[ MDKSA-2006:160 ] - Updated xorg-x11/XFree86 packages fix potential vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2006:160 ] - Updated xorg-x11/XFree86 packages fix potential vulnerabilities
From: security@xxxxxxxxxxxx
Date: Thu, 31 Aug 2006 18:46:33 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:160
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : August 31, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload,
 xtrans, and xterm, does not check the return values for setuid and
 seteuid calls when attempting to drop privileges, which might allow
 local users to gain privileges by causing those calls to fail, such as
 by exceeding a ulimit.
 
 In practice, it is unlikely that these programs have any real-world 
 vulnerability. The X binary is the only one shipped suid. Further
 analysis of the code in question shows that it's highly unlikely that
 this can be exploited. Patched updates are provided as a precaution
 nonetheless.
 
 Updated packages are patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 dcb20582a5065744de4726c9f766ae39  
2006.0/RPMS/libxorg-x11-6.9.0-5.9.20060mdk.i586.rpm
 bcd556a24ed3414007cd2c735725d811  
2006.0/RPMS/libxorg-x11-devel-6.9.0-5.9.20060mdk.i586.rpm
 fdd48d3aabf17504715b0ac77c518ef1  
2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.9.20060mdk.i586.rpm
 d31780e9e640e1c2e52907c61c7741d6  
2006.0/RPMS/X11R6-contrib-6.9.0-5.9.20060mdk.i586.rpm
 58b0659c5e161f4eac7c6c3d57b9a5a4  
2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.9.20060mdk.i586.rpm
 ce4099426bf78152f8cce916d991bf31  
2006.0/RPMS/xorg-x11-6.9.0-5.9.20060mdk.i586.rpm
 c5c5d881ec4fa25712c04bf858cafdae  
2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.9.20060mdk.i586.rpm
 47eebf4341d36377595d275d494884ce  
2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.9.20060mdk.i586.rpm
 d8c47f18ededd363aa7999ac9c74e525  
2006.0/RPMS/xorg-x11-doc-6.9.0-5.9.20060mdk.i586.rpm
 df35175ad9cfdaa619fc855e2a305872  
2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.9.20060mdk.i586.rpm
 782083d15ac2cf99b72e8884b1ad9f69  
2006.0/RPMS/xorg-x11-server-6.9.0-5.9.20060mdk.i586.rpm
 7dce0242f2493bda5e566079eeb26ddb  
2006.0/RPMS/xorg-x11-xauth-6.9.0-5.9.20060mdk.i586.rpm
 788887873c6781f4d04d4c22f15584f2  
2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.9.20060mdk.i586.rpm
 ec74ddd837416045280a14fea9bc1ee5  
2006.0/RPMS/xorg-x11-xfs-6.9.0-5.9.20060mdk.i586.rpm
 51f267b6f8eb58c1df9a3f91c3b31b99  
2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.9.20060mdk.i586.rpm
 42d8a58fd96c62f4a5c01fcefc2c1875  
2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.9.20060mdk.i586.rpm
 2d0f23a6896a459cdb1da2f1898ec81a  
2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.9.20060mdk.i586.rpm
 47cc5a6fd1eecb2679b5a623b9ddfe64  
2006.0/SRPMS/xorg-x11-6.9.0-5.9.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 ee089c7507299169663a4bccfe4be6c7  
x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.9.20060mdk.x86_64.rpm
 2e7fd06ccb6313acca657a3e68c3ce35  
x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.9.20060mdk.x86_64.rpm
 3c873467b4813cf3d500860501f2f45a  
x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.9.20060mdk.x86_64.rpm
 796e0bfbd979cef4675492ed4dcfa0bc  
x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.9.20060mdk.x86_64.rpm
 ce13145b02fc3c8f69e718e91d2db266  
x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.9.20060mdk.x86_64.rpm
 cfc9452bf907155f60ed8b6815f790ac  
x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.9.20060mdk.x86_64.rpm
 f847dce08140455962c2797bdcfe94f2  
x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.9.20060mdk.x86_64.rpm
 5a1ce6b27ecc1bd8a02ade0bf5e8742d  
x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.9.20060mdk.x86_64.rpm
 a96fa59b6ee367d006b83e8f1108f65e  
x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.9.20060mdk.x86_64.rpm
 b84fd79cc72a3f66840ec0549f379723  
x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.9.20060mdk.x86_64.rpm
 8f22f5468a07abbc3bf60f93a85997a1  
x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.9.20060mdk.x86_64.rpm
 f7c04028cf16bf87b6a91e5099c202f7  
x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.9.20060mdk.x86_64.rpm
 b34e978f93bb8b219d83267abac98674  
x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.9.20060mdk.x86_64.rpm
 fed4590b44f0b59fe78b41fefedc1891  
x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.9.20060mdk.x86_64.rpm
 25d83c3b26e0a429ea9a0dca889af6f0  
x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.9.20060mdk.x86_64.rpm
 a466543fca0e43341d993d70f458f2ee  
x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.9.20060mdk.x86_64.rpm
 8b63d5f0768bda693408d25d1b121e46  
x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.9.20060mdk.x86_64.rpm
 47cc5a6fd1eecb2679b5a623b9ddfe64  
x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.9.20060mdk.src.rpm

