lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JI2PT-00088t-SU@artemis.annvix.ca>
Date: Thu, 24 Jan 2008 06:46:27 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple
 vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:023
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : x11-server
 Date    : January 23, 2008
 Affected: 2007.0, 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 An input validation flaw was found in the X.org server's XFree86-Misc
 extension that could allow a malicious authorized client to cause
 a denial of service (crash), or potentially execute arbitrary code
 with root privileges on the X.org server (CVE-2007-5760).
 
 A flaw was found in the X.org server's XC-SECURITY extension that
 could allow a local user to verify the existence of an arbitrary file,
 even in directories that are not normally accessible to that user
 (CVE-2007-5958).
 
 A memory corruption flaw was found in the X.org server's XInput
 extension that could allow a malicious authorized client to cause a
 denial of service (crash) or potentially execute arbitrary code with
 root privileges on the X.org server (CVE-2007-6427).
 
 An information disclosure flaw was found in the X.org server's TOG-CUP
 extension that could allow a malicious authorized client to cause
 a denial of service (crash) or potentially view arbitrary memory
 content within the X.org server's address space (CVE-2007-6428).
 
 Two integer overflow flaws were found in the X.org server's EVI and
 MIT-SHM modules that could allow a malicious authorized client to
 cause a denial of service (crash) or potentially execute arbitrary
 code with the privileges of the X.org server (CVE-2007-6429).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 536b2b843db365fa759ebcce5aadf8fa  2007.0/i586/x11-server-1.1.1-12.3mdv2007.0.i586.rpm
 4e5e7b280242217f8168f9b47ff8781a  2007.0/i586/x11-server-common-1.1.1-12.3mdv2007.0.i586.rpm
 cb1487dd1eceb45aa03b9a0aa77a293c  2007.0/i586/x11-server-devel-1.1.1-12.3mdv2007.0.i586.rpm
 2c319a8ae154d1645656dd4a7f1fe239  2007.0/i586/x11-server-xati-1.1.1-12.3mdv2007.0.i586.rpm
 079f895ff1d5e2f48aaa556bd7a59519  2007.0/i586/x11-server-xchips-1.1.1-12.3mdv2007.0.i586.rpm
 54e005629b2f4b56f2b01dc5a6769b45  2007.0/i586/x11-server-xdmx-1.1.1-12.3mdv2007.0.i586.rpm
 582b3f8eaabc14a13c652c9541db5a3a  2007.0/i586/x11-server-xephyr-1.1.1-12.3mdv2007.0.i586.rpm
 382083d039b8fb981fdef2d3f2952e5d  2007.0/i586/x11-server-xepson-1.1.1-12.3mdv2007.0.i586.rpm
 2cd603401aa8507c79a45a377a5dc5a5  2007.0/i586/x11-server-xfake-1.1.1-12.3mdv2007.0.i586.rpm
 4dd7e8fb8b15ac5ae913a770e3dc0edd  2007.0/i586/x11-server-xfbdev-1.1.1-12.3mdv2007.0.i586.rpm
 f233d76be20f906e0447a13142e92bda  2007.0/i586/x11-server-xi810-1.1.1-12.3mdv2007.0.i586.rpm
 6d54b4cdb68a27648ea045ecaa7e2e93  2007.0/i586/x11-server-xmach64-1.1.1-12.3mdv2007.0.i586.rpm
 a205af74dace2a90e0bf7ab595cae4a5  2007.0/i586/x11-server-xmga-1.1.1-12.3mdv2007.0.i586.rpm
 99ed4f80e419c9eced26083d27b04dcb  2007.0/i586/x11-server-xneomagic-1.1.1-12.3mdv2007.0.i586.rpm
 8cc833f4c1ea7853f4269182ee8c8662  2007.0/i586/x11-server-xnest-1.1.1-12.3mdv2007.0.i586.rpm
 0cec70b4e20ffc9ef6da1b277b00a4dc  2007.0/i586/x11-server-xnvidia-1.1.1-12.3mdv2007.0.i586.rpm
 a0a7a471c0223fe3a961f602b36b5c3c  2007.0/i586/x11-server-xorg-1.1.1-12.3mdv2007.0.i586.rpm
 5d1784f3afcb6f056da1524191d79e7d  2007.0/i586/x11-server-xpm2-1.1.1-12.3mdv2007.0.i586.rpm
 ef2a81299e26c3da215f6d1150da75ef  2007.0/i586/x11-server-xprt-1.1.1-12.3mdv2007.0.i586.rpm
 8ffbdfbd4fd6d98d88956fbbd1b4547d  2007.0/i586/x11-server-xr128-1.1.1-12.3mdv2007.0.i586.rpm
 b847cccad2ee87d6a81e73a450d4be1e  2007.0/i586/x11-server-xsdl-1.1.1-12.3mdv2007.0.i586.rpm
 820cb3af32609084de5af13dae86658a  2007.0/i586/x11-server-xsmi-1.1.1-12.3mdv2007.0.i586.rpm
 7386f22db489688076d2a683a2275b16  2007.0/i586/x11-server-xvesa-1.1.1-12.3mdv2007.0.i586.rpm
 1be8682ca9f2b5ea024e851015779a6f  2007.0/i586/x11-server-xvfb-1.1.1-12.3mdv2007.0.i586.rpm
 4078f13ac77324a07439f964d86c5878  2007.0/i586/x11-server-xvia-1.1.1-12.3mdv2007.0.i586.rpm 
 0cb8cf686f9af1d660e2bdb52e291c59  2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 bf838b3ef7c3e8e8684c51511a705de3  2007.0/x86_64/x11-server-1.1.1-12.3mdv2007.0.x86_64.rpm
 969a80b0fd6e55fec6548392bcebb9c6  2007.0/x86_64/x11-server-common-1.1.1-12.3mdv2007.0.x86_64.rpm
 c629fdc6b3437d105296245b5f2b714d  2007.0/x86_64/x11-server-devel-1.1.1-12.3mdv2007.0.x86_64.rpm
 4656a0128755192b4dd385a61d47c79f  2007.0/x86_64/x11-server-xdmx-1.1.1-12.3mdv2007.0.x86_64.rpm
 95074952395ca22438f36095fd1b8b89  2007.0/x86_64/x11-server-xephyr-1.1.1-12.3mdv2007.0.x86_64.rpm
 beeff525e9266eb9868c8d8678c73c15  2007.0/x86_64/x11-server-xfake-1.1.1-12.3mdv2007.0.x86_64.rpm
 1de55a43f5ddbee1915da4f4168081e6  2007.0/x86_64/x11-server-xfbdev-1.1.1-12.3mdv2007.0.x86_64.rpm
 e641780613f609debbb6bf8a3ccffb70  2007.0/x86_64/x11-server-xnest-1.1.1-12.3mdv2007.0.x86_64.rpm
 b5e65fb9bd6e8269be240b81a341bd05  2007.0/x86_64/x11-server-xorg-1.1.1-12.3mdv2007.0.x86_64.rpm
 83a7254129bd392490b51ce15262a3cc  2007.0/x86_64/x11-server-xprt-1.1.1-12.3mdv2007.0.x86_64.rpm
 8195afdcaf12dafe279a3d2c59494e97  2007.0/x86_64/x11-server-xsdl-1.1.1-12.3mdv2007.0.x86_64.rpm
 4cfe6e309d62fc1b11b335f8b14b4eb0  2007.0/x86_64/x11-server-xvfb-1.1.1-12.3mdv2007.0.x86_64.rpm 
