lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 Apr 2007 13:02:54 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86
	packages fix integer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:079-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : April 11, 2007
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of a memory corruption vulnerability in the X.Org
 and XFree86 X server could allow an attacker to execute arbitrary
 code with privileges of the X server, typically root.
 
 The vulnerability exists in the ProcXCMiscGetXIDList() function in the
 XC-MISC extension. This request is used to determine what resource IDs
 are available for use. This function contains two vulnerabilities,
 both result in memory corruption of either the stack or heap. The
 ALLOCATE_LOCAL() macro used by this function allocates memory on the
 stack using alloca() on systems where alloca() is present, or using
 the heap otherwise. The handler function takes a user provided value,
 multiplies it, and then passes it to the above macro. This results in
 both an integer overflow vulnerability, and an alloca() stack pointer
 shifting vulnerability. Both can be exploited to execute arbitrary
 code. (CVE-2007-1003)
 
 iDefense reported two integer overflows in the way X.org handled
 various font files. A malicious local user could exploit these issues
 to potentially execute arbitrary code with the privileges of the
 X.org server. (CVE-2007-1351, CVE-2007-1352)
 
 Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
 in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
 ImageMagick, allow user-assisted remote attackers to cause a denial
 of service (crash) or information leak via crafted images with large
 or negative values that trigger a buffer overflow. (CVE-2007-1667)
 
 Updated packages are patched to address these issues.

 Update:

 Packages for Mandriva Linux 2007.1 are now available.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 094834b9cec06d41814fcfbb4826a1b4  2007.1/i586/libx11-common-1.1.1-2.1mdv2007.1.i586.rpm
 60ba6ee2def612bab83b056aa9143c28  2007.1/i586/libx11_6-1.1.1-2.1mdv2007.1.i586.rpm
 83832a8b9a359f0199bf0b58024bcc93  2007.1/i586/libx11_6-devel-1.1.1-2.1mdv2007.1.i586.rpm
 e7f0426150c15b701dca49a131d4f911  2007.1/i586/libx11_6-static-devel-1.1.1-2.1mdv2007.1.i586.rpm
 4d737b55208b15a17076ea417fef6e83  2007.1/i586/libxfont1-1.2.7-1.1mdv2007.1.i586.rpm
 28b347acb8851ef8cdc9b8b61ffb669b  2007.1/i586/libxfont1-devel-1.2.7-1.1mdv2007.1.i586.rpm
 aa2e50b1ee6967c2ed3bb8c6dc64c84b  2007.1/i586/libxfont1-static-devel-1.2.7-1.1mdv2007.1.i586.rpm
 530b51e76f6b9a0df342719a8b9ddb99  2007.1/i586/x11-server-1.2.0-8.1mdv2007.1.i586.rpm
 9d717cb5fab234a4c76a4a0811bf4638  2007.1/i586/x11-server-common-1.2.0-8.1mdv2007.1.i586.rpm
 5a47c5a19827c3e820b02c2db7796659  2007.1/i586/x11-server-devel-1.2.0-8.1mdv2007.1.i586.rpm
 76a33d69862b1c457a2cec21a37b51d8  2007.1/i586/x11-server-xati-1.2.0-8.1mdv2007.1.i586.rpm
 880f19417b5379635ddb6c5f2e612971  2007.1/i586/x11-server-xchips-1.2.0-8.1mdv2007.1.i586.rpm
 dc8db2e2fa639a5e5590a9301590e58a  2007.1/i586/x11-server-xdmx-1.2.0-8.1mdv2007.1.i586.rpm
 b71ce20ae5de448b2e54d6458df98526  2007.1/i586/x11-server-xephyr-1.2.0-8.1mdv2007.1.i586.rpm
 fed1ade3cb4ca74c6362837618a5452c  2007.1/i586/x11-server-xepson-1.2.0-8.1mdv2007.1.i586.rpm
 9e3f8d012b49126ee4b217dd24521f29  2007.1/i586/x11-server-xfake-1.2.0-8.1mdv2007.1.i586.rpm
 15adb208aac159c1575a3ddd77ffbaee  2007.1/i586/x11-server-xfbdev-1.2.0-8.1mdv2007.1.i586.rpm
 37b8f6fdbfca1dc9192758dabd9b5adc  2007.1/i586/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.i586.rpm
 f8a04c4056025562b4e280a09c5c8577  2007.1/i586/x11-server-xi810-1.2.0-8.1mdv2007.1.i586.rpm
 ce53fc038ab1f432b216d4057e53057d  2007.1/i586/x11-server-xmach64-1.2.0-8.1mdv2007.1.i586.rpm
 a6fe363ba43b509661709a3c9245ba8c  2007.1/i586/x11-server-xmga-1.2.0-8.1mdv2007.1.i586.rpm
 d95d4a1b0b7e9bdee00f7cf90e934a39  2007.1/i586/x11-server-xneomagic-1.2.0-8.1mdv2007.1.i586.rpm
 7718f0eabcc0b212012ffb0e5c8e6a26  2007.1/i586/x11-server-xnest-1.2.0-8.1mdv2007.1.i586.rpm
 5c06fbc05c7ea8abfdb4ecdeb2ce2d75  2007.1/i586/x11-server-xnvidia-1.2.0-8.1mdv2007.1.i586.rpm
 aa416e9d9cc207be2c801c4570d43015  2007.1/i586/x11-server-xorg-1.2.0-8.1mdv2007.1.i586.rpm
 9076d8da47cfa869a84896cd26722ecc  2007.1/i586/x11-server-xpm2-1.2.0-8.1mdv2007.1.i586.rpm
 b6c9e9c76bfb9ad237fff6b4c2ce2e04  2007.1/i586/x11-server-xprt-1.2.0-8.1mdv2007.1.i586.rpm
 dcaf5905ffdd594ac3b97aa1b94baae6  2007.1/i586/x11-server-xr128-1.2.0-8.1mdv2007.1.i586.rpm
 770630c3643c095ba99d8fbd838bf148  2007.1/i586/x11-server-xsdl-1.2.0-8.1mdv2007.1.i586.rpm
 57c93b2b5f8e289063dc5bd678a15e17  2007.1/i586/x11-server-xsmi-1.2.0-8.1mdv2007.1.i586.rpm
 8e26db22cbba03a68962ecaa7f0f40d0  2007.1/i586/x11-server-xvesa-1.2.0-8.1mdv2007.1.i586.rpm
 caa3a31e61065af8dd25b8f115657910  2007.1/i586/x11-server-xvfb-1.2.0-8.1mdv2007.1.i586.rpm
 f5baee2c239e4b9d5f5c1e0d0ae64ddd  2007.1/i586/x11-server-xvia-1.2.0-8.1mdv2007.1.i586.rpm
 1be993d23f79ba6356b7dfcb0dd36b44  2007.1/i586/x11-server-xvnc-1.2.0-8.1mdv2007.1.i586.rpm 
 aeba38426c094f892a8db7c56ed8c301  2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 a8e9b831949d99880f61e496fcda81fa  2007.1/x86_64/lib64x11_6-1.1.1-2.1mdv2007.1.x86_64.rpm
 8a2cdcf52cb086a7ec479585f4615aff  2007.1/x86_64/lib64x11_6-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 9a3f679f360cf576598f3bd2058b441c  2007.1/x86_64/lib64x11_6-static-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 38588291d4baf93d53f2cacfc91470fc  2007.1/x86_64/lib64xfont1-1.2.7-1.1mdv2007.1.x86_64.rpm
 08a34ff0e3a6a6c25beaef8b5f4d6dbf  2007.1/x86_64/lib64xfont1-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 0709d442ee2fdc7134abb5d1a71afab1  2007.1/x86_64/lib64xfont1-static-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 ee41dd9b5381466727456905d4c2b29a  2007.1/x86_64/libx11-common-1.1.1-2.1mdv2007.1.x86_64.rpm
 99fdfc64834e47ed1efc35796f1da887  2007.1/x86_64/x11-server-1.2.0-8.1mdv2007.1.x86_64.rpm
 47570e6070fc356fe3213d5787990a1c  2007.1/x86_64/x11-server-common-1.2.0-8.1mdv2007.1.x86_64.rpm
 deb1c9a780b5789f71c7b3bc23c24f2c  2007.1/x86_64/x11-server-devel-1.2.0-8.1mdv2007.1.x86_64.rpm
 21d5e1148cc503e47a135fad2cf10257  2007.1/x86_64/x11-server-xdmx-1.2.0-8.1mdv2007.1.x86_64.rpm
 500a8bb735d0cdda28044f85d436ea64  2007.1/x86_64/x11-server-xephyr-1.2.0-8.1mdv2007.1.x86_64.rpm
 b7a993ad6689524f5328861f1415af4a  2007.1/x86_64/x11-server-xfake-1.2.0-8.1mdv2007.1.x86_64.rpm
 bbcf31887871cb70d78b6c8c45bd236a  2007.1/x86_64/x11-server-xfbdev-1.2.0-8.1mdv2007.1.x86_64.rpm
 03627273fc38f69659e62dff615e8dee  2007.1/x86_64/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.x86_64.rpm
 f393ec9760d243e1171a7ad38d0ed70d  2007.1/x86_64/x11-server-xnest-1.2.0-8.1mdv2007.1.x86_64.rpm
 95aeec7bb4cf44b44ae9c7ae8f020c6f  2007.1/x86_64/x11-server-xorg-1.2.0-8.1mdv2007.1.x86_64.rpm
 00e692ed014b06e59922e12d8de52e16  2007.1/x86_64/x11-server-xprt-1.2.0-8.1mdv2007.1.x86_64.rpm
 c0d22ee28f8e7fd394cf6e9cdcd7a876  2007.1/x86_64/x11-server-xsdl-1.2.0-8.1mdv2007.1.x86_64.rpm
 d6f33606ca00eb807db566dab93830f5  2007.1/x86_64/x11-server-xvfb-1.2.0-8.1mdv2007.1.x86_64.rpm
 e35758ceb44dddd8e368d0535ad03c49  2007.1/x86_64/x11-server-xvnc-1.2.0-8.1mdv2007.1.x86_64.rpm 
 aeba38426c094f892a8db7c56ed8c301  2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGHQammqjQ0CJFipgRAqaQAKCdjtSCGHIqRkCEZDq51Ybn/Tn6gwCg9H8G
JjBWGCkfa5AOJa5EdSZ4h0Y=
=Xwtx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists