--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated X.org packages fix security issue Advisory ID: FLSA:190777 Issue date: 2006-06-06 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2006-1526 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated X.org packages that fix a security issue are now available. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. 2. Relevant releases/architectures: Fedora Core 3 - i386, x86_64 3. Problem description: A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190777 6. RPMs required: Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 6c4f8cc2a12da27bc7eba148b139bbbc0c16c877 fedora/3/updates/i386/xorg-x11-6.8.2-1.FC3.45.3.legacy.i386.rpm 3f94f87fb882c2f5116fc7e153db8a27b47902d9 fedora/3/updates/i386/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 7f4c16bed758307fc89963cdc0e60d6104690384 fedora/3/updates/i386/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm 07b928bdc56bc8d2fe0828afbe59d8dfcfabbede fedora/3/updates/i386/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm c7adb504db755f139b2b8454c37b6add3204c2b0 fedora/3/updates/i386/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.i386.rpm dd5caa2e8fadf2eff908615231819cf69cf130ea fedora/3/updates/i386/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.i386.rpm 8e30c1a599b8f2bb39abdce9dbd9c0559926f63e fedora/3/updates/i386/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 23fc45993a3e83844ad2029653c580e9c9fba606 fedora/3/updates/i386/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm 13b96e8dca25068c884a5bdf2fd188f684472eb5 fedora/3/updates/i386/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm 2ecbdbc243d2fed742d56b7183367625c318029a fedora/3/updates/i386/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.i386.rpm 7bba05d923dde98a77233a5cb4ef7b67660ad345 fedora/3/updates/i386/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.i386.rpm 9d51ef13a3ba67eb4afe4e4417ff1735cf659829 fedora/3/updates/i386/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.i386.rpm 61201dd9054fbe6336381d9532f3d0ec60d9b537 fedora/3/updates/i386/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.i386.rpm 8c0f9419d979a3defbe376693c1d39cbdb8eeabb fedora/3/updates/i386/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.i386.rpm 132c26d0cc1fe2c5e3946aae493a6bf16ec8b659 fedora/3/updates/i386/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.i386.rpm 9f71fe79b510f7dd06a41b01eeb5c4850ee88411 fedora/3/updates/i386/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.i386.rpm 2b36b8679d782f6d1f0899262d1ad961fb3703e0 fedora/3/updates/i386/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.i386.rpm aba6d27d8bb5befdb4694546b66cbc88d945973b fedora/3/updates/i386/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.i386.rpm 9ac2f2b492165554bb358c39d8e4d031e1a4ee1b fedora/3/updates/x86_64/xorg-x11-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 3f94f87fb882c2f5116fc7e153db8a27b47902d9 fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 26d851236ece4e649845a0923420b5a257cd1bde fedora/3/updates/x86_64/xorg-x11-deprecated-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm c19744109a7e088d79f7ced7349af8ac8ed5d561 fedora/3/updates/x86_64/xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 07b928bdc56bc8d2fe0828afbe59d8dfcfabbede fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.i386.rpm 8f030968d84bcd3d602eb7aaf836a0d15b75c44d fedora/3/updates/x86_64/xorg-x11-devel-6.8.2-1.FC3.45.3.legacy.x86_64.rpm a1337070e3c6362133fde9d7779edf7533072133 fedora/3/updates/x86_64/xorg-x11-doc-6.8.2-1.FC3.45.3.legacy.x86_64.rpm a7feafa8ded15cf48d844366c1e3be37f23a1cfd fedora/3/updates/x86_64/xorg-x11-font-utils-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 8e30c1a599b8f2bb39abdce9dbd9c0559926f63e fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.i386.rpm 0eaa41f3cf3ac8871444908aafc1691a0008e0d5 fedora/3/updates/x86_64/xorg-x11-libs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 23fc45993a3e83844ad2029653c580e9c9fba606 fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.i386.rpm 6a0b603f3acb00c85ea9d20148ecba46e7d21368 fedora/3/updates/x86_64/xorg-x11-Mesa-libGL-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 13b96e8dca25068c884a5bdf2fd188f684472eb5 fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.i386.rpm 1c479506c5b7ebd1d49063770233d431fc754004 fedora/3/updates/x86_64/xorg-x11-Mesa-libGLU-6.8.2-1.FC3.45.3.legacy.x86_64.rpm b4f4b333906a9eeed08eb6ffcb830f8584c478dd fedora/3/updates/x86_64/xorg-x11-sdk-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 0f661c108936ea85fe38a478ee45b5bf8058b3ca fedora/3/updates/x86_64/xorg-x11-tools-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 37ad2d9f35dd213b684dda7513d98420daf4834e fedora/3/updates/x86_64/xorg-x11-twm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 33705cb293a6bfe37e55244153e5e23175d2c4e2 fedora/3/updates/x86_64/xorg-x11-xauth-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 2771026feae63c0362bfa5daa6d9666d5b8acc89 fedora/3/updates/x86_64/xorg-x11-xdm-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 5d03a8e36c3c9474d4de53d3d7cc2c7d7d936528 fedora/3/updates/x86_64/xorg-x11-Xdmx-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 46afe47ebc3548b092fa74d831cdbb80a1092213 fedora/3/updates/x86_64/xorg-x11-xfs-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 60276aa97510fc4be52aa3720a0d20a650a0c968 fedora/3/updates/x86_64/xorg-x11-Xnest-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 21260daa99910a143934800229f7acfc9f256b75 fedora/3/updates/x86_64/xorg-x11-Xvfb-6.8.2-1.FC3.45.3.legacy.x86_64.rpm 699a18fb173a9e3a23e9fd653e152d73e7aae737 fedora/3/updates/SRPMS/xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------