The Slackware Linux Project: Mailing List Info

Mailing List Info
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
Archives
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] xorg-server (SSA:2008-183-01)
Date: Tue, 1 Jul 2008 12:24:40 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2008-183-01)

New xorg-server packages are available for Slackware 12.1 and -current to
fix security issues in xorg-server 1.4 prior to version 1.4.2.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362


Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.4.2-i486-1_slack12.1.tgz:
  Upgraded xorg-server to address denial of service and possible arbitrary
  code execution flaws reported in xorg-server 1.4 prior to 1.4.2.
  For more information about the issues patched, please refer to:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
  (* Security fix *)
patches/packages/xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz:
  Security fixes (see CVE entries above).
  (* Security fix *)
patches/packages/xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz:
  Security fixes (see CVE entries above).
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-1.4.2-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.4.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.4.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.4.2-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 12.1 packages:
4f53f4f232f614f43ff8455602bb3391  xorg-server-1.4.2-i486-1_slack12.1.tgz
7a9b6e3801c08d6d1839b68dd9715e9e  xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz
1a1b00c1867d81369d167933229e9284  xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz

Slackware -current packages:
a8e1298855bbf08217343a7aa8776b0f  xorg-server-1.4.2-i486-1.tgz
64491ebde2bf1f15240c36921aa965ba  xorg-server-xnest-1.4.2-i486-1.tgz
e2eec7d598adee8e2bf4359868b2670f  xorg-server-xvfb-1.4.2-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-1.4.2-i486-1_slack12.1.tgz xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhqfdkACgkQakRjwEAQIjPQ6wCdHh8H8F0tcj80PcrBUhRchu/y
2sEAn0mlfJrOdY+fpsFU2lXkKMBkfZTA
=lor/
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.