Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: xorg-x11-apps and libX11 security update
Advisory ID: RHSA-2007:0157-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0157.html
Issue date: 2007-04-16
Updated on: 2007-04-16
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1667
- ---------------------------------------------------------------------

1. Summary:

Updated xorg-x11-apps and libX11 packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

An integer overflow flaw was found in the X.org XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)

Users of the X.org X11 server should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

231694 - CVE-2007-1667 XGetPixel() integer overflow

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libX11-1.0.3-8.0.1.el5.src.rpm
4c6cf452385e085b57f53f32cb9d1521 libX11-1.0.3-8.0.1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-apps-7.1-4.0.1.el5.src.rpm
ff54c8414720357c1777beba9c7b9e25 xorg-x11-apps-7.1-4.0.1.el5.src.rpm

i386:
eafebca30be46a1f126a9085729dae91 libX11-1.0.3-8.0.1.el5.i386.rpm
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
6515c78f537b870dfe18fdd3d53ddfb9 xorg-x11-apps-7.1-4.0.1.el5.i386.rpm
b8ef8ca891a67f6e62c63bb1bf9d22d1 xorg-x11-apps-debuginfo-7.1-4.0.1.el5.i386.rpm

x86_64:
eafebca30be46a1f126a9085729dae91 libX11-1.0.3-8.0.1.el5.i386.rpm
ea143cb7bbe170730729d1dff11a54fa libX11-1.0.3-8.0.1.el5.x86_64.rpm
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
8da6f620d1dfbe194863d25ffd9a8dad libX11-debuginfo-1.0.3-8.0.1.el5.x86_64.rpm
43a723f54a8905609c19501e67a9f040 xorg-x11-apps-7.1-4.0.1.el5.x86_64.rpm
8f316a250f656a6418c320145ac02b62 xorg-x11-apps-debuginfo-7.1-4.0.1.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libX11-1.0.3-8.0.1.el5.src.rpm
4c6cf452385e085b57f53f32cb9d1521 libX11-1.0.3-8.0.1.el5.src.rpm

i386:
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
7b2d2ba7bb68a47bd7662322e781ae7a libX11-devel-1.0.3-8.0.1.el5.i386.rpm

x86_64:
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
8da6f620d1dfbe194863d25ffd9a8dad libX11-debuginfo-1.0.3-8.0.1.el5.x86_64.rpm
7b2d2ba7bb68a47bd7662322e781ae7a libX11-devel-1.0.3-8.0.1.el5.i386.rpm
acadc303e67b0c14da568f0425fde65d libX11-devel-1.0.3-8.0.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libX11-1.0.3-8.0.1.el5.src.rpm
4c6cf452385e085b57f53f32cb9d1521 libX11-1.0.3-8.0.1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xorg-x11-apps-7.1-4.0.1.el5.src.rpm
ff54c8414720357c1777beba9c7b9e25 xorg-x11-apps-7.1-4.0.1.el5.src.rpm

i386:
eafebca30be46a1f126a9085729dae91 libX11-1.0.3-8.0.1.el5.i386.rpm
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
7b2d2ba7bb68a47bd7662322e781ae7a libX11-devel-1.0.3-8.0.1.el5.i386.rpm
6515c78f537b870dfe18fdd3d53ddfb9 xorg-x11-apps-7.1-4.0.1.el5.i386.rpm
b8ef8ca891a67f6e62c63bb1bf9d22d1 xorg-x11-apps-debuginfo-7.1-4.0.1.el5.i386.rpm

