SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   XFree Vendors:   Caldera/SCO
Caldera Distribution of XFree86 for OpenLinux Lets Local Users Access Shared Memory to Gain Elevated Privileges
SecurityTracker Alert ID:  1003936
SecurityTracker URL:  http://securitytracker.com/id/1003936
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 1 2002
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): packages prior to XFree86-4.1-12
Description:   Caldera reported a vulnerability in the XFree86 package. A local user may be able to gain elevated privileges on the system.

It is reported that any user with local X access can exploit the MIT-SHM extension and gain read/write access to any shared memory segment on the system. No details were provided.

Impact:   A local user may be able to read from or write to shared memory on the server to obtain elevated privileges on the system.
Solution:   Caldera has released a fix for OpenLinux.

For OpenLinux 3.1 Server, the 3.1 version of this package is not yet available. An updated advisory will be published when the package is released.


For OpenLinux 3.1 Workstation, the 3.1 version of this package is not yet available. An updated advisory will be published when the package is released.


For OpenLinux 3.1.1 Server:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

The verification checksums are:

245e9b3977dfe7da3bf41d8ed39506ed RPMS/XFree86-4.1-12.i386.rpm
82e5fdfacc34d5fb8476fcfb207e7cb9 RPMS/XFree86-addons-4.1-12.i386.rpm
9300a24ef34750c2490a7d48a5d55192 RPMS/XFree86-config-eg-4.1-12.i386.rpm
2b3a6305777826110a4a4ee38cbf1a93 RPMS/XFree86-contrib-4.1-12.i386.rpm
55aec647ce3e60603dce696e71eb26e5 RPMS/XFree86-devel-4.1-12.i386.rpm
115850eaa7b5c2c6b0c3d7d36ba7c6c5 RPMS/XFree86-devel-prof-4.1-12.i386.rpm
9f3dd76757cc99c07a71991d43e441cb RPMS/XFree86-devel-static-4.1-12.i386.rpm
7cf04cf1e8fb1153e147a44f178364e8 RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
d700a04c2a6538b51e39991c7139a084 RPMS/XFree86-fonts-4.1-12.i386.rpm
47c28aa528c71b6b31b6f472ff50227c RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
0e6c20f23c614bad51f4a2ca6b7da3e2 RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
b019f420aef281c0833416f04f97b3b7 RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
2009bddd2d2ee6e9ac1f8d7090246072 RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
e9f91121b38e58c969e59437745769a9 RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
ac38a32f8bb2890bb9e1aa0c594b7b9d RPMS/XFree86-fontserver-4.1-12.i386.rpm
b196ba2ec8a7e859fb689fdb2edb7d01 RPMS/XFree86-imake-4.1-12.i386.rpm
7802f9a34ee22968160cbe4a2503b9ce RPMS/XFree86-libs-4.1-12.i386.rpm
be74a2637bac45a6912e260c93fd0daf RPMS/XFree86-misc-4.1-12.i386.rpm
6667de4aa89daba3f618fcc53235a67d RPMS/XFree86-pex-4.1-12.i386.rpm
2bfc213d3687b5cf0dea521822591852 RPMS/XFree86-programs-4.1-12.i386.rpm
1faca0a3c38c3c6fc722bfc644966cce RPMS/XFree86-server-4.1-12.i386.rpm
a9d7ef19a58694b03fc8d7036c384009 RPMS/XFree86-setup-4.1-12.i386.rpm
8dc6abdce7c50178dce3b2a5844a30f5 RPMS/XFree86-twm-4.1-12.i386.rpm
0c1f8ab1194ca2bfda265dfc5d44dd2f RPMS/XFree86-xdm-4.1-12.i386.rpm
89a864b1377fff1fbdf5c22056c3595b RPMS/XFree86-Xnest-4.1-12.i386.rpm
ac4d725b2a37c96e044fb85b8c74c5b1 RPMS/XFree86-Xprt-4.1-12.i386.rpm
9863ad9eedcc542e4cb93922fe49b153 RPMS/XFree86-xsm-4.1-12.i386.rpm
7fdedf2eb43f97e6739b7fa10d374c89 RPMS/XFree86-xterm-4.1-12.i386.rpm
54d6096638b59151956896bcbdef3940 RPMS/XFree86-Xvfb-4.1-12.i386.rpm
c23136cc0151d025e699f9a1fe68d2ad SRPMS/XFree86-4.1-12.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh XFree86-4.1-12.i386.rpm \
XFree86-addons-4.1-12.i386.rpm \
XFree86-config-eg-4.1-12.i386.rpm \
XFree86-contrib-4.1-12.i386.rpm \
XFree86-devel-4.1-12.i386.rpm \
XFree86-devel-prof-4.1-12.i386.rpm \
XFree86-devel-static-4.1-12.i386.rpm \
XFree86-fonts-100dpi-4.1-12.i386.rpm \
XFree86-fonts-4.1-12.i386.rpm \
XFree86-fonts-75dpi-4.1-12.i386.rpm \
XFree86-fonts-cyrillic-4.1-12.i386.rpm \
XFree86-fonts-extra-4.1-12.i386.rpm \
XFree86-fonts-scale-4.1-12.i386.rpm \
XFree86-fonts-speedo-4.1-12.i386.rpm \
XFree86-fontserver-4.1-12.i386.rpm \
XFree86-imake-4.1-12.i386.rpm \
XFree86-libs-4.1-12.i386.rpm \
XFree86-misc-4.1-12.i386.rpm \
XFree86-pex-4.1-12.i386.rpm \
XFree86-programs-4.1-12.i386.rpm \
XFree86-server-4.1-12.i386.rpm \
XFree86-setup-4.1-12.i386.rpm \
XFree86-twm-4.1-12.i386.rpm \
XFree86-xdm-4.1-12.i386.rpm \
XFree86-Xnest-4.1-12.i386.rpm \
XFree86-Xprt-4.1-12.i386.rpm \
XFree86-xsm-4.1-12.i386.rpm \
XFree86-xterm-4.1-12.i386.rpm \
XFree86-Xvfb-4.1-12.i386.rpm


For OpenLinux 3.1.1 Workstation:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

The verification checksums are:

245e9b3977dfe7da3bf41d8ed39506ed RPMS/XFree86-4.1-12.i386.rpm
82e5fdfacc34d5fb8476fcfb207e7cb9 RPMS/XFree86-addons-4.1-12.i386.rpm
9300a24ef34750c2490a7d48a5d55192 RPMS/XFree86-config-eg-4.1-12.i386.rpm
2b3a6305777826110a4a4ee38cbf1a93 RPMS/XFree86-contrib-4.1-12.i386.rpm
55aec647ce3e60603dce696e71eb26e5 RPMS/XFree86-devel-4.1-12.i386.rpm
115850eaa7b5c2c6b0c3d7d36ba7c6c5 RPMS/XFree86-devel-prof-4.1-12.i386.rpm
9f3dd76757cc99c07a71991d43e441cb RPMS/XFree86-devel-static-4.1-12.i386.rpm
7cf04cf1e8fb1153e147a44f178364e8 RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
d700a04c2a6538b51e39991c7139a084 RPMS/XFree86-fonts-4.1-12.i386.rpm
47c28aa528c71b6b31b6f472ff50227c RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
0e6c20f23c614bad51f4a2ca6b7da3e2 RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
b019f420aef281c0833416f04f97b3b7 RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
2009bddd2d2ee6e9ac1f8d7090246072 RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
e9f91121b38e58c969e59437745769a9 RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
ac38a32f8bb2890bb9e1aa0c594b7b9d RPMS/XFree86-fontserver-4.1-12.i386.rpm
b196ba2ec8a7e859fb689fdb2edb7d01 RPMS/XFree86-imake-4.1-12.i386.rpm
7802f9a34ee22968160cbe4a2503b9ce RPMS/XFree86-libs-4.1-12.i386.rpm
be74a2637bac45a6912e260c93fd0daf RPMS/XFree86-misc-4.1-12.i386.rpm
6667de4aa89daba3f618fcc53235a67d RPMS/XFree86-pex-4.1-12.i386.rpm
2bfc213d3687b5cf0dea521822591852 RPMS/XFree86-programs-4.1-12.i386.rpm
1faca0a3c38c3c6fc722bfc644966cce RPMS/XFree86-server-4.1-12.i386.rpm
a9d7ef19a58694b03fc8d7036c384009 RPMS/XFree86-setup-4.1-12.i386.rpm
8dc6abdce7c50178dce3b2a5844a30f5 RPMS/XFree86-twm-4.1-12.i386.rpm
0c1f8ab1194ca2bfda265dfc5d44dd2f RPMS/XFree86-xdm-4.1-12.i386.rpm
89a864b1377fff1fbdf5c22056c3595b RPMS/XFree86-Xnest-4.1-12.i386.rpm
ac4d725b2a37c96e044fb85b8c74c5b1 RPMS/XFree86-Xprt-4.1-12.i386.rpm
9863ad9eedcc542e4cb93922fe49b153 RPMS/XFree86-xsm-4.1-12.i386.rpm
7fdedf2eb43f97e6739b7fa10d374c89 RPMS/XFree86-xterm-4.1-12.i386.rpm
54d6096638b59151956896bcbdef3940 RPMS/XFree86-Xvfb-4.1-12.i386.rpm
c23136cc0151d025e699f9a1fe68d2ad SRPMS/XFree86-4.1-12.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh XFree86-4.1-12.i386.rpm \
XFree86-addons-4.1-12.i386.rpm \
XFree86-config-eg-4.1-12.i386.rpm \
XFree86-contrib-4.1-12.i386.rpm \
XFree86-devel-4.1-12.i386.rpm \
XFree86-devel-prof-4.1-12.i386.rpm \
XFree86-devel-static-4.1-12.i386.rpm \
XFree86-fonts-100dpi-4.1-12.i386.rpm \
XFree86-fonts-4.1-12.i386.rpm \
XFree86-fonts-75dpi-4.1-12.i386.rpm \
XFree86-fonts-cyrillic-4.1-12.i386.rpm \
XFree86-fonts-extra-4.1-12.i386.rpm \
XFree86-fonts-scale-4.1-12.i386.rpm \
XFree86-fonts-speedo-4.1-12.i386.rpm \
XFree86-fontserver-4.1-12.i386.rpm \
XFree86-imake-4.1-12.i386.rpm \
XFree86-libs-4.1-12.i386.rpm \
XFree86-misc-4.1-12.i386.rpm \
XFree86-pex-4.1-12.i386.rpm \
XFree86-programs-4.1-12.i386.rpm \
XFree86-server-4.1-12.i386.rpm \
XFree86-setup-4.1-12.i386.rpm \
XFree86-twm-4.1-12.i386.rpm \
XFree86-xdm-4.1-12.i386.rpm \
XFree86-Xnest-4.1-12.i386.rpm \
XFree86-Xprt-4.1-12.i386.rpm \
XFree86-xsm-4.1-12.i386.rpm \
XFree86-xterm-4.1-12.i386.rpm \
XFree86-Xvfb-4.1-12.i386.rpm

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Server and Workstation versions 3.1, 3.1.1

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Caldera Issues Fix for Open UNIX/UnixWare) Re: Caldera Distribution of XFree86 for OpenLinux Lets Local Users Access Shared Memory to Gain Elevated Privileges
The vendor has issued a fix for UnixWare/Open UNIX.



 Source Message Contents

Subject:  Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system


--9zSXsLTf0vkW971A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux: X server allows access to any shared memory on the system
Advisory number: 	CSSA-2002-009.0
Issue date: 		2002, March 15
Cross reference:
______________________________________________________________________________


1. Problem Description

   Any user with local X access can exploit the MIT-SHM extension and
   gain read/write access to any shared memory segment on the system.


2. Vulnerable Supported Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Server 3.1          All packages previous to
                                 XFree86-4.1-12   

   OpenLinux Workstation 3.1     All packages previous to
                                 XFree86-4.1-12                

   OpenLinux Server 3.1.1        All packages previous to      
                                 XFree86-4.1-12                
   
   OpenLinux Workstation         All packages previous to      
   3.1.1                         XFree86-4.1-12                


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.


4. OpenLinux 3.1 Server

    4.1 Location of Fixed Packages

         The 3.1 version of this package is not yet available. An updated
         advisory will be published when the package is released.
 

5. OpenLinux 3.1 Workstation

    5.1 Location of Fixed Packages

         The 3.1 version of this package is not yet available. An updated
         advisory will be published when the package is released.
 

6. OpenLinux 3.1.1 Server

    6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

   6.2 Verification

       245e9b3977dfe7da3bf41d8ed39506ed  RPMS/XFree86-4.1-12.i386.rpm
       82e5fdfacc34d5fb8476fcfb207e7cb9  RPMS/XFree86-addons-4.1-12.i386.rpm
       9300a24ef34750c2490a7d48a5d55192  RPMS/XFree86-config-eg-4.1-12.i386.rpm
       2b3a6305777826110a4a4ee38cbf1a93  RPMS/XFree86-contrib-4.1-12.i386.rpm
       55aec647ce3e60603dce696e71eb26e5  RPMS/XFree86-devel-4.1-12.i386.rpm
       115850eaa7b5c2c6b0c3d7d36ba7c6c5  RPMS/XFree86-devel-prof-4.1-12.i386.rpm
       9f3dd76757cc99c07a71991d43e441cb  RPMS/XFree86-devel-static-4.1-12.i386.rpm
       7cf04cf1e8fb1153e147a44f178364e8  RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
       d700a04c2a6538b51e39991c7139a084  RPMS/XFree86-fonts-4.1-12.i386.rpm
       47c28aa528c71b6b31b6f472ff50227c  RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
       0e6c20f23c614bad51f4a2ca6b7da3e2  RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
       b019f420aef281c0833416f04f97b3b7  RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
       2009bddd2d2ee6e9ac1f8d7090246072  RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
       e9f91121b38e58c969e59437745769a9  RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
       ac38a32f8bb2890bb9e1aa0c594b7b9d  RPMS/XFree86-fontserver-4.1-12.i386.rpm
       b196ba2ec8a7e859fb689fdb2edb7d01  RPMS/XFree86-imake-4.1-12.i386.rpm
       7802f9a34ee22968160cbe4a2503b9ce  RPMS/XFree86-libs-4.1-12.i386.rpm
       be74a2637bac45a6912e260c93fd0daf  RPMS/XFree86-misc-4.1-12.i386.rpm
       6667de4aa89daba3f618fcc53235a67d  RPMS/XFree86-pex-4.1-12.i386.rpm
       2bfc213d3687b5cf0dea521822591852  RPMS/XFree86-programs-4.1-12.i386.rpm
       1faca0a3c38c3c6fc722bfc644966cce  RPMS/XFree86-server-4.1-12.i386.rpm
       a9d7ef19a58694b03fc8d7036c384009  RPMS/XFree86-setup-4.1-12.i386.rpm
       8dc6abdce7c50178dce3b2a5844a30f5  RPMS/XFree86-twm-4.1-12.i386.rpm
       0c1f8ab1194ca2bfda265dfc5d44dd2f  RPMS/XFree86-xdm-4.1-12.i386.rpm
       89a864b1377fff1fbdf5c22056c3595b  RPMS/XFree86-Xnest-4.1-12.i386.rpm
       ac4d725b2a37c96e044fb85b8c74c5b1  RPMS/XFree86-Xprt-4.1-12.i386.rpm
       9863ad9eedcc542e4cb93922fe49b153  RPMS/XFree86-xsm-4.1-12.i386.rpm
       7fdedf2eb43f97e6739b7fa10d374c89  RPMS/XFree86-xterm-4.1-12.i386.rpm
       54d6096638b59151956896bcbdef3940  RPMS/XFree86-Xvfb-4.1-12.i386.rpm
       c23136cc0151d025e699f9a1fe68d2ad  SRPMS/XFree86-4.1-12.src.rpm
       

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh XFree86-4.1-12.i386.rpm \
              XFree86-addons-4.1-12.i386.rpm \
              XFree86-config-eg-4.1-12.i386.rpm \
              XFree86-contrib-4.1-12.i386.rpm \
              XFree86-devel-4.1-12.i386.rpm \
              XFree86-devel-prof-4.1-12.i386.rpm \
              XFree86-devel-static-4.1-12.i386.rpm \
              XFree86-fonts-100dpi-4.1-12.i386.rpm \
              XFree86-fonts-4.1-12.i386.rpm \
              XFree86-fonts-75dpi-4.1-12.i386.rpm \
              XFree86-fonts-cyrillic-4.1-12.i386.rpm \
              XFree86-fonts-extra-4.1-12.i386.rpm \
              XFree86-fonts-scale-4.1-12.i386.rpm \
              XFree86-fonts-speedo-4.1-12.i386.rpm \
              XFree86-fontserver-4.1-12.i386.rpm \
              XFree86-imake-4.1-12.i386.rpm \
              XFree86-libs-4.1-12.i386.rpm \
              XFree86-misc-4.1-12.i386.rpm \
              XFree86-pex-4.1-12.i386.rpm \
              XFree86-programs-4.1-12.i386.rpm \
              XFree86-server-4.1-12.i386.rpm \
              XFree86-setup-4.1-12.i386.rpm \
              XFree86-twm-4.1-12.i386.rpm \
              XFree86-xdm-4.1-12.i386.rpm \
              XFree86-Xnest-4.1-12.i386.rpm \
              XFree86-Xprt-4.1-12.i386.rpm \
              XFree86-xsm-4.1-12.i386.rpm \
              XFree86-xterm-4.1-12.i386.rpm \
              XFree86-Xvfb-4.1-12.i386.rpm
         

7. OpenLinux 3.1.1 Workstation

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

   7.2 Verification

       245e9b3977dfe7da3bf41d8ed39506ed  RPMS/XFree86-4.1-12.i386.rpm
       82e5fdfacc34d5fb8476fcfb207e7cb9  RPMS/XFree86-addons-4.1-12.i386.rpm
       9300a24ef34750c2490a7d48a5d55192  RPMS/XFree86-config-eg-4.1-12.i386.rpm
       2b3a6305777826110a4a4ee38cbf1a93  RPMS/XFree86-contrib-4.1-12.i386.rpm
       55aec647ce3e60603dce696e71eb26e5  RPMS/XFree86-devel-4.1-12.i386.rpm
       115850eaa7b5c2c6b0c3d7d36ba7c6c5  RPMS/XFree86-devel-prof-4.1-12.i386.rpm
       9f3dd76757cc99c07a71991d43e441cb  RPMS/XFree86-devel-static-4.1-12.i386.rpm
       7cf04cf1e8fb1153e147a44f178364e8  RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
       d700a04c2a6538b51e39991c7139a084  RPMS/XFree86-fonts-4.1-12.i386.rpm
       47c28aa528c71b6b31b6f472ff50227c  RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
       0e6c20f23c614bad51f4a2ca6b7da3e2  RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
       b019f420aef281c0833416f04f97b3b7  RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
       2009bddd2d2ee6e9ac1f8d7090246072  RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
       e9f91121b38e58c969e59437745769a9  RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
       ac38a32f8bb2890bb9e1aa0c594b7b9d  RPMS/XFree86-fontserver-4.1-12.i386.rpm
       b196ba2ec8a7e859fb689fdb2edb7d01  RPMS/XFree86-imake-4.1-12.i386.rpm
       7802f9a34ee22968160cbe4a2503b9ce  RPMS/XFree86-libs-4.1-12.i386.rpm
       be74a2637bac45a6912e260c93fd0daf  RPMS/XFree86-misc-4.1-12.i386.rpm
       6667de4aa89daba3f618fcc53235a67d  RPMS/XFree86-pex-4.1-12.i386.rpm
       2bfc213d3687b5cf0dea521822591852  RPMS/XFree86-programs-4.1-12.i386.rpm
       1faca0a3c38c3c6fc722bfc644966cce  RPMS/XFree86-server-4.1-12.i386.rpm
       a9d7ef19a58694b03fc8d7036c384009  RPMS/XFree86-setup-4.1-12.i386.rpm
       8dc6abdce7c50178dce3b2a5844a30f5  RPMS/XFree86-twm-4.1-12.i386.rpm
       0c1f8ab1194ca2bfda265dfc5d44dd2f  RPMS/XFree86-xdm-4.1-12.i386.rpm
       89a864b1377fff1fbdf5c22056c3595b  RPMS/XFree86-Xnest-4.1-12.i386.rpm
       ac4d725b2a37c96e044fb85b8c74c5b1  RPMS/XFree86-Xprt-4.1-12.i386.rpm
       9863ad9eedcc542e4cb93922fe49b153  RPMS/XFree86-xsm-4.1-12.i386.rpm
       7fdedf2eb43f97e6739b7fa10d374c89  RPMS/XFree86-xterm-4.1-12.i386.rpm
       54d6096638b59151956896bcbdef3940  RPMS/XFree86-Xvfb-4.1-12.i386.rpm
