Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in xorg-server
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in xorg-server
ID: SSA:2013-287-05
Distribution: Slackware
Plattformen: Slackware -current, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37, Slackware 14.0, Slackware x86_64 14.0
Datum: Di, 15. Oktober 2013, 08:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
Applikationen: X11

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2013-287-05)

New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1,
13.37, 14.0, and -current to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.12.4-i486-2_slack14.0.txz: Rebuilt.
Patched a use-after-free bug that can cause an X server crash or
memory corruption.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
(* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.12.4-i486-2_slack14.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz: Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.1:
xorg-server-1.4.2-i486-3_slack12.1.tgz
xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz

Updated packages for Slackware 12.2:
xorg-server-1.4.2-i486-3_slack12.2.tgz
xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz

Updated packages for Slackware 13.0:
xorg-server-1.6.3-i486-3_slack13.0.txz
xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
xorg-server-1.6.3-x86_64-3_slack13.0.txz
xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz

Updated packages for Slackware 13.1:
xorg-server-1.7.7-i486-3_slack13.1.txz
xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
xorg-server-1.7.7-x86_64-3_slack13.1.txz
xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz

Updated packages for Slackware 13.37:
xorg-server-1.9.5-i486-3_slack13.37.txz
xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
xorg-server-1.9.5-x86_64-3_slack13.37.txz
xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz

Updated packages for Slackware 14.0:
xorg-server-1.12.4-i486-2_slack14.0.txz
xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
xorg-server-1.12.4-x86_64-2_slack14.0.txz
xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz

Updated packages for Slackware -current:
xorg-server-1.14.3-i486-2.txz
xorg-server-xephyr-1.14.3-i486-2.txz
xorg-server-xnest-1.14.3-i486-2.txz
xorg-server-xvfb-1.14.3-i486-2.txz

Updated packages for Slackware x86_64 -current:
xorg-server-1.14.3-x86_64-2.txz
xorg-server-xephyr-1.14.3-x86_64-2.txz
xorg-server-xnest-1.14.3-x86_64-2.txz
xorg-server-xvfb-1.14.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.1 packages:
ef233277d73f30e759df824af80cd0e4 xorg-server-1.4.2-i486-3_slack12.1.tgz
c12a4e3431a9a44477f407a212b43e00 xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz
f7b4d111a7e31c63b2c996a3d0589d96 xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz

Slackware 12.2 packages:
4ddafe641d32fd03d5a4c00b635e656b xorg-server-1.4.2-i486-3_slack12.2.tgz
476c7be787f06648309e8896a6cf6a02 xorg-server-xnest-1.4.2-i486-3_slack12.2.tgz
dc1e372a735936ee41e6aa94e9604614 xorg-server-xvfb-1.4.2-i486-3_slack12.2.tgz

Slackware 13.0 packages:
254f0eabdf20693f94d188498e48c256 xorg-server-1.6.3-i486-3_slack13.0.txz
1bdd1b84658d5c59e0628cbbe1921eb8 xorg-server-xephyr-1.6.3-i486-3_slack13.0.txz
a6d90303c5a7ca6c011dbac8eee4607e xorg-server-xnest-1.6.3-i486-3_slack13.0.txz
1c2c59bc2941e17dfa43b0b98f59f92e xorg-server-xvfb-1.6.3-i486-3_slack13.0.txz

Slackware x86_64 13.0 packages:
ad23cbef6787d1108cf8bad0772125e8 xorg-server-1.6.3-x86_64-3_slack13.0.txz
8a338aa65a6804db160bd5f15c7f379b
xorg-server-xephyr-1.6.3-x86_64-3_slack13.0.txz
80f96f34eb83b392828e53285fd472bc
xorg-server-xnest-1.6.3-x86_64-3_slack13.0.txz
8575e2cd0385853eab994e5b8e69a64b xorg-server-xvfb-1.6.3-x86_64-3_slack13.0.txz

Slackware 13.1 packages:
5c51f895cde418ecb8f688390f93fcb1 xorg-server-1.7.7-i486-3_slack13.1.txz
ae847e54395d1f5f26732a483c2b14f2 xorg-server-xephyr-1.7.7-i486-3_slack13.1.txz
73f81dc775d11c1088d47ed3b3008eb6 xorg-server-xnest-1.7.7-i486-3_slack13.1.txz
91bca29a7670c1f7351656e3bd80c103 xorg-server-xvfb-1.7.7-i486-3_slack13.1.txz

