lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Gutz2-0005HX-VL@mercury.mandriva.com>
Date: Thu, 14 Dec 2006 10:03:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86
	packages fix integer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2006:164-2
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : December 14, 2006
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of an integer overflow vulnerability in the
 'CIDAFM()' function in the X.Org and XFree86 X server could allow an
 attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3739).

 Local exploitation of an integer overflow vulnerability in the
 'scan_cidfont()' function in the X.Org and XFree86 X server could allow
 an attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3740).

 Updated packages are patched to address this issue.

 Update:

 Updated packages for Corporate Server 4.0 have been patched
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 4.0:
 3658ca4cd8a4c6e9821c418a5ce7b4b3  corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 c98057d36ee6db65dd49bb540f2dfdb5  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 296d32cb0bb9a4361e5288cd0c136410  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 569c78c8b3842c72cfe361fb89d1989d  corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
 438e53654ce1c11d5e28cce7d8316c34  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 6cd2047a430d3e10f68062e9e2ed7bc3  corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 61d98fd62be172adc372ef7f10e8d0f0  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 c46a82d37cb2377f9d232ee10fb837b4  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 e5be10030bae448b24998d65a2be9f6c  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
 9122ac82818d37d54e096d128866c64f  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
 1bfaa8464fefa7515a9abc6a4ff1da01  corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
 4c274b747483a610e16677f019c150f6  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
 6d1fe79343156bbd680b3d60941380b3  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
 c7bdfd3abc0b711abe72e32ffa0b8e76  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
 a62d0994768a936bbdef00a42a40e114  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
 7e586568c538c87728f51cdee94ba050  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
 a4a6aabeae772da093d771695d350dc0  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm 
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 95d2a9ad359eb51d2c8743a8f2d8cc21  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 91629018178a74304f232c38b29ea831  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 93465357b9ff908de20c7448d501c1fa  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 4fe4964642e28e972c34c759d1e726d1  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
 461967ff7add4e31702460db4ee6e602  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 6f5fbabba03318860472c0ce5c0a65e4  corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 444fc50e3d9cccf09601026c7487d78e  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 20da8a1239bc532d7c45d32931360d7b  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 40af6535454c3ea73dc4f6473b9f24c0  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
 2c7d093af7530397c8b935409080c25c  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
 51b4f1d2ef0118a2ed84b430bc89242e  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
 66721b5e94867256724faf443ae1e8a3  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
 8e37a1b93e5ae3850d1259eea8aa3de3  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
 d705258a79d0cb500560de0f3babe596  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
 325bfc125311d543b8808133345afb00  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
 ae37ee6f2b895664bfddb06798180907  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
 897a5a32aa8e71cd3b644bc75e33f98a  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm 
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj
8tuWJMZfMYQMzHlWuRM/BF0=
=xvrZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