Rapid7 Vulnerability & Exploit Database

RHSA-2003:066: Updated XFree86 packages provide security and bug fixes

Back to Search

RHSA-2003:066: Updated XFree86 packages provide security and bug fixes



XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. Updated XFree86 packages for Red Hat Linux 7.3 are now available which include several security fixes, bug fixes, enhancements, and driver updates.

Security fixes: - Xterm, provides an escape sequence for reporting the current window title. This escape sequence takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the victim's Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the attacker would then have to convince the victim to press Enter for the shell to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0063 to this issue. - It is possible to lock up versions of Xterm by sending an invalid DEC UDK escape sequence. (CAN-2003-0071) - XFree86 4.2.1 also contains an updated fix for CAN-2002-0164, a vulnerability in the MIT-SHM extension of the X server that allows local users to read and write arbitrary shared memory. The original fix did not cover the case where the X server is started from xdm. - The X server was setting the /dev/dri directory permissions incorrectly, which resulted in the directory being world writable. (CAN-2001-1409) Driver updates and additions: - Savage driver updated to Tim Roberts' latest version 1.1.27t - New "cyrix" driver which works better on MediaGX hardware. - New input drivers for Fujitsu Stylistic (fpit), Palmax PD1000/PD1100 Input driver (palmax), Union Reality UR-98 head tracker (ur98) - Backported apm driver, DPMS support enhancements, and a few accel fixes - Backported chips driver, with hardware mouse cursor and 2D acceleration fixes - Backported cirrus, i740, siliconmotion, and ark drivers Various bug fixes and enhancements: - Stability improvements to RENDER extension and libraries - Various fixes to the Xaw library - Fix a long standing problem in the X server where the mouse, keyboard, or video would hang, or the server to go into an endless loop whenever the system time was changed backwards - Fix a crash in the Radeon and Rage 128 drivers using VMware with DGA when DRI is enabled - Work around some multihead and RENDER exention problems in the Matrox "mga" driver - fc-cache is now run upon font package installation in all font directories containing fonts managed by fontconfig/Xft - mkfontdir now forces the permissions of the files it generates to be mode 0644 to ensure they are world readable independant of umask - A new option "ForceLegacyCRT" to the radeon driver allows use of legacy VGA monitors which can not be detected automatically. This option is only safe to use in single-head setups and may cause serious problems if used with dual-head. - xterm session management is now enabled by default, whereas the stock XFree86 default in 4.2.0/4.2.1 was accidentally disabled upstream - Removed and obsoleted the XFree86-xtrap-clients package, now merged into the main XFree86 package - Added support for previously unsupported ATI Rage 128 video hardware - Fixed Polish euro support - Added neomagic Xvideo support which may work for some users - Added fix for deadkey-quotedbl in ISO8859-15 - Disabled debug messages in Cirrus Logic driver - Fixed a bug in the VESA driver, where the X server would crash with an FPE when the DisplaySize option was used - Fix to ATI Mach64 support which was out of PCI specs causing problems on some Dell and IBM servers - Fix a problem which caused certain combinations of Radeon and Rage 128 hardware and particular motherboards to hang, due to bus mastering getting disabled when VT switching. There are various other fixes included which users can review by examining the RPM package changelog of any of the new XFree86 packages. Users are advised to upgrade to these updated XFree86 4.2.1 packages, which are not vulnerable to the previously mentioned security issues.


  • redhat-upgrade-xfree86
  • redhat-upgrade-xfree86-100dpi-fonts
  • redhat-upgrade-xfree86-75dpi-fonts
  • redhat-upgrade-xfree86-base-fonts
  • redhat-upgrade-xfree86-cyrillic-fonts
  • redhat-upgrade-xfree86-devel
  • redhat-upgrade-xfree86-doc
  • redhat-upgrade-xfree86-font-utils
  • redhat-upgrade-xfree86-iso8859-15-100dpi-fonts
  • redhat-upgrade-xfree86-iso8859-15-75dpi-fonts
  • redhat-upgrade-xfree86-iso8859-2-100dpi-fonts
  • redhat-upgrade-xfree86-iso8859-2-75dpi-fonts
  • redhat-upgrade-xfree86-iso8859-9-100dpi-fonts
  • redhat-upgrade-xfree86-iso8859-9-75dpi-fonts
  • redhat-upgrade-xfree86-libs
  • redhat-upgrade-xfree86-tools
  • redhat-upgrade-xfree86-truetype-fonts
  • redhat-upgrade-xfree86-twm
  • redhat-upgrade-xfree86-xdm
  • redhat-upgrade-xfree86-xf86cfg
  • redhat-upgrade-xfree86-xfs
  • redhat-upgrade-xfree86-xnest
  • redhat-upgrade-xfree86-xvfb

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center