SECURITY: Vulnerability in libX11 (fwd)

Simon Karpen (slk@LINUX1.ACM.RPI.EDU)
Thu, 29 May 1997 23:25:30 -0400

Just thought everybody would enjoy seeing credit where credit is
due, for a change. :)

Simon Karpen
karpes@rpi.edu slk@acm.rpi.edu slk@karpes.stu.rpi.edu
"Fixing Unix is easier than living with NT."
--Larry McVoy

---------- Forwarded message ----------
Date: Thu, 29 May 1997 11:07:08 -0400 (EDT)
From: Erik Troan <ewt@redhat.com>
Reply-To: redhat-list@redhat.com
To: redhat-announce-list@redhat.com
Subject: SECURITY: Vulnerability in libX11
Resent-Date: 29 May 1997 15:07:40 -0000
Resent-From: redhat-announce-list@redhat.com
Resent-cc: recipient list not shown: ;
Followup-To: redhat-list@redhat.com

A buffer overflow has been found in one of the X11 libraries, allowing
local users to gain unathorized root access to a system through any setuid
root application linked against libX11. This problem affects all Red Hat
Linux machine with X Windows installed. Fixes are available for Red Hat
4.x on Intel and SPARC machines. and 4.1 and 4.2 on Alpha machines.

Applications which are dynamically linked may be fixed by upgrading to the
-libs X package appropriate for your architecture. If you have any statically
linked setuid X programs you must recompile them against the new libX11.a
contained in the -devel package for your architecture. Red Hat Linux does
not include any statically linked X applications so this only a problem if
you've hand installed statically linked setuid applications (we don't know of
any applications likely to be installed in this configuration).

The upcoming release of XFree86 3.3 is not vulnerable to this problem so
users may safely install 3.3 once it is available. XFree86 3.2A is
vulnerable however.

All packages have been PGP signed with Red Hat's public key and Red Hat
encourages all users to upgrade to these new versions as soon as possbile.

Alpha 4.1, 4.2
--------------
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/XFree86-devel-3.2-10.alpha.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/XFree86-libs-3.2-10.alpha.rpm

Intel 4.0, 4.1, 4.2
-------------------
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/XFree86-devel-3.2-10.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/XFree86-libs-3.2-10.i386.rpm

SPARC 4.0, 4.1, 4.2
-------------------
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/X11R6.1-devel-pl1-21.sparc.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/X11R6.1-libs-pl1-21.sparc.rpm

Thanks to the readers of BUGTRAQ, the XFree86 development team, and Alexander
Yuriev for help with this problem.

Erik

-------------------------------------------------------------------------------
| "Psychopaths kill for no reason: I kill for money." -- Grosse Pointe Blank |
| |
| Erik Troan = ewt@redhat.com = ewt@sunsite.unc.edu |

--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null