r2804 - in trunk/BOOK: introduction/welcome x/installing

igor at linuxfromscratch.org igor at linuxfromscratch.org
Wed Oct 13 20:01:17 PDT 2004


Author: igor
Date: 2004-10-13 21:01:15 -0600 (Wed, 13 Oct 2004)
New Revision: 2804

Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/x/installing/xfree86.xml
Log:
Added a patch for XFree86 which fixes libXpm security vulnerability,
reported by Alexander E. Patrakov.


Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2004-10-13 21:08:06 UTC (rev 2803)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2004-10-14 03:01:15 UTC (rev 2804)
@@ -22,6 +22,10 @@
 
 <itemizedlist>
 
+<listitem><para>October 13th, 2004 [igor]: Added a patch for XFree86
+which fixes libXpm security vulnerability, reported by Alexander E.
+Patrakov.</para></listitem>
+
 <listitem><para>October 13th, 2004 [igor]: Updated to
 libdv-0.103.</para></listitem>
 

Modified: trunk/BOOK/x/installing/xfree86.xml
===================================================================
--- trunk/BOOK/x/installing/xfree86.xml	2004-10-13 21:08:06 UTC (rev 2803)
+++ trunk/BOOK/x/installing/xfree86.xml	2004-10-14 03:01:15 UTC (rev 2804)
@@ -34,10 +34,17 @@
 <listitem><para>Download (HTTP): <ulink url="&xfree86-download-http;"/></para></listitem>
 <listitem><para>Download (FTP): <ulink url="&xfree86-download-ftp;"/></para></listitem>
 <listitem><para>Download size: &xfree86-size;</para></listitem>
-<listitem><para>Estimated Disk space required: &xfree86-buildsize;</para></listitem>
+<listitem><para>Estimated disk space required: &xfree86-buildsize;</para></listitem>
 <listitem><para>Estimated build time: &xfree86-time;</para></listitem></itemizedlist>
 </sect3>
 
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Security patch: <ulink
+url="http://www.x.org/pub/X11R6.8.0/patches/xorg-CAN-2004-0687-0688.patch"/>
+</para></listitem>
+</itemizedlist></sect3>
+
 <sect3><title><application>XFree86</application> dependencies</title>
 
 <sect4><title>Required</title>
@@ -301,6 +308,16 @@
 
 <sect3>
 <title>Build Commands</title>
+
+<para>Some vulnerabilities were reported in <filename
+class="libraryfile">libXpm</filename>. A remote user may be able to
+execute arbitrary code on applications that use <filename
+class="libraryfile">libXpm</filename>. <application>Xorg</application>
+team released a patch for their version 6.8.0 but it works for
+<application>XFree86</application> as well. Apply the patch:</para>
+
+<screen><userinput><command>patch -Np1 -i ../xorg-CAN-2004-0687-0688.patch</command></userinput></screen>
+
 <para>Install <application>XFree86</application> by running the following 
 commands:</para>
 




More information about the blfs-book mailing list