lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OCM2v-0002Y2-Bi@titan.mandriva.com>
Date: Thu, 13 May 2010 02:13:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:095 ] libxext


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:095
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxext
 Date    : May 12, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and fixed in libxext:
 
 There's a race condition in libXext that causes apps that use the X
 shared memory extensions to occasionally crash.
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 The corrected packages solves this problem.
 _______________________________________________________________________

 References:

 http://lists.freedesktop.org/archives/xcb/2009-October/005102.html
 http://crbug.com/25324
 http://cgit.freedesktop.org/xorg/lib/libXext/commit/?id=956fd30e1046e5779ac0b6c07ec4f0e87250869a
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 ad8fd95b87fc8b9a6fb343c47db9506c  2008.0/i586/libxext6-1.0.3-1.1mdv2008.0.i586.rpm
 f20b40d2eb46373e67f15687adff3db1  2008.0/i586/libxext6-devel-1.0.3-1.1mdv2008.0.i586.rpm
 290699cbb64a52a25557d09bb41bf244  2008.0/i586/libxext6-static-devel-1.0.3-1.1mdv2008.0.i586.rpm 
 2b51d891924056f31602439a9fe678d5  2008.0/SRPMS/libxext-1.0.3-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d53d3e82879543b33a207bdc557a0132  2008.0/x86_64/lib64xext6-1.0.3-1.1mdv2008.0.x86_64.rpm
 8b8848e41fb2230efc2bd31f7949eab3  2008.0/x86_64/lib64xext6-devel-1.0.3-1.1mdv2008.0.x86_64.rpm
 27fb66d245b0cbf720c69f46fe88c538  2008.0/x86_64/lib64xext6-static-devel-1.0.3-1.1mdv2008.0.x86_64.rpm 
 2b51d891924056f31602439a9fe678d5  2008.0/SRPMS/libxext-1.0.3-1.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 4e787ff5e464f9c5b49d9af191763bd6  2009.0/i586/libxext6-1.0.4-2.1mdv2009.0.i586.rpm
 f3c193f8524069269db78a48015af7d3  2009.0/i586/libxext6-devel-1.0.4-2.1mdv2009.0.i586.rpm
 9df3da9e5c5521e042c57ed09253893a  2009.0/i586/libxext6-static-devel-1.0.4-2.1mdv2009.0.i586.rpm 
 e9970b9bd08d5c9ecd662a85dd6c4371  2009.0/SRPMS/libxext-1.0.4-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a23579189108c72f49cbe76a20971137  2009.0/x86_64/lib64xext6-1.0.4-2.1mdv2009.0.x86_64.rpm
 77edbaa536b888f34dbbd1d8a88d9f19  2009.0/x86_64/lib64xext6-devel-1.0.4-2.1mdv2009.0.x86_64.rpm
 8bb522eca226fa6309304c823b380650  2009.0/x86_64/lib64xext6-static-devel-1.0.4-2.1mdv2009.0.x86_64.rpm 
 e9970b9bd08d5c9ecd662a85dd6c4371  2009.0/SRPMS/libxext-1.0.4-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 9ff7e42573e3150a71422a4850075bc8  2009.1/i586/libxext6-1.0.5-2.1mdv2009.1.i586.rpm
 39b8b9956410e9331420ae1151ec03e1  2009.1/i586/libxext6-devel-1.0.5-2.1mdv2009.1.i586.rpm
 10ab96b84c8fbb4b3b4ac25cc4d2c3f8  2009.1/i586/libxext6-static-devel-1.0.5-2.1mdv2009.1.i586.rpm 
 0176ab4c8af885d79e681fede1065f46  2009.1/SRPMS/libxext-1.0.5-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 eeef3de59cb0f165da7743ad1308a211  2009.1/x86_64/lib64xext6-1.0.5-2.1mdv2009.1.x86_64.rpm
 dbbb84959627b84f74b101ec8104c11c  2009.1/x86_64/lib64xext6-devel-1.0.5-2.1mdv2009.1.x86_64.rpm
 7e7dabaf366ef5b8b4f3001f13a72ce6  2009.1/x86_64/lib64xext6-static-devel-1.0.5-2.1mdv2009.1.x86_64.rpm 
 0176ab4c8af885d79e681fede1065f46  2009.1/SRPMS/libxext-1.0.5-2.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 6e04840f5af1408570332de3398baa9e  2010.0/i586/libxext6-1.0.5-1.2mdv2010.0.i586.rpm
 3481fee943a662442907d3e27895045f  2010.0/i586/libxext6-devel-1.0.5-1.2mdv2010.0.i586.rpm
 0f3fae7db2f4193f18ee02acc825f6cd  2010.0/i586/libxext6-static-devel-1.0.5-1.2mdv2010.0.i586.rpm 
 4925a2ab4e28ce29c6a0dc91eb002325  2010.0/SRPMS/libxext-1.0.5-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 3829d3ce2d9489b2a5e4c20438e76e27  2010.0/x86_64/lib64xext6-1.0.5-1.2mdv2010.0.x86_64.rpm
 8415205e2961c8826084c9151f2a0a1a  2010.0/x86_64/lib64xext6-devel-1.0.5-1.2mdv2010.0.x86_64.rpm
 45444c657ff3007d2275417b33a591dc  2010.0/x86_64/lib64xext6-static-devel-1.0.5-1.2mdv2010.0.x86_64.rpm 
 4925a2ab4e28ce29c6a0dc91eb002325  2010.0/SRPMS/libxext-1.0.5-1.2mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL6xO5mqjQ0CJFipgRAuKgAJ9cTATrxceCPa5RdZF4QxrY02YS9QCgzbQf
LR9v7AgXgqOfgQFxWwwW77k=
=6boW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