 Corporate 3.0:
 a9450f3155f8823499fe957c2dd5482a  
corporate/3.0/RPMS/libxfree86-4.3-32.7.C30mdk.i586.rpm
 dfa43f7a45a823527c0009f501c85041  
corporate/3.0/RPMS/libxfree86-devel-4.3-32.7.C30mdk.i586.rpm
 8679c26c2afc856d6b015ac1f732c999  
corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.7.C30mdk.i586.rpm
 f28232feaf28bc7ad8f8ef8347dbb6a9  
corporate/3.0/RPMS/X11R6-contrib-4.3-32.7.C30mdk.i586.rpm
 f3c7a17ff728d8b47747e53ac757f444  
corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.7.C30mdk.i586.rpm
 50ca357364f011b414b4f66630e674b7  
corporate/3.0/RPMS/XFree86-4.3-32.7.C30mdk.i586.rpm
 df154521f2fbe721b93b6d1ad3a3eb9b  
corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.7.C30mdk.i586.rpm
 dd806dd6b8ab801a44df03c1d9d6f66f  
corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.7.C30mdk.i586.rpm
 281882ee8ec4f6798e3fec2c075b0d8e  
corporate/3.0/RPMS/XFree86-doc-4.3-32.7.C30mdk.i586.rpm
 d4d1a7c34ce535915fdfc31ee2fe1f7f  
corporate/3.0/RPMS/XFree86-glide-module-4.3-32.7.C30mdk.i586.rpm
 75994a655bfe6e08b979a68972f6e51c  
corporate/3.0/RPMS/XFree86-server-4.3-32.7.C30mdk.i586.rpm
 f1057204fca95decacdfe85a6b8c5906  
corporate/3.0/RPMS/XFree86-xfs-4.3-32.7.C30mdk.i586.rpm
 c71dfaa88405aecc32fcabe47e1c53af  
corporate/3.0/RPMS/XFree86-Xnest-4.3-32.7.C30mdk.i586.rpm
 9cbc4bf866de30681b7fb0cb4614a06d  
corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.7.C30mdk.i586.rpm
 c753f021aa04063be981ad656072b615  
corporate/3.0/SRPMS/XFree86-4.3-32.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 48112a9314130b94a6c94c0543ea13de  
x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.7.C30mdk.x86_64.rpm
 8dd0ede32cdbb8edf8a5485052a0a6f1  
x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.7.C30mdk.x86_64.rpm
 4f87c1f85b61d34ec778b57f33113598  
x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.7.C30mdk.x86_64.rpm
 ea4b88d183e635016c2c0dc1e32618b5  
x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.7.C30mdk.x86_64.rpm
 a88f094df62055d0f507de22931cd076  
x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.7.C30mdk.x86_64.rpm
 43ff4255335fd98864614d57ee6abfd5  
x86_64/corporate/3.0/RPMS/XFree86-4.3-32.7.C30mdk.x86_64.rpm
 1517b72ee57688326bde5b7041b0312f  
x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.7.C30mdk.x86_64.rpm
 9fcee06cbffe64bcca20c94d295b02d8  
x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.7.C30mdk.x86_64.rpm
 f1712867f17668e3de3664c16284cde6  
x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.7.C30mdk.x86_64.rpm
 17cf639b7aa1fcd153b6f7c85c77b401  
x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.7.C30mdk.x86_64.rpm
 b7377bcb482b977684e60c5cb473d513  
x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.7.C30mdk.x86_64.rpm
 67491c7d711c1abcfd746c1f4d4c99b1  
x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.7.C30mdk.x86_64.rpm
 d66e63dce8c577ea71eaa44f638f2a5e  
x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.7.C30mdk.x86_64.rpm
 c753f021aa04063be981ad656072b615  
x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE94KKmqjQ0CJFipgRAjWlAJ90wkuVwFfPJr2MdfM1BSOHSqlFhQCff2oJ
LdQn4lchf+Ynv55mVbw/e2U=
=IYdj
-----END PGP SIGNATURE-----

Prev by Date: [ MDKSA-2006:159 ] - Updated sudo packages whitelist environments
Next by Date: [Informix] Is Telelogic's Synergy integrated Informix server also vulnerable?
Previous by thread: [ MDKSA-2006:159 ] - Updated sudo packages whitelist environments
Next by thread: [Informix] Is Telelogic's Synergy integrated Informix server also vulnerable?
Index(es):
- Date
- Thread