[ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xorg-x11
Date : December 14, 2006
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).
Local exploitation of an integer overflow vulnerability in the
'scan_cidfont()' function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3740).
Updated packages are patched to address this issue.
Update:
Updated packages for Corporate Server 4.0 have been patched
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
3658ca4cd8a4c6e9821c418a5ce7b4b3
corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
c98057d36ee6db65dd49bb540f2dfdb5
corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
296d32cb0bb9a4361e5288cd0c136410
corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
569c78c8b3842c72cfe361fb89d1989d
corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
438e53654ce1c11d5e28cce7d8316c34
corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
6cd2047a430d3e10f68062e9e2ed7bc3
corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
61d98fd62be172adc372ef7f10e8d0f0
corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
c46a82d37cb2377f9d232ee10fb837b4
corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
e5be10030bae448b24998d65a2be9f6c
corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
9122ac82818d37d54e096d128866c64f
corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
1bfaa8464fefa7515a9abc6a4ff1da01
corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
4c274b747483a610e16677f019c150f6
corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
6d1fe79343156bbd680b3d60941380b3
corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
c7bdfd3abc0b711abe72e32ffa0b8e76
corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
a62d0994768a936bbdef00a42a40e114
corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
7e586568c538c87728f51cdee94ba050
corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
a4a6aabeae772da093d771695d350dc0
corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
eb0860600fe024f88c015f77976d61c4
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
95d2a9ad359eb51d2c8743a8f2d8cc21
corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
91629018178a74304f232c38b29ea831
corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
93465357b9ff908de20c7448d501c1fa
corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
4fe4964642e28e972c34c759d1e726d1
corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
461967ff7add4e31702460db4ee6e602
corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
6f5fbabba03318860472c0ce5c0a65e4
corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
444fc50e3d9cccf09601026c7487d78e
corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
20da8a1239bc532d7c45d32931360d7b
corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
40af6535454c3ea73dc4f6473b9f24c0
corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
2c7d093af7530397c8b935409080c25c
corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
51b4f1d2ef0118a2ed84b430bc89242e
corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
66721b5e94867256724faf443ae1e8a3
corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
8e37a1b93e5ae3850d1259eea8aa3de3
corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
d705258a79d0cb500560de0f3babe596
corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
325bfc125311d543b8808133345afb00
corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
ae37ee6f2b895664bfddb06798180907
corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
897a5a32aa8e71cd3b644bc75e33f98a
corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm
eb0860600fe024f88c015f77976d61c4
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj
8tuWJMZfMYQMzHlWuRM/BF0=
=xvrZ
-----END PGP SIGNATURE-----