7d7788f183 6.2/en/os/i386/XFree86-XF86Setup-3.3.6-29.i386.rpm 767d7f124bd190ed4f72a91c9c0e89e8 6.2/en/os/i386/XFree86-Xnest-3.3.6-29.i386.rpm 2bfd30cf6ec9c70b7da093f55c097780 6.2/en/os/i386/XFree86-Xvfb-3.3.6-29.i386.rpm 63ebf73724e9be5b6d00f976b4bbd86f 6.2/en/os/i386/XFree86-cyrillic-fonts-3.3.6-29.i386.rpm 089618f588314037237218186c698c00 6.2/en/os/i386/XFree86-devel-3.3.6-29.i386.rpm 2ee6d026e168e916dacd0081ad0b33ce 6.2/en/os/i386/XFree86-doc-3.3.6-29.i386.rpm 6987a9f54aac77e70d5ad79e4985b21f 6.2/en/os/i386/XFree86-libs-3.3.6-29.i386.rpm 793694a7894a322ca904289ade45271c 6.2/en/os/i386/XFree86-xfs-3.3.6-29.i386.rpm e9497afa2b12b8b8fe7ea98862572b26 6.2/en/os/sparc/XFree86-100dpi-fonts-3.3.6-29.sparc.rpm e63e94578e25f8e7d84af1bea8932334 6.2/en/os/sparc/XFree86-3.3.6-29.sparc.rpm 550ba24a17ea713b6c9a05b2de83dbc2 6.2/en/os/sparc/XFree86-3DLabs-3.3.6-29.sparc.rpm 61c83a54529c6421abc89fa01b928c4d 6.2/en/os/sparc/XFree86-75dpi-fonts-3.3.6-29.sparc.rpm adf13b0f543f0416316b1ec19f506708 6.2/en/os/sparc/XFree86-FBDev-3.3.6-29.sparc.rpm b80672bcdc457961fac59be7661ae65e 6.2/en/os/sparc/XFree86-Mach64-3.3.6-29.sparc.rpm 447582290e1a64435bd68481129b1ce2 6.2/en/os/sparc/XFree86-Sun-3.3.6-29.sparc.rpm 589aec452139ce4c73dada41cd85ad97 6.2/en/os/sparc/XFree86-Sun24-3.3.6-29.sparc.rpm 63fbf18163db79f66b9dc4c848a2fe5f 6.2/en/os/sparc/XFree86-SunMono-3.3.6-29.sparc.rpm 9c9523d8870c83396be1b8928cde54dd 6.2/en/os/sparc/XFree86-VGA16-3.3.6-29.sparc.rpm b045949efe566ad149060e6a039a2828 6.2/en/os/sparc/XFree86-Xnest-3.3.6-29.sparc.rpm be93b37438a6a1ff9ba389834912e466 6.2/en/os/sparc/XFree86-Xvfb-3.3.6-29.sparc.rpm 4db1ceb5319477c192ab0915b924c8b3 6.2/en/os/sparc/XFree86-cyrillic-fonts-3.3.6-29.sparc.rpm 9018738a9e3b7b35be85852ce85bebcc 6.2/en/os/sparc/XFree86-devel-3.3.6-29.sparc.rpm 256424e5df867ac2aeeec4bc705a96bb 6.2/en/os/sparc/XFree86-doc-3.3.6-29.sparc.rpm 0ac394745bbfd6902316ebee8702c90f 6.2/en/os/sparc/XFree86-libs-3.3.6-29.sparc.rpm 248cb3d242930018b9790ac7f5ae4a96 6.2/en/os/sparc/XFree86-xfs-3.3.6-29.sparc.rpm 4821e654068ae8e493dfe75b74c553f9 7.0/en/os/SRPMS/XFree86-Servers-3.3.6-38.src.rpm 9907035893dd07c3d3c36e799bae1d61 7.0/en/os/alpha/XFree86-3DLabs-3.3.6-38.alpha.rpm 7216839cafd60f49199a513872a7cb2c 7.0/en/os/alpha/XFree86-FBDev-3.3.6-38.alpha.rpm fd44ffcce8b1809656268223856a065b 7.0/en/os/alpha/XFree86-Mach64-3.3.6-38.alpha.rpm 26fd7598f6bddaff6b9101ace876bfaf 7.0/en/os/alpha/XFree86-Mono-3.3.6-38.alpha.rpm 8c962b6a9c441acc768d93e907ce236e 7.0/en/os/alpha/XFree86-P9000-3.3.6-38.alpha.rpm 092c3845ec3aac774dbdf5f31d2c35b6 7.0/en/os/alpha/XFree86-S3-3.3.6-38.alpha.rpm 9f208cf4cb82008b97d31370f2ed36b2 7.0/en/os/alpha/XFree86-S3V-3.3.6-38.alpha.rpm 375060c0c57cce2c50e4a45064776e8e 7.0/en/os/alpha/XFree86-SVGA-3.3.6-38.alpha.rpm 4729b1e13151192e592766a20f34b4bf 7.0/en/os/alpha/XFree86-TGA-3.3.6-38.alpha.rpm 95d29d457cbe2fd35384ffb696af0e1b 7.0/en/os/i386/XFree86-3DLabs-3.3.6-38.i386.rpm 28f798c4139371d87120f70efd4f1fb9 7.0/en/os/i386/XFree86-8514-3.3.6-38.i386.rpm fb9d1bfac98821c7ce9077776a8cc0d5 7.0/en/os/i386/XFree86-AGX-3.3.6-38.i386.rpm 015c6b42bcf7c3ee98159d15262c10b8 7.0/en/os/i386/XFree86-FBDev-3.3.6-38.i386.rpm ea42d8450b89ae9d82634f4e8eb96d76 