[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GNrm1-0001IW-6s@mercury.mandriva.com>
Date: Thu, 14 Sep 2006 08:01:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:164 ] - Updated xorg-x11/XFree86
packages fix integer overflow vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:164
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xorg-x11
Date : September 14, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).
Local exploitation of an integer overflow vulnerability in the
'scan_cidfont()' function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3740).
Updated packages are patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
870f66da912af0a4fad28efb9b88c90e 2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm
0a8ff15caa27d78680f54486c67737e6 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm
e66de8e6c72f5b47ea0b56e32d75e46e 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm
4520ffe2166ef729c9b717571a0f858e 2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.i586.rpm
2288439bb004dfc1cbb9b1e1463a8e8a 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm
278c8e53603e73b09877d6939d29d281 2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.i586.rpm
6dd626b751c738c91f5a60fbabe1f3ca 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm
a166e90cc89070fb053aec43c96bd9de 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.i586.rpm
46941ea873fd4a47b43e32517671ba8d 2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.i586.rpm
45f99f735dcac5987c0bcf0bcdf86456 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.i586.rpm
dd6d86b93bdd5742674cfb3c49260542 2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.i586.rpm
f97eb010ee04a03365607e952d0cb3be 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.i586.rpm
103b774cb9a79c0adaf4c5949b9269ca 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.i586.rpm
ee5ba6d107047df4552cc06e0e0d9932 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.i586.rpm
4734479179fc2b8df8a9383123cbe43d 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.i586.rpm
5aa7daf002ee73a61d719c318cc7fb0f 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.i586.rpm
399f003f1545c4a6f003f26f197264f6 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.i586.rpm
d76d29e580eaea46f06e9031c4678a16 2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
44500ad48fab3741a6cd201e3e0c8e44 x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm
873c4f00872045e369d68b6c6bf0e9f4 x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.10.20060mdk.x86_64.rpm
cf34abe58bce0f1cb39d279c1825f28d x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.10.20060mdk.x86_64.rpm
870f66da912af0a4fad28efb9b88c90e x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm
0a8ff15caa27d78680f54486c67737e6 x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm
e66de8e6c72f5b47ea0b56e32d75e46e x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm
ea646502e846d806b676425d73489bc6 x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.x86_64.rpm
bb96282af5687aec3e671c5c6b715162 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
9554339037de4d0ca8decaf3030b94c1 x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm
e03bf5aaffd4ff3d918226069404c88c x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
9cb232babce28cf0a9c9dbc3542c632a x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
56ec5996265c951aee954105c3227809 x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.x86_64.rpm
900e0f2251e6c81afcc37a2c585720d7 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.x86_64.rpm
e0f617bd52b0d50aa78a8b70316922cf x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.x86_64.rpm
e6610f07a1424051b95059afe5beb385 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.x86_64.rpm
05bfc5d4703ca7f181cf7b57c4569e4a x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.x86_64.rpm
169612fa75a90697f98372aa87185cb7 x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.x86_64.rpm
51cda78610735e801d8b5d53043b831f x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.x86_64.rpm
1b8416070f1ef2d307e5d00a3af8773b x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.x86_64.rpm
6c9314505699669efb32190a5f7c76f0 x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.x86_64.rpm
d76d29e580eaea46f06e9031c4678a16 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm
Corporate 3.0:
aca392ef1cba20ee479740f6b0f89b0e corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm
c329ed9ddb46c518de8cbf5106856e9d corporate/3.0/RPMS/libxfree86-devel-4.3-32.8.C30mdk.i586.rpm
afdd3d25a20100d4017836024a779a80 corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.8.C30mdk.i586.rpm
2932393ed9723b87a36d0ead89a40f93 corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.i586.rpm
b414fa6a159e692e4b8e2e971b15f637 corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.i586.rpm
ac3e76f867137470151c1d5ec2c10eb4 corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.i586.rpm
361e8fb0f2ac0df06b445c8628058059 corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.i586.rpm
17850cde32471176216776f98a5bb64d corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.i586.rpm
87044502c0610247d325a1fd5045a167 corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.i586.rpm
7f783680a13c9df80bb002fa464ee4bf corporate/3.0/RPMS/XFree86-glide-module-4.3-32.8.C30mdk.i586.rpm
d4c6ad726d8c8da11c20eb87e426d3ee corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.i586.rpm
97a8e6f430cd09eb421b236063043118 corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.i586.rpm
d79bcae17843c8f5a2338111f3e877b7 corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.i586.rpm
a196843c331826c4ac34fba5608decdb corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.i586.rpm
68d29cd668b3781e1bbd5c4bc11f7ed1 corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
089b47176efe8d4464e238dd132930c4 x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.8.C30mdk.x86_64.rpm
6798c3411909923b51f5004fa6560662 x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.8.C30mdk.x86_64.rpm
645cbe061d51046a3bd60cdf36e9b960 x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.8.C30mdk.x86_64.rpm
aca392ef1cba20ee479740f6b0f89b0e x86_64/corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm
6c028e2f95e7009268e1eaf8bf927d18 x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.x86_64.rpm
18af4e6eb23e8639110590a0c6515a8f x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm
3c429b80b2ccd9d7bffa87523f24413f x86_64/corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.x86_64.rpm
561109df5169fa01e8b7f9577f0f35d3 x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm
dd3f5aa1245db2d2e2ff95922c7fbf61 x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.x86_64.rpm
f782bfb68f950892795a513128b3f4d5 x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.x86_64.rpm
9e44ebf57f4cb3a7daddf1ea5b811210 x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.x86_64.rpm
cfd13b82f1e179ff55750984f1a2df44 x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.x86_64.rpm
b0720a8b494fc145096783bcdf1a5e54 x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.x86_64.rpm
b3f4c24c5cc395962a0bfa7a6c9dba3c x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.x86_64.rpm
68d29cd668b3781e1bbd5c4bc11f7ed1 x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFCTNrmqjQ0CJFipgRAsOMAJ4l5VDVJY4LFiyDcWoYKDxdbMMZ2wCeNaH2
NcnjdxHtJ1QT0mc7yT8ClYU=
=JKZ2
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists