-----BEGIN PGP SIGNED MESSAGE-----

 =============================================================================
 XFree86-SA-1998:03                                          Security Advisory
                                                     The XFree86 Project, Inc.

 Topic:         Server vulnerabilities
 Announced:     25 Jul 1998
 Affects:       All XFree86 versions up to and including 3.3.2
 Corrected:     XFree86 3.3.2 patch 3
 XFree86 only:  no

 Patches:       ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch3

 =============================================================================

I.   Background

     The X server is a program included as a part of the core
     X Window System and is also included in every XFree86 release.
     Each XFree86 release includes numerous X servers that support
     graphics adapters which are currently available.

     The XFree86 Project has developed a patch to XFree86 version 3.3.2
     which fixes problems found by our team members.  The patch also
     includes an XPT public patch which was recently provided by The
     Open Group for problems found in the X server code.


II.  Problem Description

     The X server is typically required to be executed as the root user
     so that it may gain access to protected hardware resources.
     Problems exist in the X server that allow user supplied data to
     cause buffer overflows that may be exploited.


III. Impact

     Exploiting these buffer overflows with a root priviledged X
     server can allow an unprivileged user to gain root access to the
     system.  These vulnerabilities can only be exploited by individuals
     with access to the local system.


IV.  Workaround

     There is no current workaround.


V.   Solution

     The XFree86 Project team has released fixes for these problems.
     A source patch is available now at
     ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch3.

     Updated binaries for most OSs are also available.  The updated
     binaries can be found in the X3323upd.tgz files and server directories
     in the appropriate subdirectories of the XFree86 3.3.2 binaries directory
     (ftp://ftp.xfree86.org/pub/XFree86/3.3.2/binaries/).  Information
     about installing the updated binaries can be found in an updated
     version of the XFree86 3.3.2 Release Notes.  A text copy of this
     can be found at ftp://ftp.xfree86.org/pub/XFree86/3.3.2/RELNOTES.
     An on-line copy can be viewed at
     http://www.xfree86.org/3.3.2/RELNOTES.html.

     The X3323upd.tgz file is a complete replacement for the previously
     released patch2 binary update file X3322upd.tgz.  It is not necessary
     to install X3322upd.tgz file prior to installing X3323upd.tgz.

     The server files are a complete replacement for the previously
     released 3.3.2 server files.  It is not necessary to install
     the original server files prior to installing the new, patched version.

     The 3.3.2-patch3 source patch file must be applied to the XFree86
     3.3.2 base release after applying the previously released source
     patch files 3.3.2-patch1 and 3.3.2-patch2.


VI.  Checksums

     The following is a list of MD5 digital signatures for the source patch,
     release notes file and updated binaries.

     Filename                        MD5 Digital Signature
     ----------------------------------------------------------------------
     3.3.2-patch3                    413331b5bce0490a335855a7d3f42995
     RELNOTES                        e2a196f64c328e7e04ffcfdc839603a1

     Checksums for current binary distributions are contained in the
     following files:

     FreeBSD-2.2.x/SUMS.md5
     FreeBSD-3.0/SUMS.md5
     Interactive/SUMS.md5
     Linux-axp/SUMS.md5
     Linux-ix86-glibc/SUMS.md5
     Linux-ix86/SUMS.md5
     LynxOS/SUMS.md5
     NetBSD-1.2/SUMS.md5
     NetBSD-1.3/SUMS.md5
     OpenBSD/SUMS.md5
     SVR4.0/SUMS.md5
     Solaris/SUMS.md5
     UnixWare/SUMS.md5

     These checksums only apply for files obtained from ftp.xfree86.org
     and its mirrors.


VII. Credits

  Robin Cutshaw                    performed security review of all
                                   X server source files and provided
                                   fixes.
  Pavel Kankovsky                  pointed out various buffer overflows.


 =============================================================================
 The XFree86 Project, Inc

 Web Site:                 http://www.xfree86.org/
 PGP Key:                  ftp://ftp.xfree86.org/pub/XFree86/Security/key.asc
 Advisories:               ftp://ftp.xfree86.org/pub/XFree86/Security/
 Security notifications:   security@xfree86.org
 General support contact:  xfree86@xfree86.org
 =============================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNesewknJJ0YV1q5pAQFPBQP/ZOqVLq661PpUJtmyVLqQKgXahZY5wT4X
Mh4ChMeKlahQya63xXm7nVNjQBPsEsBYV295xjrw7ElfrSxY1x7ae9aZ9b7HnrfE
MxKtgVkcH4IbsJIldCIfCraTqR6fSGiFJ4vRSg6+eH3IpGmusR5ZillqyAbk2UBB
/0zdRmyjz/c=
=/RmY
-----END PGP SIGNATURE-----