7.0/en/os/i386/XFree86-Mach32-3.3.6-38.i386.rpm 59528253726edf935c4b08a46b3e6140 7.0/en/os/i386/XFree86-Mach64-3.3.6-38.i386.rpm 42509874ce06478e7022d981e7198cf0 7.0/en/os/i386/XFree86-Mach8-3.3.6-38.i386.rpm 45d812c301d6ae6ef6e0daf108acebec 7.0/en/os/i386/XFree86-Mono-3.3.6-38.i386.rpm 0b869da7a2a80c7a3d70c78ac90346f5 7.0/en/os/i386/XFree86-P9000-3.3.6-38.i386.rpm 1bbbfcfba7bcc1fc00b1a48038bf621e 7.0/en/os/i386/XFree86-S3-3.3.6-38.i386.rpm 0c8db5a07bdf586d37d86da95d807d07 7.0/en/os/i386/XFree86-S3V-3.3.6-38.i386.rpm 601693c9545227a4021357ce7c455f13 7.0/en/os/i386/XFree86-SVGA-3.3.6-38.i386.rpm be837f3b9dec6872e480521a6fc3495e 7.0/en/os/i386/XFree86-VGA16-3.3.6-38.i386.rpm 6132be4d08c23aa293b26bfc60fae63c 7.0/en/os/i386/XFree86-W32-3.3.6-38.i386.rpm 4821e654068ae8e493dfe75b74c553f9 7.1/en/os/SRPMS/XFree86-Servers-3.3.6-38.src.rpm 95d29d457cbe2fd35384ffb696af0e1b 7.1/en/os/i386/XFree86-3DLabs-3.3.6-38.i386.rpm 28f798c4139371d87120f70efd4f1fb9 7.1/en/os/i386/XFree86-8514-3.3.6-38.i386.rpm fb9d1bfac98821c7ce9077776a8cc0d5 7.1/en/os/i386/XFree86-AGX-3.3.6-38.i386.rpm 015c6b42bcf7c3ee98159d15262c10b8 7.1/en/os/i386/XFree86-FBDev-3.3.6-38.i386.rpm ea42d8450b89ae9d82634f4e8eb96d76 7.1/en/os/i386/XFree86-Mach32-3.3.6-38.i386.rpm 59528253726edf935c4b08a46b3e6140 7.1/en/os/i386/XFree86-Mach64-3.3.6-38.i386.rpm 42509874ce06478e7022d981e7198cf0 7.1/en/os/i386/XFree86-Mach8-3.3.6-38.i386.rpm 45d812c301d6ae6ef6e0daf108acebec 7.1/en/os/i386/XFree86-Mono-3.3.6-38.i386.rpm 0b869da7a2a80c7a3d70c78ac90346f5 7.1/en/os/i386/XFree86-P9000-3.3.6-38.i386.rpm 1bbbfcfba7bcc1fc00b1a48038bf621e 7.1/en/os/i386/XFree86-S3-3.3.6-38.i386.rpm 0c8db5a07bdf586d37d86da95d807d07 7.1/en/os/i386/XFree86-S3V-3.3.6-38.i386.rpm 601693c9545227a4021357ce7c455f13 7.1/en/os/i386/XFree86-SVGA-3.3.6-38.i386.rpm be837f3b9dec6872e480521a6fc3495e 7.1/en/os/i386/XFree86-VGA16-3.3.6-38.i386.rpm 6132be4d08c23aa293b26bfc60fae63c 7.1/en/os/i386/XFree86-W32-3.3.6-38.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

The complete list of changes that have occured since the official release of XFree86 3.3.6 can be found in the XFree86 changelog, located at: XFree86 Changes (3.3) or in the XFree86 source code in the directory: xc/programs/Xserver/hw/xfree86/CHANGELOG Copyright(c) 2000, 2001 Red Hat, Inc. `

Package List

Severity

Advisory ID: RHSA-2001:071-05

Issued Date: : 2001-05-24

Updated on: 2001-06-22

Product: Red Hat Linux

Keywords: XFree86 update security vulnerablity stable s3 savage i815 i810

Cross references:

Obsoletes:

Topic

New updated XFree86 3.3.6 packages are available for Red Hat Linux 7.1,

7.0, and 6.2 which contain many security updates, bug fixes, and updated

drivers for various different families of video hardware including:

S3 Savage, S3 Trio64, S3 ViRGE, Intel i810/i815, ATI Rage Mobility Mach64,

and numerous other driver fixes and improvements.

Relevant Releases Architectures

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - i386

Bugs Fixed

Get the Latest News & Insights

RedHat: XFree86 security updates

Summary

Summary

Solution

References

Package List

Topic

Topic

Relevant Releases Architectures

Bugs Fixed

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By