[slackware-security] x11

New x11 packages are available for Slackware 10.2 and -current to
fix security issues. In addition, fontconfig and freetype have been
split out from the x11 packages in -current, so if you run -current
you’ll also need to install those new packages.

More details about the issues may be found here:

http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
https://vulners.com/cve/CVE-2006-1861

Here are the details from the Slackware 10.2 ChangeLog:

patches/packages/x11-6.8.2-i486-6_slack10.2.tgz:
Patched some more possible linux 2.6.x setuid() related bugs:
http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2.
(* Security fix )
patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz: Patched as above.
( Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz: Rebuilt.
patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz: Rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz: Rebuilt.

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/fontconfig-2.2.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/freetype-2.1.9-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-devel-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xdmx-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xnest-6.9.0-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-xvfb-6.9.0-i486-5.tgz

MD5 signatures:

Slackware 10.2 packages:
0cf87318d76c36906dcd5fb5bc718444 x11-6.8.2-i486-6_slack10.2.tgz
bea4188bde1da241595e91bae2c76c11 x11-devel-6.8.2-i486-6_slack10.2.tgz
3286ca1e2dd171577927a31c1a327601 x11-xdmx-6.8.2-i486-6_slack10.2.tgz
27eca3d63e056ac4553c0196161405f4 x11-xnest-6.8.2-i486-6_slack10.2.tgz
e208de9bbe2a830b6f161e0ae3301d3b x11-xvfb-6.8.2-i486-6_slack10.2.tgz

Slackware -current packages:
3cfe905c595a7ff72810834cba17fb40 fontconfig-2.2.3-i486-1.tgz
d796910b7b481086b9569488a07ca257 freetype-2.1.9-i486-1.tgz
abec810fe0662c05b527e815a164b29d x11-6.9.0-i486-5.tgz
dd3d53f59bdd24a2df459cd086659887 x11-devel-6.9.0-i486-5.tgz
d6d7c360b0b6e3d344bbab361db7a71c x11-xdmx-6.9.0-i486-5.tgz
0de6e761a401623fd571c97601d08645 x11-xnest-6.9.0-i486-5.tgz
73a12a31308ed5af5eddd22a67904736 x11-xvfb-6.9.0-i486-5.tgz

Installation instructions:

Upgrade the packages as root:
> upgradepkg x11-6.8.2-i486-6_slack10.2.tgz
x11-devel-6.8.2-i486-6_slack10.2.tgz
x11-xdmx-6.8.2-i486-6_slack10.2.tgz
x11-xnest-6.8.2-i486-6_slack10.2.tgz
x11-xvfb-6.8.2-i486-6_slack10.2.tgz