lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GNrm1-0001IW-6s@mercury.mandriva.com>
Date: Thu, 14 Sep 2006 08:01:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:164 ] - Updated xorg-x11/XFree86
	packages fix integer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:164
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : September 14, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of an integer overflow vulnerability in the
 'CIDAFM()' function in the X.Org and XFree86 X server could allow an
 attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3739).
 
 Local exploitation of an integer overflow vulnerability in the
 'scan_cidfont()' function in the X.Org and XFree86 X server could allow
 an attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3740).
 
 Updated packages are patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 870f66da912af0a4fad28efb9b88c90e  2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm
 0a8ff15caa27d78680f54486c67737e6  2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm
 e66de8e6c72f5b47ea0b56e32d75e46e  2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm
 4520ffe2166ef729c9b717571a0f858e  2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.i586.rpm
 2288439bb004dfc1cbb9b1e1463a8e8a  2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm
 278c8e53603e73b09877d6939d29d281  2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.i586.rpm
 6dd626b751c738c91f5a60fbabe1f3ca  2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm
 a166e90cc89070fb053aec43c96bd9de  2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.i586.rpm
 46941ea873fd4a47b43e32517671ba8d  2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.i586.rpm
 45f99f735dcac5987c0bcf0bcdf86456  2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.i586.rpm
 dd6d86b93bdd5742674cfb3c49260542  2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.i586.rpm
 f97eb010ee04a03365607e952d0cb3be  2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.i586.rpm
 103b774cb9a79c0adaf4c5949b9269ca  2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.i586.rpm
 ee5ba6d107047df4552cc06e0e0d9932  2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.i586.rpm
 4734479179fc2b8df8a9383123cbe43d  2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.i586.rpm
 5aa7daf002ee73a61d719c318cc7fb0f  2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.i586.rpm
 399f003f1545c4a6f003f26f197264f6  2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.i586.rpm
 d76d29e580eaea46f06e9031c4678a16  2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 44500ad48fab3741a6cd201e3e0c8e44  x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm
 873c4f00872045e369d68b6c6bf0e9f4  x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.10.20060mdk.x86_64.rpm
 cf34abe58bce0f1cb39d279c1825f28d  x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.10.20060mdk.x86_64.rpm
 870f66da912af0a4fad28efb9b88c90e  x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm
 0a8ff15caa27d78680f54486c67737e6  x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm
 e66de8e6c72f5b47ea0b56e32d75e46e  x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm
 ea646502e846d806b676425d73489bc6  x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.x86_64.rpm
 bb96282af5687aec3e671c5c6b715162  x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
 9554339037de4d0ca8decaf3030b94c1  x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm
 e03bf5aaffd4ff3d918226069404c88c  x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
 9cb232babce28cf0a9c9dbc3542c632a  x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.x86_64.rpm
 56ec5996265c951aee954105c3227809  x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.x86_64.rpm
 900e0f2251e6c81afcc37a2c585720d7  x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.x86_64.rpm
 e0f617bd52b0d50aa78a8b70316922cf  x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.x86_64.rpm
 e6610f07a1424051b95059afe5beb385  x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.x86_64.rpm
 05bfc5d4703ca7f181cf7b57c4569e4a  x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.x86_64.rpm
 169612fa75a90697f98372aa87185cb7  x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.x86_64.rpm
 51cda78610735e801d8b5d53043b831f  x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.x86_64.rpm
 1b8416070f1ef2d307e5d00a3af8773b  x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.x86_64.rpm
 6c9314505699669efb32190a5f7c76f0  x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.x86_64.rpm
 d76d29e580eaea46f06e9031c4678a16  x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm

 Corporate 3.0:
 aca392ef1cba20ee479740f6b0f89b0e  corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm
 c329ed9ddb46c518de8cbf5106856e9d  corporate/3.0/RPMS/libxfree86-devel-4.3-32.8.C30mdk.i586.rpm
 afdd3d25a20100d4017836024a779a80  corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.8.C30mdk.i586.rpm
 2932393ed9723b87a36d0ead89a40f93  corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.i586.rpm
 b414fa6a159e692e4b8e2e971b15f637  corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.i586.rpm
 ac3e76f867137470151c1d5ec2c10eb4  corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.i586.rpm
 361e8fb0f2ac0df06b445c8628058059  corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.i586.rpm
 17850cde32471176216776f98a5bb64d  corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.i586.rpm
 87044502c0610247d325a1fd5045a167  corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.i586.rpm
 7f783680a13c9df80bb002fa464ee4bf  corporate/3.0/RPMS/XFree86-glide-module-4.3-32.8.C30mdk.i586.rpm
 d4c6ad726d8c8da11c20eb87e426d3ee  corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.i586.rpm
 97a8e6f430cd09eb421b236063043118  corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.i586.rpm
 d79bcae17843c8f5a2338111f3e877b7  corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.i586.rpm
 a196843c331826c4ac34fba5608decdb  corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.i586.rpm
 68d29cd668b3781e1bbd5c4bc11f7ed1  corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 089b47176efe8d4464e238dd132930c4  x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.8.C30mdk.x86_64.rpm
 6798c3411909923b51f5004fa6560662  x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.8.C30mdk.x86_64.rpm
 645cbe061d51046a3bd60cdf36e9b960  x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.8.C30mdk.x86_64.rpm
 aca392ef1cba20ee479740f6b0f89b0e  x86_64/corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm
 6c028e2f95e7009268e1eaf8bf927d18  x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.x86_64.rpm
 18af4e6eb23e8639110590a0c6515a8f  x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm
 3c429b80b2ccd9d7bffa87523f24413f  x86_64/corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.x86_64.rpm
 561109df5169fa01e8b7f9577f0f35d3  x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm
 dd3f5aa1245db2d2e2ff95922c7fbf61  x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.x86_64.rpm
 f782bfb68f950892795a513128b3f4d5  x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.x86_64.rpm
 9e44ebf57f4cb3a7daddf1ea5b811210  x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.x86_64.rpm
 cfd13b82f1e179ff55750984f1a2df44  x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.x86_64.rpm
 b0720a8b494fc145096783bcdf1a5e54  x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.x86_64.rpm
 b3f4c24c5cc395962a0bfa7a6c9dba3c  x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.x86_64.rpm
 68d29cd668b3781e1bbd5c4bc11f7ed1  x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFCTNrmqjQ0CJFipgRAsOMAJ4l5VDVJY4LFiyDcWoYKDxdbMMZ2wCeNaH2
NcnjdxHtJ1QT0mc7yT8ClYU=
=JKZ2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