       c23136cc0151d025e699f9a1fe68d2ad  SRPMS/XFree86-4.1-12.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh XFree86-4.1-12.i386.rpm \
              XFree86-addons-4.1-12.i386.rpm \
              XFree86-config-eg-4.1-12.i386.rpm \
              XFree86-contrib-4.1-12.i386.rpm \
              XFree86-devel-4.1-12.i386.rpm \
              XFree86-devel-prof-4.1-12.i386.rpm \
              XFree86-devel-static-4.1-12.i386.rpm \
              XFree86-fonts-100dpi-4.1-12.i386.rpm \
              XFree86-fonts-4.1-12.i386.rpm \
              XFree86-fonts-75dpi-4.1-12.i386.rpm \
              XFree86-fonts-cyrillic-4.1-12.i386.rpm \
              XFree86-fonts-extra-4.1-12.i386.rpm \
              XFree86-fonts-scale-4.1-12.i386.rpm \
              XFree86-fonts-speedo-4.1-12.i386.rpm \
              XFree86-fontserver-4.1-12.i386.rpm \
              XFree86-imake-4.1-12.i386.rpm \
              XFree86-libs-4.1-12.i386.rpm \
              XFree86-misc-4.1-12.i386.rpm \
              XFree86-pex-4.1-12.i386.rpm \
              XFree86-programs-4.1-12.i386.rpm \
              XFree86-server-4.1-12.i386.rpm \
              XFree86-setup-4.1-12.i386.rpm \
              XFree86-twm-4.1-12.i386.rpm \
              XFree86-xdm-4.1-12.i386.rpm \
              XFree86-Xnest-4.1-12.i386.rpm \
              XFree86-Xprt-4.1-12.i386.rpm \
              XFree86-xsm-4.1-12.i386.rpm \
              XFree86-xterm-4.1-12.i386.rpm \
              XFree86-Xvfb-4.1-12.i386.rpm
         


8. References

   Specific references for this advisory:

	none


   Caldera OpenLinux security resources:

	http://www.caldera.com/support/security/index.html

   Caldera UNIX security resources:

	http://stage.caldera.com/support/security/



   This security fix closes Caldera incidents sr860891, fz520231,
   erg711969.


9. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through
   our security advisories.  Our advisories are a service to our
   customers intended to promote secure installation and use of
   Caldera International products.


10. Acknowledgements

   Roberto Zunino discovered and researched this vulnerability.
______________________________________________________________________________

--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjykwhsACgkQbluZssSXDTFmswCeNWSFFPeKDpPNIDcQdj+KnnIO
ZLQAn03vkMWW2fYyQOu88yGY63h3rz3p
=zP7+
-----END PGP SIGNATURE-----

--9zSXsLTf0vkW971A--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC