lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1H4Opt-0001E7-DV@artemis.annvix.ca>
Date: Tue, 09 Jan 2007 14:48:49 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007-005 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007-005
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : January 9, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Sean Larsson of iDefense Labs discovered several vulnerabilities in
 X.Org/XFree86:

 Local exploitation of a memory corruption vulnerability in the
 'ProcRenderAddGlyphs()' function in the X.Org and XFree86 X server
 could allow an attacker to execute arbitrary code with privileges of
 the X server, typically root. (CVE-2006-6101)

 Local exploitation of a memory corruption vulnerability in the
 'ProcDbeGetVisualInfo()' function in the X.Org and XFree86 X server
 could allow an attacker to execute arbitrary code with privileges of
 the X server, typically root. (CVE-2006-6102)

 Local exploitation of a memory corruption vulnerability in the
 'ProcDbeSwapBuffers()' function in the X.Org and XFree86 X server could
 allow an attacker to execute arbitrary code with privileges of the X
 server, typically root. (CVE-2006-6103)

 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e9cfeae65ae50e767d8ccb17dddd71eb  2007.0/i586/x11-server-1.1.1-11.2mdv2007.0.i586.rpm
 863a88c753a9d2d221fbac1b3310a65c  2007.0/i586/x11-server-common-1.1.1-11.2mdv2007.0.i586.rpm
 52a30990b2bb31c6409c2d8d54bf86d3  2007.0/i586/x11-server-devel-1.1.1-11.2mdv2007.0.i586.rpm
 3e1b9a8ddadf5096fff9dac82c578b1c  2007.0/i586/x11-server-xati-1.1.1-11.2mdv2007.0.i586.rpm
 e99acd2df14c8328bc995433fad93324  2007.0/i586/x11-server-xchips-1.1.1-11.2mdv2007.0.i586.rpm
 243ff8044e9c0e0770d736b2e2ffbdcd  2007.0/i586/x11-server-xdmx-1.1.1-11.2mdv2007.0.i586.rpm
 2046ca8e10b87e2c357484c62d7ec745  2007.0/i586/x11-server-xephyr-1.1.1-11.2mdv2007.0.i586.rpm
 3eaeb966c8a4484704efa87b470e9459  2007.0/i586/x11-server-xepson-1.1.1-11.2mdv2007.0.i586.rpm
 9bf052af77fe144ee1b7b317f5c3bf94  2007.0/i586/x11-server-xfake-1.1.1-11.2mdv2007.0.i586.rpm
 50012156051dd4080a42a2d3620d9623  2007.0/i586/x11-server-xfbdev-1.1.1-11.2mdv2007.0.i586.rpm
 27e32328d5f2b4d6ad3ba8e72ade0b4b  2007.0/i586/x11-server-xi810-1.1.1-11.2mdv2007.0.i586.rpm
 1739591ec6d79eeaa99216e1d1f5f50e  2007.0/i586/x11-server-xmach64-1.1.1-11.2mdv2007.0.i586.rpm
 8f4c2520f8d5d046a23deff082ab301c  2007.0/i586/x11-server-xmga-1.1.1-11.2mdv2007.0.i586.rpm
 64209b3e7013c2acee4c6dfe13688d03  2007.0/i586/x11-server-xneomagic-1.1.1-11.2mdv2007.0.i586.rpm
 5a69978a79ba5893fcfabf779c877163  2007.0/i586/x11-server-xnest-1.1.1-11.2mdv2007.0.i586.rpm
 857b758e0b246cc42824166e5f37c1e2  2007.0/i586/x11-server-xnvidia-1.1.1-11.2mdv2007.0.i586.rpm
 b2ad469ef5e89b71b8ecef82d2272ebe  2007.0/i586/x11-server-xorg-1.1.1-11.2mdv2007.0.i586.rpm
 2aeba4167d8668a01910b91553f9ae71  2007.0/i586/x11-server-xpm2-1.1.1-11.2mdv2007.0.i586.rpm
 169b0ac813d81830f52e7b8e9b1cc639  2007.0/i586/x11-server-xprt-1.1.1-11.2mdv2007.0.i586.rpm
 feeb76d3b0f116ee7dfe3ac0391ad050  2007.0/i586/x11-server-xr128-1.1.1-11.2mdv2007.0.i586.rpm
 50167c3c324a2dd52a9eb4213f437d43  2007.0/i586/x11-server-xsdl-1.1.1-11.2mdv2007.0.i586.rpm
 1623181b5bd6a0abf68929b9bd12b70f  2007.0/i586/x11-server-xsmi-1.1.1-11.2mdv2007.0.i586.rpm
 6a8b39a6f4c0f10d2ec6e5cb217f56a2  2007.0/i586/x11-server-xvesa-1.1.1-11.2mdv2007.0.i586.rpm
 37d90882ac4864086a54f619cd037b9e  2007.0/i586/x11-server-xvfb-1.1.1-11.2mdv2007.0.i586.rpm
 7622c3a9b1ab0a62d6046324081f1e46  2007.0/i586/x11-server-xvia-1.1.1-11.2mdv2007.0.i586.rpm 
 991736d620094e091cd09658881fd7f8  2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 624a8b074db6605206d0a7b16cb01892  2007.0/x86_64/x11-server-1.1.1-11.2mdv2007.0.x86_64.rpm
 52f61bd6297e082b93d42492dc7c9920  2007.0/x86_64/x11-server-common-1.1.1-11.2mdv2007.0.x86_64.rpm
 843eeac61cba5d88654c24e1464e94c6  2007.0/x86_64/x11-server-devel-1.1.1-11.2mdv2007.0.x86_64.rpm
 b3aeed35380974bd01c4078ee0b2b687  2007.0/x86_64/x11-server-xdmx-1.1.1-11.2mdv2007.0.x86_64.rpm
 4de253b9405097c7bad41b7842a2827a  2007.0/x86_64/x11-server-xephyr-1.1.1-11.2mdv2007.0.x86_64.rpm
 ddeeaf830dce542cfbef3f8e236e9216  2007.0/x86_64/x11-server-xfake-1.1.1-11.2mdv2007.0.x86_64.rpm
 88e5e3f7c453ab113705a3b3b528862f  2007.0/x86_64/x11-server-xfbdev-1.1.1-11.2mdv2007.0.x86_64.rpm
 f0aea95d2330be1619434a6ca97ac6a0  2007.0/x86_64/x11-server-xnest-1.1.1-11.2mdv2007.0.x86_64.rpm
 6f1da00becac710b69cbfe7d8df013b5  2007.0/x86_64/x11-server-xorg-1.1.1-11.2mdv2007.0.x86_64.rpm
 bddf7d82635be497b546afe2c4d352c2  2007.0/x86_64/x11-server-xprt-1.1.1-11.2mdv2007.0.x86_64.rpm
 d43d53671b7b05071dc7f5fc56ffad33  2007.0/x86_64/x11-server-xsdl-1.1.1-11.2mdv2007.0.x86_64.rpm
 fd29c26ca80cdf0908ef06931e7ff54f  2007.0/x86_64/x11-server-xvfb-1.1.1-11.2mdv2007.0.x86_64.rpm 
 991736d620094e091cd09658881fd7f8  2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm

 Corporate 3.0:
 9148c6038e8c967aba90a92a1a8958c1  corporate/3.0/i586/X11R6-contrib-4.3-32.10.C30mdk.i586.rpm
 89211ef83bfad6813228f0f27b9ef817  corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.10.C30mdk.i586.rpm
 5faeb0a6e17115455c47f6fb166ba7eb  corporate/3.0/i586/XFree86-4.3-32.10.C30mdk.i586.rpm
 ce5906b0b96e0bcd9d4ed63bfd9d7016  corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.10.C30mdk.i586.rpm
 0cadc3a5cd34d63dc5c1afbd5897fa20  corporate/3.0/i586/XFree86-Xnest-4.3-32.10.C30mdk.i586.rpm
 3b003d55b3e46df3d3a14f173e42bbb1  corporate/3.0/i586/XFree86-Xvfb-4.3-32.10.C30mdk.i586.rpm
 bfd0693e954aae7aee49d0e4399ba4e0  corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.i586.rpm
 1a4c609b26c26c99848340cc40b407bc  corporate/3.0/i586/XFree86-doc-4.3-32.10.C30mdk.i586.rpm
 3fd3517036524b311646a882164a7d30  corporate/3.0/i586/XFree86-glide-module-4.3-32.10.C30mdk.i586.rpm
 44f0e5d20c7ee87552d2e746f6dfa534  corporate/3.0/i586/XFree86-server-4.3-32.10.C30mdk.i586.rpm
 937aec7feb3b3d4da364e320c1f758fc  corporate/3.0/i586/XFree86-xfs-4.3-32.10.C30mdk.i586.rpm
 75c05caec92af135695ae8f15a2488fb  corporate/3.0/i586/libxfree86-4.3-32.10.C30mdk.i586.rpm
 6fc75fe45b1245d54cc4fb06bfe762bb  corporate/3.0/i586/libxfree86-devel-4.3-32.10.C30mdk.i586.rpm
 d1c3a5fc42a38516b5834a8e35b6f49e  corporate/3.0/i586/libxfree86-static-devel-4.3-32.10.C30mdk.i586.rpm 
 1b8bceb7a2642f2e3a971d531b193007  corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 7ee0237dc34c37d4c73388d57a2d3c52  corporate/3.0/x86_64/X11R6-contrib-4.3-32.10.C30mdk.x86_64.rpm
 e3f5145bc9a2ccbc0b9d9b30e54969c3  corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
 5e9c303e5690eb4a9109e7935eb50a85  corporate/3.0/x86_64/XFree86-4.3-32.10.C30mdk.x86_64.rpm
 b0808240fe585b84dc2aed1324d1fd27  corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
 2e2c1b00c7a4287d87a33723c23ef11a  corporate/3.0/x86_64/XFree86-Xnest-4.3-32.10.C30mdk.x86_64.rpm
 6c326e1c535ca70df484ae34b80fcf0d  corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.10.C30mdk.x86_64.rpm
 34def7b4bd2ed971f9a69e7fe26a7372  corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.x86_64.rpm
 1b9e3720b03e0ffca7944bfcd9536e3b  corporate/3.0/x86_64/XFree86-doc-4.3-32.10.C30mdk.x86_64.rpm
 a3df7a48a2f25edc0efa27234dfb2128  corporate/3.0/x86_64/XFree86-server-4.3-32.10.C30mdk.x86_64.rpm
 5f8fcba19fc2fe479ed557dc4125ef6c  corporate/3.0/x86_64/XFree86-xfs-4.3-32.10.C30mdk.x86_64.rpm
 2d01f64e908ce7dd1411001e23018c24  corporate/3.0/x86_64/lib64xfree86-4.3-32.10.C30mdk.x86_64.rpm
 9ec4b9cc7c4117305de1e0cbb17ea8b3  corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.10.C30mdk.x86_64.rpm
 b77985da421c22202680742b4ccc5447  corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.10.C30mdk.x86_64.rpm 
 1b8bceb7a2642f2e3a971d531b193007  corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm

 Corporate 4.0:
 8e089a4ef68aff1789ed2c4cef972d24  corporate/4.0/i586/X11R6-contrib-6.9.0-5.12.20060mlcs4.i586.rpm
 0dac18db189becad7a67346cede0183e  corporate/4.0/i586/libxorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
 0dc25305748b721645175c5caf75689c  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.12.20060mlcs4.i586.rpm
 c5490bd924f095a0e22a50e96aad80a0  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.12.20060mlcs4.i586.rpm
 12da75d63b793a02a7b77f938f297a82  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
 d6ecee6c2985b18775451d513bd1a493  corporate/4.0/i586/xorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
 da73771814b81998f776a169734f0a20  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
 35249bddab011696dba37b0565eff898  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.i586.rpm
 55a0dff2f82b465538027f7e0e91a964  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.i586.rpm
 144603da06de8d39336e007557b9f0b2  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.i586.rpm
 cd27e5f31b7250b1a4c4ce925029abf8  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.i586.rpm
 b0ead40c84ce739ca1d24e50b5868b27  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
 4683f1fb09d96f0c0b450cccd4e9f5c6  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.12.20060mlcs4.i586.rpm
 0090f847fef749717d1bc91b98ddc422  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.i586.rpm
 220f2da365172f202119f574dfab4d63  corporate/4.0/i586/xorg-x11-server-6.9.0-5.12.20060mlcs4.i586.rpm
 d12721c806bcd7a9c56c83e7784727ba  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.i586.rpm
 b6a8bbd3f577c9896c3bae077300815c  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.i586.rpm 
 f2d6cf5768697c0fbdedd0bbd135e5b9  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f18da535850b7efdb893643149b6995a  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.12.20060mlcs4.x86_64.rpm
 66cb4d3742369b513f267dd161680ae6  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
 1e817400f6a8518f50c85d01ca6948a6  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
 e6865185911db47e1e1fcd070518bc66  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
 72ede3d265866735cd2fea75a0231f3e  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
 8b74da5fe3e5c3d818e260b2cb0f15b1  corporate/4.0/x86_64/xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
 bd44c5154c7f13b55e7ede7b8ee3ed3e  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
 b42ead884af565eab5ae9c2ef8fb2ef8  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.x86_64.rpm
 df09a744989a85f1fb89def14439593d  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.x86_64.rpm
 ef662618647d0b780866fec114bd7f4a  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.x86_64.rpm
 816ea88bd0adff1ba57ee83efe7c53bd  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.x86_64.rpm
 806c2a631d90b61df24881da03d5ad91  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
 edbad883642363e64c55d520d162f2b9  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.12.20060mlcs4.x86_64.rpm
 7f328aefd48e2c60c7c2e87ad7639dcc  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.x86_64.rpm
 57beb2c5e9a40c0c5634668df97387a1  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.12.20060mlcs4.x86_64.rpm
 69f4c61e918f7672c09bc9c286bdc5f8  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.x86_64.rpm
 3e6c1d7675edbcda662359608b7bed6a  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.x86_64.rpm 
 f2d6cf5768697c0fbdedd0bbd135e5b9  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFo+KZmqjQ0CJFipgRAuJ6AJ0QFWMIiYKUKpQfqe6QthWMADxSkgCg7yO/
/JXeS2QTgqHkyLh4zU+u3uo=
=iDxt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