Updated XFree86 packages that fix several integer overflows, various bugs,
and add ATI RN50/ES1000 support are now available for CentOS
This update has been rated as having important security impact by the Red
Hat Security Response Team.
XFree86 is an implementation of the X Window System, which provides
the core functionality for the Linux graphical desktop.
Several integer overflow bugs were found in the way XFree86 parses pixmap
images. It is possible for a user to gain elevated privileges by loading a
specially crafted pixmap image. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2495 to this issue.
Additionally this update adds the following new features in this release:
- Support for ATI RN50/ES1000 chipsets has been added.
The following bugs were also fixed in this release:
- A problem with the X server's module loading system that led to cache
incoherency on the Itanium architecture.
- The X server's PCI config space accesses caused contention
with the kernel if accesses occurred while the kernel lock was held.
- X font server (xfs) crashed when accessing Type 1 fonts
- A problem with the X transport library prevented X applications
from starting if the hostname started with a digit.
- An issue where refresh rates were being restricted to 60Hz on
some Intel i8xx systems
Users of XFree86 should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.