Sicherheit: Zahlenüberläufe in xorg-x11
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in xorg-x11
ID: FEDORA-2005-893
Distribution: Fedora
Plattformen: Fedora Core 3
Datum: Fr, 16. September 2005, 23:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
Applikationen: X11


Fedora Update Notification

Product : Fedora Core 3
Name : xorg-x11
Version : 6.8.2
Release : 1.FC3.45
Summary : The basic fonts, programs and docs for an X workstation.
Description :
X.org X11 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed

Update Information:

Updated xorg-x11 packages that fix several integer
overflows, various bugs, are now available for Fedora
Core 3.

X.Org X11 is an implementation of the X Window System,
which provides the core functionality for the Linux
graphical desktop.

Several integer overflow bugs were found in the way X.Org
X11 code parses pixmap images. It is possible for a user
to gain elevated privileges by loading a specially crafted
pixmap image. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2495
to this issue.

Additionally, this update contains:

- Support for some newer models of Intel i945 video

- A change to the X server to make it use linux PCI config
space access methods instead of directly touching the
PCI config space registers itself. This prevents the
X server from causing hardware lockups due accessing
PCI config space at the same time the kernel has it
locked. This is the latest revision of the PCI config
space access patches, which fix a few regressions
discovered on some hardware with previous patches.

- A fix for a memory leak in the X server's shadow
framebuffer code.

- A problem with the Dutch keyboard layout has been

- The open source "nv" driver for Nvidia hardware has been
updated to the latest version. Additionally, a
workaround has been added to the driver to disable known
unstable acceleration primitives on some GeForce
6200/6600/6800 models.

- Several bugs have been fixed in the Xnest X server.

- DRI is now enabled by default on all ATI Radeon hardware
except for the Radeon 7000/Radeon VE chipsets, which
is known to be unstable for many users currently when
DRI is enabled. Radeon 7000 users can re-enable DRI
if desired by using Option "DRI" in the device
section of the config file, with the understanding that
we consider it unstable currently.

- Added missing libFS.so and libGLw.so symlinks to the
xorg-x11-devel package, which were inadvertently left
out, causing apps to link to the static versions of these

- Fix xfs.init 'fonts.dir: No such file or directory' errors

A number of other issues have also been resolved. Please
consult the xorg-x11 rpm changelog for a detailed list.

* Wed Sep 14 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-1.FC3.45
- Merge 6.8.2-37.FC4.48.1 (which should have been called 6.8.2-37.FC4.45.1,
but got misnamed accidentally) into FC3 as 6.8.2-1.FC3.45 for release as
a new security and bugfix erratum for Fedora Core 3.

* Tue Sep 13 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-37.FC4.48.1
- Actually make sure xorg-x11-6.8.2-add-i945-support.patch gets applied to
the build, as it was added before to CVS but not being used.
- Build failed because 6.8.2-37.FC4.48 somehow exists already, even though
it is not based on 6.8.2-48. Bump to 6.8.2-37.FC4.48.1 and try again.

* Tue Sep 13 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-37.FC4.45.1
- Build 6.8.2-37.FC4.45.1 for security and bugfix update for FC4.

* Tue Sep 13 2005 Soren Sandmann <sandmann@redhat.com>
- Update linux-native-pciscan patch to not spew debug info.

* Tue Sep 13 2005 Soren Sandmann <sandmann@redhat.com>
- Update linux-native-pciscan patch to correctly handle byte accesses
to PCI space
- Plug leak in shadow framebuffer (-shadow-framebuffer-leak.patch).

* Tue Sep 13 2005 Soren Sandmann <sandmann@redhat.com>
- Added XFree86-4.3.0-security-CAN-2005-2495.patch

* Mon Sep 5 2005 Mike A. Harris <mharris@redhat.com>
- Updated post/postun scripts for libs to use -p /sbin/ldconfig instead,
which allows rpm to optimize/reduce package installation time

* Thu Sep 1 2005 Mike A. Harris <mharris@redhat.com>
- Added following patches, merged over from RHEL-4 branch of CVS:
- Added xorg-x11-6.8.1-ati-radeon-RV100-bus-master-fix.patch for bug
- Added xorg-x11-6.8.2-add-i945-support.patch to fix (#156964)

* Wed Aug 31 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-37.FC4.45
- Merge developmental changes from FC "devel" branch of CVS into FC4
branch for FC4 update.
- Rebuild FC-devel 6.8.2-45 release as 6.8.2-37.FC4.45 for FC4 update.

Kristian HÞgsberg <krh@redhat.com> 6.8.2-45

* Fri Jul 29 2005 Kristian HÞgsberg <krh@redhat.com> 6.8.2-45
- Disable xorg-x11-6.8.2-libvgahw-workaround-rh161242.patch and
rebuild with gcc-4.0.1-4 which has a workaround for the gcc
over-optimization bug.

* Wed Jul 27 2005 Kristian HÞgsberg <krh@redhat.com> 6.8.2-44
- Update xorg-x11-6.8.2-use-linux-native-pciscan-by-default.patch to
fix all occurrences of direct PCI config space access. Fixes from
Olivier Baudron, comment 28 in #163331.

* Thu Jul 14 2005 Mike A. Harris <mharris@redhat.com>
- Fix FC5 spec file typo for virtual libGL Requires in -devel subpackage

* Tue Jul 12 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-43
- Added xorg-x11-6.8.2-xnest-update-modifier-state-fdo3030-fdo3664.patch and
xorg-x11-6.8.2-xnest-fix-warning-spew-fdo3513.patch to fix Xnest bugs
referenced in bug (#162246)
- Updated xorg-x11-6.8.2-redhat-nv-disable-s2scopy-on-geforce-6x00.patch to
add a log file message about ScreenToScreenCopy being disabled on some
GeForce models for bug (#157715)
- Added xorg-x11-6.8.2-libvgahw-workaround-rh161242.patch to attempt to work
around bug (#161242, 162274, 153729, 159106, 160500, 161047, 160470,
160453, 160307, 160777, 151688, 154502, 161566, 160950, 160580, 157556,
161756, 160477, 155416, 160287, 162567, 157593, fdo#2991, fdo#2976,
fdo#3557, gnu#22278)
- Updated xorg-x11-6.8.2-ati-radeon-7000-disable-dri.patch to allow dri
to be forcibly enabled on Radeon 7000 if desired. (#150174)

* Fri Jul 8 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-42
- Added xorg-x11-6.8.2-redhat-nv-disable-s2scopy-on-geforce-6x00.patch to
work around "nv" driver bug, by disabling ScreenToScreenCopy on
GeForce 6200/6800/6800 cards which the problem has been reported on,
until there is a real upstream fix, as the current CVS head driver we
now have, still suffers from the problem. We may also need to blacklist
other cards as new reports come in. (#157715)

* Mon Jul 4 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-41
- Added xorg-x11-6.8.2-nv-driver-CVSHEAD- backport of CVS head
nv driver to track the latest bug fixes and hardware support. Hopefully
this will also fix critical bug (#157715) also.
- Disabled patches that are included in the above nv driver update patch:
- xorg-x11-6.8.3-nv-hw-fdo2533-1896.patch
- xorg-x11-6.8.3-nv-patch-fdo2380-1752.patch

* Thu Jun 30 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-40
- Added xorg-x11-6.8.2-xkb-dutch-keyboard-layout-fixes.patch as a proposed
fix for Dutch keyboard layout issue (#135233)

* Thu Jun 23 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-39
- Updated xdm.pamd to work with new audit system. (#159332)
- Made copy of xdm.pamd named "xdm-pre-audit-system.pamd" for FC3/FC4
- Added xorg-x11-xdm "Requires: pam >= 0.77-66.8" for RHEL-4 builds,
"Requires: pam >= 0.79-10" for FC5 builds. The audit
functionality is
disabled for FC3/FC4 builds.
- Added new build target macro "build_fc5" and updated spec file to use
it where appropriate.

* Thu Jun 9 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-38
- Removed unused legacy with_new_savage_driver macro and conditional
spec file code.
- Added xorg-x11-6.8.2-ati-radeon-7000-disable-dri.patch to disable DRI on
Radeon 7000/VE hardware to test patch in rawhide prior to inclusion in
RHEL4U2. (#150174)

* Mon Jun 6 2005 Mike A. Harris <mharris@redhat.com>
- Removed with_libs_data macro as it is no longer useful.
- Updated "Obsoletes: xorg-x11-libs-data" line to remove versioning

* Mon May 30 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-37
- Implemented xorg-x11-6.8.2-redhat-kt.patch new kernel tainting diagnostics
patch to aide in troubleshooting reported issues.
- Removed older redhat-custom patch as the kt patch above replaces it now.
- s/XFree86CustomVersion/XorgCustomVersion/ in host.def
- Build for FC5 development.

* Mon May 30 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-36
- Added xorg-x11-6.8.2-ia64-elfloader-cache-flush.patch to fix cache flush
issue on ia64 systems (#153103)

* Wed May 25 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-35
- Remove /usr/X11R6/lib/X11/xinit symlink on non with_Xserver builds to
prevent rpm complaining about unpackaged symlinks on s390 et al. now that
bug (#108778) is fixed.

* Mon May 23 2005 Mike A. Harris <mharris@redhat.com>
- Made FC4 patches enabled for FC3, which will be merged into the FC-3
branch, and released as an FC3-testing update soon.

* Mon May 23 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-34
- Add libFS.so and libGLw.so to -devel package file list, as they were just
discovered to be missing all along due to a bug (#108778) in rpm not
detecting unpackaged symlinks in buildroots.

* Fri May 20 2005 Bill Nottingham <notting@redhat.com> 6.8.2-33
- Fix xfs.init 'fonts.dir: No such file or directory' errors (#155349)

* Mon May 16 2005 Kristian HÞgsberg <krh@redhat.com> 6.8.2-32
- Add patch xorg-x11-6.8.2-ati-radeon-ppc-enable-dynamic-clocks.patch
from David Woodhouse to enable dynamic clocks for radeons by default
on PPC (#152648).

* Fri May 13 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-31
- Added xorg-x11-6.8.2-ati-ragexl-ia64-avoidcpiofix.patch to workaround issue
on ia64 with CPIO disabled in ati Mach64 driver (#155609,155610). For
future reference, this is also included in RHEL4_U1 build 6.8.2-1.EL.13.5.

* Sat Apr 30 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-30
- Disabled xfs.init-fc4-startearly.patch as it breaks systems that /usr is
on NFS. (FC4Blocker #156413)

* Mon Apr 25 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-29
- Added xfs.init-fc4-startearly.patch to patch xfs.init to start earlier in
the boot process for gdm early login on FC4 builds. This is done to the
RPM_BUILD_ROOT installed file to ensure the changes do not get checked into
CVS for the master initscript accidentally.

* Fri Apr 22 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-28
- Added xorg-x11-6.8.2-xft-releasefile-crash.patch for fc4 builds (#155634)
- Reordered patch section to clean up numbering inconsistencies
- Update freetype BuildRequires to version 2.1.8, which is what ships in
6.8.2 stock.

* Fri Apr 22 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-27
- Change xfs initscript dependancies from "Requires(preun,postun):" to
two separate lines because rpm has a bug (#118773) that causes dependancies
of this syntax to be ignored.

* Thu Apr 21 2005 Soren Sandmann Pedersen <sandmann@redhat.com>
- Make old custom-modelines RHEL4 only. Add .laptop-modes.patch with
support for various weird laptop resolutions.

* Wed Apr 20 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-26
- Re-enable
patch on FC3/FC4, until we have a new renderaccel patch to test.
- Delete Xprint manpage.

* Mon Apr 18 2005 Kristian HÞgsberg <krh@redhat.com> 6.8.2-25
- Add xorg-x11-6.8.1-ati-radeon-dynamic-clocks-fix-2.patch to revert
radeon dynamic clock setup to what we had in 6.8.1. The 6.8.2 code
still causes lockups on some systems (#152648).

* Sat Apr 16 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-24
- Remove the Speedo font files, as Xorg no longer supports Speedo fonts in
6.8.0 onward but includes the fonts accidentally. (#142744,154191)
- Changed base subpackage post script to remove the Speedo font path from xfs
configuration to avoid warnings in /var/log/messages from xfs about bad
font path elements.

* Fri Apr 15 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-23
- Disable xorg-x11-6.8.2-ati-radeon-disable-broken-renderaccel-by-default.patch
patch on FC3/FC4, so we can test the real bugfix.