 0cb8cf686f9af1d660e2bdb52e291c59  2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 388798b1f4934014ca661b52fe310ade  2007.1/i586/x11-server-1.2.0-9.4mdv2007.1.i586.rpm
 742089c79152ca05d0add15baf0bd4ce  2007.1/i586/x11-server-common-1.2.0-9.4mdv2007.1.i586.rpm
 030b01b3659ea01bcbf5d58507fc09f9  2007.1/i586/x11-server-devel-1.2.0-9.4mdv2007.1.i586.rpm
 5ef1cabb18c59f2d281e7a79ac9c0619  2007.1/i586/x11-server-xati-1.2.0-9.4mdv2007.1.i586.rpm
 84d47834f8b17a2bca2661a5087a33e5  2007.1/i586/x11-server-xchips-1.2.0-9.4mdv2007.1.i586.rpm
 67bc7dfb36270216a4474a0561413d3a  2007.1/i586/x11-server-xdmx-1.2.0-9.4mdv2007.1.i586.rpm
 07106f417292958e4d4ceac1018420f8  2007.1/i586/x11-server-xephyr-1.2.0-9.4mdv2007.1.i586.rpm
 92d8e3079ba6623cc56313b7906b6753  2007.1/i586/x11-server-xepson-1.2.0-9.4mdv2007.1.i586.rpm
 7ee3cc8a79ee42173d28fd44646ccebc  2007.1/i586/x11-server-xfake-1.2.0-9.4mdv2007.1.i586.rpm
 fbca430287fbed560ff2c7cc6d5ae5ae  2007.1/i586/x11-server-xfbdev-1.2.0-9.4mdv2007.1.i586.rpm
 6ae5978e60c72991d391343911c01bc7  2007.1/i586/x11-server-xi810-1.2.0-9.4mdv2007.1.i586.rpm
 7f03196a6983963b615be5005de8be75  2007.1/i586/x11-server-xmach64-1.2.0-9.4mdv2007.1.i586.rpm
 afb7b10e37050dea9dd04c6c3363d99b  2007.1/i586/x11-server-xmga-1.2.0-9.4mdv2007.1.i586.rpm
 e1b2a16bc25be90bd60cd73dacdcb22c  2007.1/i586/x11-server-xneomagic-1.2.0-9.4mdv2007.1.i586.rpm
 6b69c4613210e5b3270e25641f767cd8  2007.1/i586/x11-server-xnest-1.2.0-9.4mdv2007.1.i586.rpm
 8066ea51c17540e71c72315f90d2137f  2007.1/i586/x11-server-xnvidia-1.2.0-9.4mdv2007.1.i586.rpm
 baff340cb05b89926a896a23bef16ea9  2007.1/i586/x11-server-xorg-1.2.0-9.4mdv2007.1.i586.rpm
 93190dea1b50ecf724aa6d1186ffcc50  2007.1/i586/x11-server-xpm2-1.2.0-9.4mdv2007.1.i586.rpm
 065a0f475d38c671e7aa516bb54ac599  2007.1/i586/x11-server-xprt-1.2.0-9.4mdv2007.1.i586.rpm
 0cd6d73d1d5498609ba97a43a729a182  2007.1/i586/x11-server-xr128-1.2.0-9.4mdv2007.1.i586.rpm
 8ab6e2956f7821ca617a047c4eca06a6  2007.1/i586/x11-server-xsdl-1.2.0-9.4mdv2007.1.i586.rpm
 d650a2c243f5f52fddbaa4f4a21eed20  2007.1/i586/x11-server-xsmi-1.2.0-9.4mdv2007.1.i586.rpm
 4b5d71cc7ee9af83a12966c2a7efe059  2007.1/i586/x11-server-xvesa-1.2.0-9.4mdv2007.1.i586.rpm
 04da7fbe30ad733c12ce5be8ac4b638c  2007.1/i586/x11-server-xvfb-1.2.0-9.4mdv2007.1.i586.rpm
 b8a2a7506d83190b765eb77229229a1c  2007.1/i586/x11-server-xvia-1.2.0-9.4mdv2007.1.i586.rpm
 589b0b1ee8e832f2bde7681d4536e052  2007.1/i586/x11-server-xvnc-1.2.0-9.4mdv2007.1.i586.rpm 
 fba07c79d3b5f9e96336b554b8a73bd6  2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 e2622e9cd8d24a96acbecad6b4a13027  2007.1/x86_64/x11-server-1.2.0-9.4mdv2007.1.x86_64.rpm
