lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KWHtt-0004ga-So@titan.mandriva.com>
Date: Thu, 21 Aug 2008 15:41:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:179 ] metisse


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:179
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : metisse
 Date    : August 21, 2008
 Affected: 2008.0, 2008.1
 _______________________________________________________________________

 Problem Description:

 An input validation flaw was found in X.org's MIT-SHM extension.
 A client connected to the X.org server could read arbitrary server
 memory, resulting in the disclosure of sensitive data of other users
 of the X.org server (CVE-2008-1379).
 
 Multiple integer overflows were found in X.org's Render extension.
 A malicious authorized client could explot these issues to cause a
 denial of service (crash) or possibly execute arbitrary code with
 root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,
 CVE-2008-2362).
 
 The Metisse program is likewise affected by these issues; the updated
 packages have been patched to prevent them.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 209b749ac3a7961ddc93878b7fec9aea  2008.0/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 0f6412f126bee76be7b284010de0fa56  2008.0/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 43a3e0d932827212574410a4d7afb047  2008.0/i586/metisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 4ec03d743d7cf8592b1a48535004218b  2008.0/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.i586.rpm
 e9dedb6ee7e27e3f877dd8be560ef30f  2008.0/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm 
 30a7265222bf23c2d5381b166effb970  2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d9825ccef1440ba9b175c62e7ebf0375  2008.0/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 157e7e05de6b0a4e76b01d507356f4ee  2008.0/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 ae43e394fcb45cd6a133dd149f8f8c1e  2008.0/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 af06fb5b120956f5773100dbe693d422  2008.0/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.x86_64.rpm
 d9f2a0c5d5d414e8807f1f769d9fed60  2008.0/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm 
 30a7265222bf23c2d5381b166effb970  2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 19c95e15e5b2b8a1e6cffc6c41ced6d2  2008.1/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 c80e03efeb74f3a21bacb8ed273c901f  2008.1/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 24ad66bd13b18e5c9a912d3208418f73  2008.1/i586/metisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 3af08353f0d5dd56f90d368a5f220e63  2008.1/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.i586.rpm
 efcef9f64f1b04b4ab98e87519e60ef3  2008.1/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm 
 23ee1812f563c203cd466d735f57a1b3  2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1feb9051196c49b31990a0110cd1c005  2008.1/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 9c0a16ed2d43e8b49ec5ebf58326c7f8  2008.1/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 8f25e6cd1bb812e73ec3e1830252b81d  2008.1/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 9e3bce06db9b7f5632bb3bbe2d20f406  2008.1/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.x86_64.rpm
 2acc17c95fad1de143c11ca9a6bd8f32  2008.1/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm 
 23ee1812f563c203cd466d735f57a1b3  2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrbTTmqjQ0CJFipgRAgnaAJ4pq+USA4fliYUszlfcdViKwF8nNQCgg9mA
+uheP4mB2lIzG1AlYPHGxu4=
=8Xrn
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