New updated XFree86 3.3.6 packages are available for Red Hat Linux 7.1, 7.0, and 6.2 which contain many security updates, bug fixes, and updated drivers for various different families of video hardware including: S3 Savage, S3 Trio64, S3 ViRGE, Intel i810/i815, ATI Rage Mobility Mach64, and numerous other driver fixes and improvements.
Since the initial release of XFree86 3.3.6, many bugs have been fixed in the XFree86 stable branch of CVS (xf-3_3-branch). This includes several security updates, various driver and library bug fixes, and performance improvements. In addition to the updated release from XFree86.org are several further enhancements included - such as updated S3 drivers, i810/815, and other improvements. Below is a list of some of the important security updates taken from the XFree86 CHANGELOG document. The complete list of updates is quite lengthy however, so I list only some of the highlights here. This is not an exhaustive or complete list. Please refer to the XFree86 CHANGELOG document contained in the source code RPM package for the complete list. 1630. [SECURITY] Avoid DoS attacks on xdm (Keith Packard). 1629. [SECURITY] Check for negative reply length/overflow in _XAsyncReply (Xlib) (#4601, Mike Harris). 1625. Include <time.h> in Xos.h to get struct tm (based on #4464, Mike Harris, and H.J. Lu). 1624. [SECURITY] fix possible buffer overflow (NOT on stack) in xdm xdmcp code (patch69 from Red Hat SRPMS). 1623. [SECURITY] Pull fixed from 4.0.2 for following problems: - XlibInt buffer overflow - libICE denial of service - XOpenDisplay buffer overflow (#4450, Branden Robinson) 1621. [SECURITY]: Fix temp file problem in Imake.rules, InstallManPageAliases (Matthieu Herrb) 1620. [SECURITY]: Pull fixes from the main branch: - XCSECURITY DoS (Paulo Caesar Pereira de Andrade and Keith Packard), - _XAsyncReply() Xlib stack corruption, - Xaw temp file handling (Branden Robinson). 1619. [SECURITY] Safe tempfile handline for imake's probing of glibc version (based on #4257, Colin Phipps). 1618. Fix a libXt bug that affects multidisplay applications when Xt is built to use select(2) rather than poll(2) (#A.181, Antony Uspensky). 1617. Back port GeForce2 support for the nv driver from 4.x (#4103, Jarno Paananen). 1616. [SECURITY] Fix a 1-byte overflow in Xtrans.c (#4182, Aaron Campbell). 1615. [SECURITY] Back port fix for http://www.securityfocus.com/archive/1/139436 from 4.0 (#4181, Matthieu Herrb). 1613. Add DPMS support to I128 driver (Robin Cutshaw). 1611. [SECURITY] Fix tmp file problem with makedepend scripts (based on report from Alan Cox). 1605. [SECURITY] Fix a buffer overflow with the -xkbmap X server flag (#A.91, Trevor Johnson). 1604. Fix an xfs crash that shows up when many clients connect (#A.48, Remy Card). 1602. Fix a core dump in fstobdf when using 16 bit fonts (#A.25, Morten Storgaard Nielsen). 1601. Fix memleak warning when doing realloc(NULL, size) (#A.7, Charles G Waldman). 1599. Fix mode restore bug in ATI driver (Marc La France). 1596. Fix Rage 128 detection bug in ATI driver (Marc La France). 1594. Fix an Xlib bug that causes freed memory to be accessed. This is exposed by Netscape (#3738, Keith Packard). 1593. Add DGA support to I128 server (Robin Cutshaw). 1592. Fix remaining ATI Mobility problems (Marc La France). 1591. Fix for dead keys in XKB Swedish, Norwegian and Finnish keyboards (#3702, 3703, Preston Brown). 1590. [SECURITY] Fix possible races in xauth and libXau (#3690, 3694, Colin Phipps). 1586. Fix the pam_close_session problems in xdm (#3621, Preston Brown). 1585. Fix an Xserver core dump that can happen when xdmcp-related command line options have missing arguments (#3614, Harald Koenig). 1578. rage128 driver fix (Marc La France).