Sicherheit: Zahlenüberläufe in X.org

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 11.0 x11-6.9.0 patch fix (SSA:2007-110-01)

A new x11-6.9.0-i486-14_slack11.0.tgz patch is available for Slackware 11.0 to
fix the inadvertent inclusion of two old fontconfig binaries. Installing the
original fontconfig patch followed by the original x11 patch would cause
fc-cache and fc-list to be overwritten by old versions, breaking fontconfig.

To fix the issue, reinstall the fontconfig patch. The x11 package has been
updated so that installation will not be order-specific for anyone fetching
the patches now.

Sorry for the inconvenience.

Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/x11-6.9.0-i486-14_slack11.0.tgz:
Removed old versions of fc-cache and fc-list.
Somehow a couple of old fontconfig binaries snuck into this package, and
prevent fc-cache from working properly at boot (or any other time).
If you've already installed these upgrades, reinstalling the fontconfig
package will fix the issue. If you do that, there's no need to reinstall
this new x11 package -- it's been fixed so that there's no longer a
problem
with the package install order (and because those fc-* binaries didn't
belong there). Sorry for any inconvenience...
Thanks to Petri Kaukasoina for pointing this out.
(* Fix *)
+--------------------------+

Where to find the new package:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
x11-6.9.0-i486-14_slack11.0.tgz

MD5 signatures:
+-------------+

Slackware 11.0 package:
dd7b984b91576d65b829074963dd8bd0 x11-6.9.0-i486-14_slack11.0.tgz

Installation instructions:
+------------------------+

If you already have x11-6.9.0-i486-13_slack11.0.tgz, check the version of
fc-cache. It should be 2.4.2:

# fc-cache --version
fontconfig version 2.4.2

If not, reinstall the fontconfig package:

# upgradepkg --reinstall fontconfig-2.4.2-i486-1_slack11.0.tgz

If you don't yet have the new x11, fontconfig, and freetype patches,
the versions in slackware-11.0/patches/packages may be installed with
upgradepkg in no particular order.

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGKRKmakRjwEAQIjMRAgYEAJ9WVFNSpBKFb/WtLOQnN0BDKcQ74gCfY/od
smPPTuiIIkib2ObAOoak8Ak=
=4LQM
-----END PGP SIGNATURE-----