Wednesday, July 2, 2008

Security Update: XOrg Server

Three security updates plus one update to fonts has been released on -Current version of Slackware. The security updates are related to XOrg packages. Soon, Slackware might migrate to XOrg 1.5 which has been released, but that would be in the next cycle of the -Current tree (it hasn't officially started yet).

Here's the latest -Current changelog:
Tue Jul 1 13:29:45 CDT 2008
x/wqy-zenhei-font-ttf-0.6.26_0-noarch-1.tgz:
Upgraded to wqy-zenhei-font-ttf-0.6.26-0.
Thanks to the WenQuanYi font authors for producing such a high-quality font.

x/xorg-server-1.4.2-i486-1.tgz:
Upgraded xorg-server to address denial of service and possible arbitrary code execution flaws reported in xorg-server 1.4 prior to 1.4.2.
For more information about the issues patched, please refer to:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
(* Security fix *)

x/xorg-server-xnest-1.4.2-i486-1.tgz: Security fixes (see CVE entries above).
(* Security fix *)

x/xorg-server-xvfb-1.4.2-i486-1.tgz: Security fixes (see CVE entries above).
(* Security fix *)