lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IVH2X-0002u5-Py@artemis.annvix.ca>
Date: Tue, 11 Sep 2007 19:29:13 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:178 ] - Updated x11-server packages
	fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:178
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : x11-server
 Date    : September 11, 2007
 Affected: 2007.0, 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 Aaron Plattner discovered a buffer overflow in the Composite extension
 of the X.org X server, which if exploited could lead to local privilege
 escalation.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4730
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 b7f65f220a7e0d60468de2591480c81f  2007.0/i586/x11-server-1.1.1-12.2mdv2007.0.i586.rpm
 6531fccbefc159f11ab350a5005a2a37  2007.0/i586/x11-server-common-1.1.1-12.2mdv2007.0.i586.rpm
 d226660aa402ad02c1a6409a530315a4  2007.0/i586/x11-server-devel-1.1.1-12.2mdv2007.0.i586.rpm
 1cbd8d452b28b3ef33fb87bd62627472  2007.0/i586/x11-server-xati-1.1.1-12.2mdv2007.0.i586.rpm
 5ae5f6604245486ae6c4fe5718b4708d  2007.0/i586/x11-server-xchips-1.1.1-12.2mdv2007.0.i586.rpm
 f5a5d272c45a70c27b10c01c4d5fedbe  2007.0/i586/x11-server-xdmx-1.1.1-12.2mdv2007.0.i586.rpm
 97b8a31e97ce2560b084b31400f8db19  2007.0/i586/x11-server-xephyr-1.1.1-12.2mdv2007.0.i586.rpm
 08215333e77aedf5295a2a7f3de363a6  2007.0/i586/x11-server-xepson-1.1.1-12.2mdv2007.0.i586.rpm
 251281eb2c8bbc593c64c8431da23264  2007.0/i586/x11-server-xfake-1.1.1-12.2mdv2007.0.i586.rpm
 2da1f5f9b51c5dc6382ddd75c6f21705  2007.0/i586/x11-server-xfbdev-1.1.1-12.2mdv2007.0.i586.rpm
 649c70b4548c0a2c9cff273f6050b49a  2007.0/i586/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.i586.rpm
 d9e4f46fc32a7ef7e0867d0be8c8d5a5  2007.0/i586/x11-server-xi810-1.1.1-12.2mdv2007.0.i586.rpm
 031ae580506097876217fb649112d883  2007.0/i586/x11-server-xmach64-1.1.1-12.2mdv2007.0.i586.rpm
 2239a80521a1b74505bff4b03eae9ade  2007.0/i586/x11-server-xmga-1.1.1-12.2mdv2007.0.i586.rpm
 5c0ba6b312c07e8aa54d220be66dcccb  2007.0/i586/x11-server-xneomagic-1.1.1-12.2mdv2007.0.i586.rpm
 d589cf3b29b764b0155f6fc4ccef7560  2007.0/i586/x11-server-xnest-1.1.1-12.2mdv2007.0.i586.rpm
 4a4d7944f435dccd6e6d14a419451add  2007.0/i586/x11-server-xnvidia-1.1.1-12.2mdv2007.0.i586.rpm
 a4dfc77d69799d1fff4cdd740afe97fc  2007.0/i586/x11-server-xorg-1.1.1-12.2mdv2007.0.i586.rpm
 940ca130c5173a96be8a02d1cca00900  2007.0/i586/x11-server-xpm2-1.1.1-12.2mdv2007.0.i586.rpm
 1a79715f3811769ccd6ebc9024e2c188  2007.0/i586/x11-server-xprt-1.1.1-12.2mdv2007.0.i586.rpm
 763825c0b68ac98ef45d7b17191d5b6f  2007.0/i586/x11-server-xr128-1.1.1-12.2mdv2007.0.i586.rpm
 afcddc9001954e94e25c71802dc3dbb0  2007.0/i586/x11-server-xsdl-1.1.1-12.2mdv2007.0.i586.rpm
 88c03e6cf97ce32a58b867a323b749e0  2007.0/i586/x11-server-xsmi-1.1.1-12.2mdv2007.0.i586.rpm
 f021f41f108226046db77b55c0ac893b  2007.0/i586/x11-server-xvesa-1.1.1-12.2mdv2007.0.i586.rpm
 4095bf9b8b47e31234603e4edacb7116  2007.0/i586/x11-server-xvfb-1.1.1-12.2mdv2007.0.i586.rpm
 503e8cd0668ede239bc78a0f855c5ab9  2007.0/i586/x11-server-xvia-1.1.1-12.2mdv2007.0.i586.rpm 
 e65256c48101eb1f0d51f8e246b74f9e  2007.0/SRPMS/x11-server-1.1.1-12.2mdv2007.0.src.rpm
 c94f94783b9a833f9ba84a2c6447360b  2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 0e28499a5c6b439a25d9fabb1a9a4b47  2007.0/x86_64/x11-server-1.1.1-12.2mdv2007.0.x86_64.rpm
 f20c62bbccc71f6c501d25b4ea913a74  2007.0/x86_64/x11-server-common-1.1.1-12.2mdv2007.0.x86_64.rpm
 c96011aa8acbab908139604c05ab23e4  2007.0/x86_64/x11-server-devel-1.1.1-12.2mdv2007.0.x86_64.rpm
 729bc1d5ad879d4c1942899a4df7c59b  2007.0/x86_64/x11-server-xdmx-1.1.1-12.2mdv2007.0.x86_64.rpm
 0d4c1599d50f76b792bbecc904f01567  2007.0/x86_64/x11-server-xephyr-1.1.1-12.2mdv2007.0.x86_64.rpm
 90f0260b44b5fb3bedf77bd2cd0f6ceb  2007.0/x86_64/x11-server-xfake-1.1.1-12.2mdv2007.0.x86_64.rpm
 1db3512f3401934ffd82a12e74d3a3bf  2007.0/x86_64/x11-server-xfbdev-1.1.1-12.2mdv2007.0.x86_64.rpm
 24812e53f83a6751fad94544814fbb63  2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.x86_64.rpm
 84b70cd0146b642215596eec51dcb7b1  2007.0/x86_64/x11-server-xnest-1.1.1-12.2mdv2007.0.x86_64.rpm
 b16678c47a6f526e904eb764d1aa5c68  2007.0/x86_64/x11-server-xorg-1.1.1-12.2mdv2007.0.x86_64.rpm
 5466332d5fd645bd0b1de06f41f2e7d7  2007.0/x86_64/x11-server-xprt-1.1.1-12.2mdv2007.0.x86_64.rpm
 071baaa67706c90aac05e9362b32f1de  2007.0/x86_64/x11-server-xsdl-1.1.1-12.2mdv2007.0.x86_64.rpm
 d0cfa2a81086e55ad3a024da165e1570  2007.0/x86_64/x11-server-xvfb-1.1.1-12.2mdv2007.0.x86_64.rpm 
 e65256c48101eb1f0d51f8e246b74f9e  2007.0/SRPMS/x11-server-1.1.1-12.2mdv2007.0.src.rpm
 c94f94783b9a833f9ba84a2c6447360b  2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 68d47b19c4b867ee11f15b71f3c8226a  2007.1/i586/x11-server-1.2.0-9.3mdv2007.1.i586.rpm
 39872d0705024f838c47bdeb5c01b63b  2007.1/i586/x11-server-common-1.2.0-9.3mdv2007.1.i586.rpm
 58c57bf66d436909db3aa46332f1161d  2007.1/i586/x11-server-devel-1.2.0-9.3mdv2007.1.i586.rpm
 7f46aea7b12cc7d63ca1094e45fd8185  2007.1/i586/x11-server-xati-1.2.0-9.3mdv2007.1.i586.rpm
 ce49e5eb2b938d0b2439c4d23cc6c886  2007.1/i586/x11-server-xchips-1.2.0-9.3mdv2007.1.i586.rpm
 1b8288fa1550e75e506ebb5613fab8b1  2007.1/i586/x11-server-xdmx-1.2.0-9.3mdv2007.1.i586.rpm
 051d34d81ae1e041fbec3d2d3142178e  2007.1/i586/x11-server-xephyr-1.2.0-9.3mdv2007.1.i586.rpm
 d3771704e8094acc9a19f31d0a3e5b23  2007.1/i586/x11-server-xepson-1.2.0-9.3mdv2007.1.i586.rpm
 d1af00fd18f02cebe28c319319b7147a  2007.1/i586/x11-server-xfake-1.2.0-9.3mdv2007.1.i586.rpm
 b742892b760c61c6ea689a5541246c5d  2007.1/i586/x11-server-xfbdev-1.2.0-9.3mdv2007.1.i586.rpm
 3e9ab8e79ccd908056943704eb849659  2007.1/i586/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.i586.rpm
 170e7f0b8cae29dcd4fbd54ece1c89f8  2007.1/i586/x11-server-xi810-1.2.0-9.3mdv2007.1.i586.rpm
 491413b40e7dc71b86cba615bca7c465  2007.1/i586/x11-server-xmach64-1.2.0-9.3mdv2007.1.i586.rpm
 5890faac3b923e21c0dc5bded02d086e  2007.1/i586/x11-server-xmga-1.2.0-9.3mdv2007.1.i586.rpm
 f494f66f71ddc5b69479a23ce201a41d  2007.1/i586/x11-server-xneomagic-1.2.0-9.3mdv2007.1.i586.rpm
 c8e42471bdbbdc4a66ffd91b1f0cb182  2007.1/i586/x11-server-xnest-1.2.0-9.3mdv2007.1.i586.rpm
 701cd236e6a50d072bf10e2d739dea99  2007.1/i586/x11-server-xnvidia-1.2.0-9.3mdv2007.1.i586.rpm
 6c0a51eb71c5e08a514065a86940345b  2007.1/i586/x11-server-xorg-1.2.0-9.3mdv2007.1.i586.rpm
 2dd8ca5bbce666924593f66ed7e9186c  2007.1/i586/x11-server-xpm2-1.2.0-9.3mdv2007.1.i586.rpm
 d53a2928b2068609b8429baa3de55098  2007.1/i586/x11-server-xprt-1.2.0-9.3mdv2007.1.i586.rpm
 a167c69874d9122d19806af6ac57e10c  2007.1/i586/x11-server-xr128-1.2.0-9.3mdv2007.1.i586.rpm
 e21ed3731dbf7e5345e4c57223e1c47d  2007.1/i586/x11-server-xsdl-1.2.0-9.3mdv2007.1.i586.rpm
 3642c4ab48e21c5f810e83502aec4ff0  2007.1/i586/x11-server-xsmi-1.2.0-9.3mdv2007.1.i586.rpm
 24004ec8195d11e8fb0e13ba19c700a7  2007.1/i586/x11-server-xvesa-1.2.0-9.3mdv2007.1.i586.rpm
 74bd661eaf42b16fe38c4b08a268600b  2007.1/i586/x11-server-xvfb-1.2.0-9.3mdv2007.1.i586.rpm
 5d340c30d104e1396436f6d6a83b21db  2007.1/i586/x11-server-xvia-1.2.0-9.3mdv2007.1.i586.rpm
 9abbbeae06a1e0c527d96236ca9cc41e  2007.1/i586/x11-server-xvnc-1.2.0-9.3mdv2007.1.i586.rpm 
 893f78ce4f78b7def6d01c02d28262b7  2007.1/SRPMS/x11-server-1.2.0-9.3mdv2007.1.src.rpm
 6df770cb70e3eb4bc5cd9baa9af8b0c9  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 fe1fb94aff46fdfb0b8a1f1d325267b6  2007.1/x86_64/x11-server-1.2.0-9.3mdv2007.1.x86_64.rpm
 50451c60869e8790c386de687462b208  2007.1/x86_64/x11-server-common-1.2.0-9.3mdv2007.1.x86_64.rpm
 7dd32f5f112988c8ea7260f0ce21123e  2007.1/x86_64/x11-server-devel-1.2.0-9.3mdv2007.1.x86_64.rpm
 886994cfc8ee33d2ec47f8c5fd5498f6  2007.1/x86_64/x11-server-xdmx-1.2.0-9.3mdv2007.1.x86_64.rpm
 746ffd08c46db2b3c1d3d6978aa4750c  2007.1/x86_64/x11-server-xephyr-1.2.0-9.3mdv2007.1.x86_64.rpm
 1245fecc83cf5be468248891a64ff533  2007.1/x86_64/x11-server-xfake-1.2.0-9.3mdv2007.1.x86_64.rpm
 c298bd4969d404cf917496daf93fae2e  2007.1/x86_64/x11-server-xfbdev-1.2.0-9.3mdv2007.1.x86_64.rpm
 6deb0b784971e39c3a488ec8cbd14393  2007.1/x86_64/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.x86_64.rpm
 7e17896d835ba51451c04d075db91894  2007.1/x86_64/x11-server-xnest-1.2.0-9.3mdv2007.1.x86_64.rpm
 2aab234827f3c4d61c47d5ebd7af4a8b  2007.1/x86_64/x11-server-xorg-1.2.0-9.3mdv2007.1.x86_64.rpm
 8cfcf665a3979e1faaab471444adcd64  2007.1/x86_64/x11-server-xprt-1.2.0-9.3mdv2007.1.x86_64.rpm
 657e13900d1e6a9844261e4428fb2776  2007.1/x86_64/x11-server-xsdl-1.2.0-9.3mdv2007.1.x86_64.rpm
 61186f95dc6356f5be674d0497fc2251  2007.1/x86_64/x11-server-xvfb-1.2.0-9.3mdv2007.1.x86_64.rpm
 287707c225cb7f3069ed2393b7f6dcbb  2007.1/x86_64/x11-server-xvnc-1.2.0-9.3mdv2007.1.x86_64.rpm 
 893f78ce4f78b7def6d01c02d28262b7  2007.1/SRPMS/x11-server-1.2.0-9.3mdv2007.1.src.rpm
 6df770cb70e3eb4bc5cd9baa9af8b0c9  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG5xaqmqjQ0CJFipgRAhRuAJ9Y5j0mYanN/+HMYvdSBybAFfIm2QCcC1Ul
fqRU1TTiYp26HW5hDH6qFLc=
=qpa2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