 a1a7e7b4a91434848891366481d6a089  2007.1/x86_64/x11-server-common-1.2.0-9.4mdv2007.1.x86_64.rpm
 8245f6ccda109b7587bd63a70a3b7cf7  2007.1/x86_64/x11-server-devel-1.2.0-9.4mdv2007.1.x86_64.rpm
 dced8648fa2d73282cb489ad0c213e18  2007.1/x86_64/x11-server-xdmx-1.2.0-9.4mdv2007.1.x86_64.rpm
 4e0f01b5a0e1205c3648107f4c2c1473  2007.1/x86_64/x11-server-xephyr-1.2.0-9.4mdv2007.1.x86_64.rpm
 1fa3759689b6322f8f42a05ff9aedecb  2007.1/x86_64/x11-server-xfake-1.2.0-9.4mdv2007.1.x86_64.rpm
 a0987e83bb3de61ab2d87313fd787140  2007.1/x86_64/x11-server-xfbdev-1.2.0-9.4mdv2007.1.x86_64.rpm
 f5a06c4510883ee09f925d58aa66aa42  2007.1/x86_64/x11-server-xnest-1.2.0-9.4mdv2007.1.x86_64.rpm
 9571b8153f055cc4afb95e8f71f5cf09  2007.1/x86_64/x11-server-xorg-1.2.0-9.4mdv2007.1.x86_64.rpm
 b9cdac0dcc89765463b6c5f4b2f4ba7c  2007.1/x86_64/x11-server-xprt-1.2.0-9.4mdv2007.1.x86_64.rpm
 ba2a89724c06dded464523c35b598070  2007.1/x86_64/x11-server-xsdl-1.2.0-9.4mdv2007.1.x86_64.rpm
 afb5340818bb8e78fa85fc992d1bebf3  2007.1/x86_64/x11-server-xvfb-1.2.0-9.4mdv2007.1.x86_64.rpm
 a1198af0d1b9aaa4133cb91e468de173  2007.1/x86_64/x11-server-xvnc-1.2.0-9.4mdv2007.1.x86_64.rpm 
 fba07c79d3b5f9e96336b554b8a73bd6  2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 7a8ae9851a0325b360a8f97b56a816b5  2008.0/i586/x11-server-1.3.0.0-24.1mdv2008.0.i586.rpm
 3f0a2bc7757c56fe0f392997a5022e34  2008.0/i586/x11-server-common-1.3.0.0-24.1mdv2008.0.i586.rpm
 a62b388c88977ae948dba870ea5b866f  2008.0/i586/x11-server-devel-1.3.0.0-24.1mdv2008.0.i586.rpm
 e0825379b328e7c955894c9ff7518d04  2008.0/i586/x11-server-xati-1.3.0.0-24.1mdv2008.0.i586.rpm
 77410dd4c07ac6623e73b895b004ef0a  2008.0/i586/x11-server-xchips-1.3.0.0-24.1mdv2008.0.i586.rpm
 9379a469c54ff0254fe435746a3d356b  2008.0/i586/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.i586.rpm
 2df3a6867ca4606418dbfd9a1f5bf79d  2008.0/i586/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.i586.rpm
 442ddb81a8097f0537d174c304f83b21  2008.0/i586/x11-server-xepson-1.3.0.0-24.1mdv2008.0.i586.rpm
 8bf4e58c0a9b3f8fc7d1fa061fed05a6  2008.0/i586/x11-server-xfake-1.3.0.0-24.1mdv2008.0.i586.rpm
 b4cfa9f8748e3edfb6b183821c74e249  2008.0/i586/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.i586.rpm
 0e95fe7a388e0ac62942f00dbdb92974  2008.0/i586/x11-server-xi810-1.3.0.0-24.1mdv2008.0.i586.rpm
 f4b796a0ad06722519080294bcf56423  2008.0/i586/x11-server-xmach64-1.3.0.0-24.1mdv2008.0.i586.rpm
 6e013afb26f004779837925f74bda90d  2008.0/i586/x11-server-xmga-1.3.0.0-24.1mdv2008.0.i586.rpm
 bc2113c528b1aeb54eca4b12e7ec16dc  2008.0/i586/x11-server-xneomagic-1.3.0.0-24.1mdv2008.0.i586.rpm
 4b71555ae1b62c033a523269660d71d9  2008.0/i586/x11-server-xnest-1.3.0.0-24.1mdv2008.0.i586.rpm
