[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]------- Start of forwarded message ------- Return-Path: <redhat-announce-list-request en redhat com> Resent-Cc: recipient list not shown: ; MBOX-Line: From redhat-announce-list-request en redhat com Wed Feb 4 10:20:47 1998 X-Authentication-Warning: mercury.redhat.com: ewt owned process doing -bs Date: Wed, 4 Feb 1998 10:18:04 -0500 (EST) From: Erik Troan <ewt en redhat com> Reply-To: redhat-list en redhat com To: redhat-announce-list en redhat com Subject: SECURITY: X server security holes Approved: ewt en redhat com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Resent-From: redhat-announce-list en redhat com X-Mailing-List: <redhat-announce-list en redhat com> archive/latest/746 X-Loop: redhat-announce-list en redhat com Precedence: list Resent-Sender: redhat-announce-list-request en redhat com X-URL: http://www.redhat.com - -----BEGIN PGP SIGNED MESSAGE----- Various problems have been found in the X server which makes it a serious threat to system security. All versions of the X server, including Metro X and Accelerated X, are thought to be affected (only XFree86 and the MIT X reference implementation are *known* to be, however). This problem affects all Red Hat Linux platforms and versions. Currently, no new X servers are available. Instead, Red Hat recommends removing the special permissions from the X server binary (the setuid bit), and using a wrapper program which is now on ftp.redhat.com. To do this, follow the following steps. The order is quite important, so please follow these instructions carefully. 1) Remove the setuid bit from all X servers installed on your system with the following command: chmod u-s /usr/X11R6/bin/X* 2) Install the updated Xconfigurator package (details below) 3) Install the new xserver-wrapper package (details below) 4) If you are running Accelerated X, run the following command: ln -sf /usr/X11R6/bin/Xaccel /etc/X11/X if you are not running Accelerated X, do not do this step! After these steps have been completed, X should functions as usual. This information will appear on the Errata for Red Hat Linux 4.2 and Red Hat Linux 5.0 shortly. Thanks to everyone on BUGTRAQ who brought these problems to our attention. Red Hat 5.0 - - ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/Xconfigurator-3.26-1.i386.rpm rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/xserver-wrapper-1.1-1.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/Xconfigurator-3.26-1.alpha.rpm rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/xserver-wrapper-1.1-1.alpha.rpm Red Hat 4.2 - - ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/Xconfigurator-2.6.1-1.i386.rpm rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/xserver-wrapper-1.1-0.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/Xconfigurator-2.6.1-1.alpha.rpm rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/xserver-wrapper-1.1-0.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/xserver-wrapper-1.1-0.sparc.rpm - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNNiGsqUg6PHLopv5AQHsHgP/aPPd9omBYNM+ie1zOH+pxLRzouz/I6cq gdfzsb+0Wo/b6+0mIyAuKct5S1MQP695yx62EEMu6j/y54+jj2dTkGpNpdohbt3+ jRGwxyQ6lHv2na/IFFKYPSYJdVT5bRbKz+/Tpi4AxYYYW1pIe57P9xxGB7aRV3f1 veW8HK4mvbU= =s3yj - -----END PGP SIGNATURE----- - -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request en redhat com < /dev/null ------- End of forwarded message -------