* Tue Apr 12 2005 Kristian HÞgsberg <krh@redhat.com> 6.8.2-22
- Remove xorg-x11-6.8.3-intrinsics-gcc4-fdo2893-2305.patch and
remember to cvs add xorg-x11-6.8.3-deassert-ddc-lines.patch
- Add patches nominated for 6.8.3:
- xorg-x11-6.8.3-alpha-srel32-fix-fdo1765-2174.patch
- xorg-x11-6.8.3-canonicalize-builderaddr-1-fdo2884-2293.patch
- xorg-x11-6.8.3-intrinsics-gcc4-fdo2893-2305.patch
- xorg-x11-6.8.3-iso8859-compose-files-fdo2592-2156.patch
- xorg-x11-6.8.3-lbxproxy-fdo2678-2051.patch
- xorg-x11-6.8.3-nv-hw-fdo2533-1896.patch
- xorg-x11-6.8.3-nv-patch-fdo2380-1752.patch
- xorg-x11-6.8.3-radeon-cursor-sync-fdo2844-2230.patch
- xorg-x11-6.8.3-radeon-render-byteswap-fdo2164-1863.patch
- xorg-x11-6.8.3-radeon-set-fb-location-fdo2698-2079.patch
- xorg-x11-6.8.3-saver-c-fdo2194-1613.patch
- xorg-x11-6.8.3-uname-fdo2123-1587.patch
- xorg-x11-6.8.3-void-fdo2467-1828.patch
- xorg-x11-6.8.3-xnest-fdo2599-1964.patch
- xorg-x11-6.8.3-xorgcfg-typo-fdo2896-2311.patch
- xorg-x11-6.8.3-xset-fdo2258-2166.patch
Add patch to deassert i2s lines after ddc probe

* Tue Apr 5 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-21
- Added xorg-x11-6.8.2-xorg.conf.man-dont-refer-to-nonexisting-example.patch
to fix bug (#69335)
- Removed dead XFree86- as it has not worked for
several X releases and is unmaintained.

* Tue Apr 5 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-20
- Updated pre script to only strip away XkbRules lines indicating
or "xorg" rules be used. (#142429)
- xfs.init reordered find "-maxdepth" option to be first in the list of
options because some people report errors, although I can not reproduce
locally, implying it is a change in GNU findutils. (#154056)

* Mon Apr 4 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-19
- xfs.init updated with fixes for chkfontpath invocation, as the previous
code did not filter the output of chkfontpath very good. The new sed
filtering is more reliable now, until chkfontpath is enhanced to provide
the info in a way that does not require filtering.
- xfs.init updated to handle .ot[cf] fonts before .tt[cf] fonts, which is a
small optimization for the case of dirs containing .ot[cf] and .tt[cf]
fonts, as it bypasses the prior invocation of ttmkfdir which would get
discarded anyway. Now only one of the two will be invoked, however the
resulting fonts.dir will be identical to before.
- xfs.init updated to *always* run fc-cache without arguments, in order to
ensure all fontconfig configured font directories have updated cache
files. (#133451)
- xfs.init should no longer try to create files on read-only filesystems,
coincidentally due to the above changes, except when the font metadata
is genuinely outdated, which is an error condition no matter how the
filesystem is mounted (#74398)

* Sun Apr 3 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-18
- Added new file "CHANGELOG-rpm" as SOURCE25, which contains all rpm
file changelog entries from XFree86 4.3.0 and older era of historical
significance, in order to reduce the per-subpackage rpm payload costs
of large changelogs at install time, and to generally reduce spec file

* Sun Apr 3 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-17
- Remove precompiled video and input drivers and duplicate copy of Xorg
server binary from xorg-x11-sdk subpackage as they are unnecessary and
non-useful duplication consuming CDROM space.

* Sat Apr 2 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-16
- Added xorg-x11-6.8.2-use-linux-native-pciscan-by-default.patch to fix PCI
config space contention issue by changing the X server to default to using
Linux native PCI interfaces instead of directly banging on PCI space
itself (#152608).
- Clean up xorg-x11-doc subpackage by removing junk that gets installed that
should not have been installed by the upstream Makefiles.

* Sat Apr 2 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-15
- Added "find $RPM_BUILD_ROOT -name CVS -type d | xargs rm -rf" to rm
section of %install, to force CVS directories to be removed so they do not
end up getting installed in the final packaging.

* Tue Mar 29 2005 Mike A. Harris <mharris@redhat.com> 6.8.2-14
- Added "Provides: libGL = 1" virtual provide to the
subpackage, and "Provides: libGLU = 1" virtual provide to the
xorg-x11-Mesa-libGLU subpackage, so that packages providing the headers
can require the virtual provide, rather than a specific implementation.
Currently restricted to build_fc4 for beta testing.
- Added "Requires: libGL >= 1, libGLU >= 1" to xorg-x11-devel
package, as the
libGL and libGLU headers are currently present in xorg-x11-devel. Also
restricted to build_fc4 for testing. Once confirmed safe, with no
regressions, all of these changes should be enabled simultaneously for all

This update can be downloaded from:

0ee3b6d77c31b6df03ba8d4e2be1fa0b SRPMS/xorg-x11-6.8.2-1.FC3.45.src.rpm
a0ec90da5045514c6f4fb52c52293f29 x86_64/xorg-x11-6.8.2-1.FC3.45.x86_64.rpm
206dd99f55a69cee8b6a49c59b5e4ae0 x86_64/xorg-x11-xfs-6.8.2-1.FC3.45.x86_64.rpm
171a4e2cc4395cd3b43ee9d4fd5ea974 x86_64/xorg-x11-twm-6.8.2-1.FC3.45.x86_64.rpm
8859b2c6512a5c14a037157d0c6f5931 x86_64/xorg-x11-xdm-6.8.2-1.FC3.45.x86_64.rpm
163141233c32603b07d40181399d9678 x86_64/xorg-x11-doc-6.8.2-1.FC3.45.x86_64.rpm
ddcedd57f74acc3562929d4de8f0d598 x86_64/xorg-x11-sdk-6.8.2-1.FC3.45.x86_64.rpm
2c0841a96b94129bfad7aa10a72d4278 x86_64/xorg-x11-devel-6.8.2-1.FC3.45.i386.rpm
2e0bc2f50f58dc2074349069777af687 x86_64/xorg-x11-libs-6.8.2-1.FC3.45.i386.rpm
007aeb2da60824bb7e5984b119f995aa i386/xorg-x11-6.8.2-1.FC3.45.i386.rpm
2c0841a96b94129bfad7aa10a72d4278 i386/xorg-x11-devel-6.8.2-1.FC3.45.i386.rpm
4dc6f0ec75c66499acf74e564e1b3729 i386/xorg-x11-xfs-6.8.2-1.FC3.45.i386.rpm
75e1e4a33eba697b4ddffc57d62f353e i386/xorg-x11-twm-6.8.2-1.FC3.45.i386.rpm
80743565da6946975ea4c6d6610f95cd i386/xorg-x11-xdm-6.8.2-1.FC3.45.i386.rpm
2e0bc2f50f58dc2074349069777af687 i386/xorg-x11-libs-6.8.2-1.FC3.45.i386.rpm
cc4a785c5961cd5b0ba07560f4e68924 i386/xorg-x11-doc-6.8.2-1.FC3.45.i386.rpm
b466f2054ec3d73250734824d2c73965 i386/xorg-x11-Xdmx-6.8.2-1.FC3.45.i386.rpm
3d3def36a9cd3bef65ae849c3d385c11 i386/xorg-x11-Xnest-6.8.2-1.FC3.45.i386.rpm
b16873f1b4970afc3601a9644974b275 i386/xorg-x11-tools-6.8.2-1.FC3.45.i386.rpm
093673ae97268bf1bb977e9dc147ac38 i386/xorg-x11-xauth-6.8.2-1.FC3.45.i386.rpm
953e4d80901bcf51dfb6ff60238d79c6 i386/xorg-x11-Xvfb-6.8.2-1.FC3.45.i386.rpm
d239a92b43df4bd203dbbaa6ed1d5671 i386/xorg-x11-sdk-6.8.2-1.FC3.45.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list
Pro-Linux @Facebook
Neue Nachrichten