 1d913e066a9769c203ea03a72f25824e  2008.0/i586/x11-server-xnvidia-1.3.0.0-24.1mdv2008.0.i586.rpm
 a06cd065427cf1c6ab0621eb34d5eba1  2008.0/i586/x11-server-xorg-1.3.0.0-24.1mdv2008.0.i586.rpm
 a56b4a8ca70282768af931a27c2455c5  2008.0/i586/x11-server-xpm2-1.3.0.0-24.1mdv2008.0.i586.rpm
 62b802c7e47a35d54d0b2fcc32a8bd11  2008.0/i586/x11-server-xr128-1.3.0.0-24.1mdv2008.0.i586.rpm
 800c1ac057f5130dc6313651ea90feeb  2008.0/i586/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.i586.rpm
 800d9bd5a5f6cbbeb91a8cc82a67df32  2008.0/i586/x11-server-xsmi-1.3.0.0-24.1mdv2008.0.i586.rpm
 ed92778c5da4ef1193fd5525df4e72b0  2008.0/i586/x11-server-xvesa-1.3.0.0-24.1mdv2008.0.i586.rpm
 328ff2c03ff4898388657d1e0d5ff5e4  2008.0/i586/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.i586.rpm
 855c3309702a66073c969311b65b16db  2008.0/i586/x11-server-xvia-1.3.0.0-24.1mdv2008.0.i586.rpm
 0e432734e00e0d824fb2282242b13da7  2008.0/i586/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.i586.rpm 
 94c64a78a829896c63de007abb598804  2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c8080f0318af2cd1999fbf6b141ccadf  2008.0/x86_64/x11-server-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 dd9acd06310c1aedc53a721419169a3b  2008.0/x86_64/x11-server-common-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 6f537021c81986e1b2d8ff1bbd344d6d  2008.0/x86_64/x11-server-devel-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 681fb76aad7b9952d4e8032242b467c8  2008.0/x86_64/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 d6c774b0037d44a6c6e782fe7bf4dec5  2008.0/x86_64/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 e4b299a96c197ac732bd773220efa2c6  2008.0/x86_64/x11-server-xfake-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 1d8ea5ce027dcc55cfd67d63f8c27c29  2008.0/x86_64/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 6cea468e32959f90a9ebfd6d5c8c8034  2008.0/x86_64/x11-server-xnest-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 12b0404258cae8d6d28eb9b5a3231f70  2008.0/x86_64/x11-server-xorg-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 aae2b62fc505b80c8192aed8ff93b759  2008.0/x86_64/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 bfaef8a8c8fec77159ab74c89f6b8967  2008.0/x86_64/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 bff8283116ad7667a2507602ed95da6e  2008.0/x86_64/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.x86_64.rpm 
 94c64a78a829896c63de007abb598804  2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHl+frmqjQ0CJFipgRAvmDAKCFHl1auUASHQpbhQaTWVHsBHcRBACfUGk+
GiqeE9dPmJ+feX0zqi5JCnI=
=/oR9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