ia64:
eafebca30be46a1f126a9085729dae91 libX11-1.0.3-8.0.1.el5.i386.rpm
d9bf472eb7f382f576fd14002f5d1887 libX11-1.0.3-8.0.1.el5.ia64.rpm
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
1670f3877954d1392bf9ba70046fb30a libX11-debuginfo-1.0.3-8.0.1.el5.ia64.rpm
cf8a8ffe44483347cdaa5c43e604b615 libX11-devel-1.0.3-8.0.1.el5.ia64.rpm
e47e676aa542e3b64c8277ad792f0298 xorg-x11-apps-7.1-4.0.1.el5.ia64.rpm
8086b6c9997074397107692e43cf333f xorg-x11-apps-debuginfo-7.1-4.0.1.el5.ia64.rpm

ppc:
23f1c00ed705fbd1e88d40a82fea50bd libX11-1.0.3-8.0.1.el5.ppc.rpm
60c91ded38d03943378b21eb6ec57b24 libX11-1.0.3-8.0.1.el5.ppc64.rpm
24b4bcb0be6efb55d99eb11b900512f0 libX11-debuginfo-1.0.3-8.0.1.el5.ppc.rpm
310616345f70bf6b26de90897cd5dea4 libX11-debuginfo-1.0.3-8.0.1.el5.ppc64.rpm
ecd2ee6fa8290b653b0e885eb432970f libX11-devel-1.0.3-8.0.1.el5.ppc.rpm
ee670ec6168e6f2add6397e97da551b0 libX11-devel-1.0.3-8.0.1.el5.ppc64.rpm
3216a943acb93f3c8a8f4e764729143d xorg-x11-apps-7.1-4.0.1.el5.ppc.rpm
b6aef042a1a10c4b0fbd4f19124eba4e xorg-x11-apps-debuginfo-7.1-4.0.1.el5.ppc.rpm

s390x:
f44eab75f0bca9aab6aeec4ca273dcbf libX11-1.0.3-8.0.1.el5.s390.rpm
baa7037daf2981a93f81ffa49d6b020a libX11-1.0.3-8.0.1.el5.s390x.rpm
51ba8a612370193a3c4f80cfbad54db6 libX11-debuginfo-1.0.3-8.0.1.el5.s390.rpm
f62a72bbdacb66f26a0fcf0a50ea09f5 libX11-debuginfo-1.0.3-8.0.1.el5.s390x.rpm
2a169779c94277d62860dc5193a4f100 libX11-devel-1.0.3-8.0.1.el5.s390.rpm
b464e0943f917152bc558a03d6e5885e libX11-devel-1.0.3-8.0.1.el5.s390x.rpm
d5be859eeb98b2672e5dbbe5f1e98fc8 xorg-x11-apps-7.1-4.0.1.el5.s390x.rpm
cb8efaae70fe6ea020661a49bc665ff8 xorg-x11-apps-debuginfo-7.1-4.0.1.el5.s390x.rpm

x86_64:
eafebca30be46a1f126a9085729dae91 libX11-1.0.3-8.0.1.el5.i386.rpm
ea143cb7bbe170730729d1dff11a54fa libX11-1.0.3-8.0.1.el5.x86_64.rpm
35eb6170e8e0c26993f520cf839c120c libX11-debuginfo-1.0.3-8.0.1.el5.i386.rpm
8da6f620d1dfbe194863d25ffd9a8dad libX11-debuginfo-1.0.3-8.0.1.el5.x86_64.rpm
7b2d2ba7bb68a47bd7662322e781ae7a libX11-devel-1.0.3-8.0.1.el5.i386.rpm
acadc303e67b0c14da568f0425fde65d libX11-devel-1.0.3-8.0.1.el5.x86_64.rpm
43a723f54a8905609c19501e67a9f040 xorg-x11-apps-7.1-4.0.1.el5.x86_64.rpm
8f316a250f656a6418c320145ac02b62 xorg-x11-apps-debuginfo-7.1-4.0.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGI5l3XlSAg2UNWIIRAnowAJ0Vqh4K1Je+8h7GZ8Sz+5ZVsnadggCgnRhg
kzX03SJAV6/n9FO7AhbSLww=
=lcwQ
-----END PGP SIGNATURE-----