Slackware x86_64 13.1 packages:
6b11f1c55b85e3f411145a1641ad5ea1 xorg-server-1.7.7-x86_64-3_slack13.1.txz
71152af1af3987fb8977d02515963cd7
xorg-server-xephyr-1.7.7-x86_64-3_slack13.1.txz
50dbbf40997dca93178d8cfa0cf85d13
xorg-server-xnest-1.7.7-x86_64-3_slack13.1.txz
a2e855a63994d2651fcad0d5e2a81b7f xorg-server-xvfb-1.7.7-x86_64-3_slack13.1.txz

Slackware 13.37 packages:
97f2d5436a755b2a6ce825ae35c13b75 xorg-server-1.9.5-i486-3_slack13.37.txz
e78709fb9794e39dc6fec49dd4ec26e4
xorg-server-xephyr-1.9.5-i486-3_slack13.37.txz
3e88197c8fd9683bde5a9a212b0be9aa xorg-server-xnest-1.9.5-i486-3_slack13.37.txz
f1e937df516c72b5d14895e1451f3b9a xorg-server-xvfb-1.9.5-i486-3_slack13.37.txz

Slackware x86_64 13.37 packages:
5602ee11e2337ad6df84fe6c6263f09a xorg-server-1.9.5-x86_64-3_slack13.37.txz
be8f63cff02433e24461862e191a2766
xorg-server-xephyr-1.9.5-x86_64-3_slack13.37.txz
7ef2877a8a6a2acaba88b216722281c4
xorg-server-xnest-1.9.5-x86_64-3_slack13.37.txz
9761b6f2829b4155dcb16385aa459445
xorg-server-xvfb-1.9.5-x86_64-3_slack13.37.txz

Slackware 14.0 packages:
c5261d5ff8a2d8216b370c442a5476fb xorg-server-1.12.4-i486-2_slack14.0.txz
5a6db769fd8b0ce3558f244bf43751ef
xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz
4a400005265699881f8428a6ffff1194 xorg-server-xnest-1.12.4-i486-2_slack14.0.txz
58927f81581367deac8e93725dcd6a3e xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz

Slackware x86_64 14.0 packages:
a37cf73a34f61fdca1bfd6ffe8d89a4b xorg-server-1.12.4-x86_64-2_slack14.0.txz
fbdf1a0de0b8d9163d9741fd864e0c38
xorg-server-xephyr-1.12.4-x86_64-2_slack14.0.txz
7fc80fe92d44cb1dd226553d4bdb1eb8
xorg-server-xnest-1.12.4-x86_64-2_slack14.0.txz
d98533c5ce95757e137611d75f676d79
xorg-server-xvfb-1.12.4-x86_64-2_slack14.0.txz

Slackware -current packages:
a9aaea9c8475aa69ab4d6a5bdc57b0ce x/xorg-server-1.14.3-i486-2.txz
49a7ab4095dbe7403b2a3feb21da483a x/xorg-server-xephyr-1.14.3-i486-2.txz
37009849f0acdec2d398e1cd2c130567 x/xorg-server-xnest-1.14.3-i486-2.txz
cf0397cb1660de38e528b284517c83b1 x/xorg-server-xvfb-1.14.3-i486-2.txz

Slackware x86_64 -current packages:
628e0fa2eef95cfd02c213b6aa7260f2 x/xorg-server-1.14.3-x86_64-2.txz
9f86e0a8297b11064242af87476227f2 x/xorg-server-xephyr-1.14.3-x86_64-2.txz
762bb7da240799ae6128892377ced653 x/xorg-server-xnest-1.14.3-x86_64-2.txz
c80caf380942e53c2de54426d6dd831d x/xorg-server-xvfb-1.14.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-1.12.4-i486-2_slack14.0.txz
xorg-server-xephyr-1.12.4-i486-2_slack14.0.txz xorg-server-xnest-1.12.4-i486-2_slack14.0.txz xorg-server-xvfb-1.12.4-i486-2_slack14.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJcYAoACgkQakRjwEAQIjOuqACggFgshiciDrJwSLuxoVAehHC0
uzUAoJH4SrtTN79GBbdOo8GBJX8dsjqE
=Vdxi
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung