<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:079 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:079
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : April 4, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of a memory corruption vulnerability in the X.Org
 and XFree86 X server could allow an attacker to execute arbitrary code
 with privileges of the X server, typically root.
 
 The vulnerability exists in the ProcXCMiscGetXIDList() function in the
 XC-MISC extension. This request is used to determine what resource IDs
 are available for use. This function contains two vulnerabilities,
 both result in memory corruption of either the stack or heap. The
 ALLOCATE_LOCAL() macro used by this function allocates memory on the
 stack using alloca() on systems where alloca() is present, or using
 the heap otherwise. The handler function takes a user provided value,
 multiplies it, and then passes it to the above macro. This results in
 both an integer overflow vulnerability, and an alloca() stack pointer
 shifting vulnerability. Both can be exploited to execute arbitrary
 code. (CVE-2007-1003)
 
 iDefense reported two integer overflows in the way X.org handled
 various font files. A malicious local user could exploit these issues
 to potentially execute arbitrary code with the privileges of the X.org
 server. (CVE-2007-1351, CVE-2007-1352)
 
 Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
 in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
 ImageMagick, allow user-assisted remote attackers to cause a denial
 of service (crash) or information leak via crafted images with large
 or negative values that trigger a buffer overflow. (CVE-2007-1667)
 
 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d96dcc000a74b02fbff0c3c0a5710767  
2007.0/i586/libx11-common-1.0.3-2.2mdv2007.0.i586.rpm
 0fbae1a4ac97941ea0f5e95e99fdf568  
2007.0/i586/libx11_6-1.0.3-2.2mdv2007.0.i586.rpm
 598252d23e15315d7213b09b1e3050ef  
2007.0/i586/libx11_6-devel-1.0.3-2.2mdv2007.0.i586.rpm
 1ffdc1a629ebded0e48cfc1ead8838b5  
2007.0/i586/libx11_6-static-devel-1.0.3-2.2mdv2007.0.i586.rpm
 a3b70e66b722738df4d50295dd1a2604  
2007.0/i586/libxfont1-1.1.0-4.2mdv2007.0.i586.rpm
 14a727bef0655ad3385305230c16b6df  
2007.0/i586/libxfont1-devel-1.1.0-4.2mdv2007.0.i586.rpm
 46a3a943ba47a91cae462289425f1777  
2007.0/i586/libxfont1-static-devel-1.1.0-4.2mdv2007.0.i586.rpm
 71733a31bfce2d014975e7be5151fe87  
2007.0/i586/x11-server-1.1.1-11.3mdv2007.0.i586.rpm
 b9650f724bcc27c9b02e4591b79a8170  
2007.0/i586/x11-server-common-1.1.1-11.3mdv2007.0.i586.rpm
 96291cb67e5effea3226d228934ca668  
2007.0/i586/x11-server-devel-1.1.1-11.3mdv2007.0.i586.rpm
 ada36533a54b6abb8d9e05edcbe85a9b  
2007.0/i586/x11-server-xati-1.1.1-11.3mdv2007.0.i586.rpm
 65b27efd9b19e654917dc507a9fcc85b  
2007.0/i586/x11-server-xchips-1.1.1-11.3mdv2007.0.i586.rpm
 08be63fced01787c67111c49a37a217b  
2007.0/i586/x11-server-xdmx-1.1.1-11.3mdv2007.0.i586.rpm
 b3808f59c82737c0a920f120e2821fda  
2007.0/i586/x11-server-xephyr-1.1.1-11.3mdv2007.0.i586.rpm
 d11c6a18afe3aed8f1a51bf765bbdf68  
2007.0/i586/x11-server-xepson-1.1.1-11.3mdv2007.0.i586.rpm
 87e8f828f97229acd5ad881894cd1e13  
2007.0/i586/x11-server-xfake-1.1.1-11.3mdv2007.0.i586.rpm
 f6ffd1174cbf64279a2feb6924f66e42  
2007.0/i586/x11-server-xfbdev-1.1.1-11.3mdv2007.0.i586.rpm
 ab872f9c530a3fcc8397b111dfb43b44  
2007.0/i586/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.i586.rpm
 fcc1678a7855a9bd889f819a29df978e  
2007.0/i586/x11-server-xi810-1.1.1-11.3mdv2007.0.i586.rpm
 3cf1b4fc5536ed5b54e8aad5b268ff2e  
2007.0/i586/x11-server-xmach64-1.1.1-11.3mdv2007.0.i586.rpm
 4ca148ffa7d5b363fd8fedfeef1cee71  
2007.0/i586/x11-server-xmga-1.1.1-11.3mdv2007.0.i586.rpm
 dbf20841fd17021879081b4a6c869f3e  
2007.0/i586/x11-server-xneomagic-1.1.1-11.3mdv2007.0.i586.rpm
 afd9701501cbe1b55cd5936456b04fc8  
2007.0/i586/x11-server-xnest-1.1.1-11.3mdv2007.0.i586.rpm
 e91bf46f57be620a10bbbeff792df61b  
2007.0/i586/x11-server-xnvidia-1.1.1-11.3mdv2007.0.i586.rpm
 a471731278537202b3c82792ad4e3368  
2007.0/i586/x11-server-xorg-1.1.1-11.3mdv2007.0.i586.rpm
 61661f612a200395a9d8a16923876ac8  
2007.0/i586/x11-server-xpm2-1.1.1-11.3mdv2007.0.i586.rpm
 c85b6311efa2b1719ab77e5eb7231160  
2007.0/i586/x11-server-xprt-1.1.1-11.3mdv2007.0.i586.rpm
 08e47b2ae0c09d5d117e583941535a06  
2007.0/i586/x11-server-xr128-1.1.1-11.3mdv2007.0.i586.rpm
 1aa8aa6927148ac3d64dc047709f5abf  
2007.0/i586/x11-server-xsdl-1.1.1-11.3mdv2007.0.i586.rpm
 674a1a4c2fb68d234153033efae15394  
2007.0/i586/x11-server-xsmi-1.1.1-11.3mdv2007.0.i586.rpm
 77e6c7649a00f81d7538593b99d0678a  
2007.0/i586/x11-server-xvesa-1.1.1-11.3mdv2007.0.i586.rpm
 bd6c55d0ad9e770d5680ae9dbd687a02  
2007.0/i586/x11-server-xvfb-1.1.1-11.3mdv2007.0.i586.rpm
 9867b8ebc08673dc8cf55a888bc0b22d  
2007.0/i586/x11-server-xvia-1.1.1-11.3mdv2007.0.i586.rpm 
 44e16d3504f636eec6f4d51a5b506d39  
2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
 c552e38dc91ffef35ca44c4b5b09d22d  
2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
 678c7993955955fe45eb7c3a3d8c51c1  
2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
 18a0b058a4b1d5150139dea9a733e024  
2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 19a970386a276dd606b11400cd672c68  
2007.0/x86_64/lib64x11_6-1.0.3-2.2mdv2007.0.x86_64.rpm
 694178b488cfb01096ade83be1aa0d4c  
2007.0/x86_64/lib64x11_6-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
 9e666c058971ae71a1644115c2dbc851  
2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
 ae890ea6d025a00b8d1397fb2a8bee2c  
2007.0/x86_64/lib64xfont1-1.1.0-4.2mdv2007.0.x86_64.rpm
 ae510dc95b877ce304c382da30ee6680  
2007.0/x86_64/lib64xfont1-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
 f4a67a4311146a73ea1ac5d2a094f511  
2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
 b4186951ec846155eef67caf20a713d0  
2007.0/x86_64/libx11-common-1.0.3-2.2mdv2007.0.x86_64.rpm
 8e4dc66ec5d759761f8d36dd28194499  
2007.0/x86_64/x11-server-1.1.1-11.3mdv2007.0.x86_64.rpm
 932015ff2760dd9d155a3d62255fe9d8  
2007.0/x86_64/x11-server-common-1.1.1-11.3mdv2007.0.x86_64.rpm
 89a0a8d5751a07d2533ba5f6afb39584  
2007.0/x86_64/x11-server-devel-1.1.1-11.3mdv2007.0.x86_64.rpm
 72fc80b4c4ecbc09a6553375dfb45598  
2007.0/x86_64/x11-server-xdmx-1.1.1-11.3mdv2007.0.x86_64.rpm
 4020ee2d1bb311b944b7cee828a9591b  
2007.0/x86_64/x11-server-xephyr-1.1.1-11.3mdv2007.0.x86_64.rpm
 ceb7ed60ceabf6beab04fb4f7d5a6b9f  
2007.0/x86_64/x11-server-xfake-1.1.1-11.3mdv2007.0.x86_64.rpm
 2e283d8183630848bd4bf3c36ec78da2  
2007.0/x86_64/x11-server-xfbdev-1.1.1-11.3mdv2007.0.x86_64.rpm
 41b186290408566c3af16ad56bff4583  
2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.x86_64.rpm
 f03f5f7b95ee81d36558cc286dbc09cf  
2007.0/x86_64/x11-server-xnest-1.1.1-11.3mdv2007.0.x86_64.rpm
 ded05b44c119989703ec335ef8d7ba77  
2007.0/x86_64/x11-server-xorg-1.1.1-11.3mdv2007.0.x86_64.rpm
 58a552e341f4ccf59906f9ff32f1e96b  
2007.0/x86_64/x11-server-xprt-1.1.1-11.3mdv2007.0.x86_64.rpm
 908d1a089250581475bf63d3bd615209  
2007.0/x86_64/x11-server-xsdl-1.1.1-11.3mdv2007.0.x86_64.rpm
 f1b54633237b6f56857f9022f9621b3a  
2007.0/x86_64/x11-server-xvfb-1.1.1-11.3mdv2007.0.x86_64.rpm 
 44e16d3504f636eec6f4d51a5b506d39  
2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
 c552e38dc91ffef35ca44c4b5b09d22d  
2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
 678c7993955955fe45eb7c3a3d8c51c1  
2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
 18a0b058a4b1d5150139dea9a733e024  
2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

 Corporate 3.0:
 918c04c922a1613680cbbe9487e96c1f  
corporate/3.0/i586/X11R6-contrib-4.3-32.13.C30mdk.i586.rpm
 89f73d5c80e4c5ff474b115d825b5c09  
corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.13.C30mdk.i586.rpm
 4a350003e29da90f9e20cfc490630e44  
corporate/3.0/i586/XFree86-4.3-32.13.C30mdk.i586.rpm
 c1337f1ed5267d530dbf665f50619145  
corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.13.C30mdk.i586.rpm
 38c323d2e089e7f1cac411c6156a5025  
corporate/3.0/i586/XFree86-Xnest-4.3-32.13.C30mdk.i586.rpm
 9b18d33108c7d5aafb3e2d689045e91a  
corporate/3.0/i586/XFree86-Xvfb-4.3-32.13.C30mdk.i586.rpm
 7fc5ac98bb77dc5ed11b52a17ca1ab18  
corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.i586.rpm
 be5ab8321d77e24e57553c9e537082e6  
corporate/3.0/i586/XFree86-doc-4.3-32.13.C30mdk.i586.rpm
 19353085c52e811da6d5cc9f173abb4a  
corporate/3.0/i586/XFree86-glide-module-4.3-32.13.C30mdk.i586.rpm
 3373a7e9398a1788ab4bea0f12a9dce2  
corporate/3.0/i586/XFree86-server-4.3-32.13.C30mdk.i586.rpm
 f78239e305badabba3d638b361473436  
corporate/3.0/i586/XFree86-xfs-4.3-32.13.C30mdk.i586.rpm
 69b594d3b0438be4c25c36abb37e5159  
corporate/3.0/i586/libxfree86-4.3-32.13.C30mdk.i586.rpm
 9d1c0eb89083a9f62c14d29126a0ce06  
corporate/3.0/i586/libxfree86-devel-4.3-32.13.C30mdk.i586.rpm
 c67bddf7736902533773979e627b8761  
corporate/3.0/i586/libxfree86-static-devel-4.3-32.13.C30mdk.i586.rpm 
 5f194d3c82ab8f214c16f33bd4952107  
corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2bd23a1148e5b379ff0305d9f96032f0  
corporate/3.0/x86_64/X11R6-contrib-4.3-32.13.C30mdk.x86_64.rpm
 dc08cee63f5dcbed1b036c3708a657a1  
corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
 171a7012e64618b79dc8880180093f76  
corporate/3.0/x86_64/XFree86-4.3-32.13.C30mdk.x86_64.rpm
 de12bcbf7f7ebdec9becb1c051162ecf  
corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
 7f208dc7263f1558cf3f10e04e1ed5c9  
corporate/3.0/x86_64/XFree86-Xnest-4.3-32.13.C30mdk.x86_64.rpm
 c24a2d0fa210741e5aade751bd8a61df  
corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.13.C30mdk.x86_64.rpm
 a89a370a0185521e83c37b8daf60fdd0  
corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.x86_64.rpm
 840dbd21393e5611d162ccf755792d4f  
corporate/3.0/x86_64/XFree86-doc-4.3-32.13.C30mdk.x86_64.rpm
 b9595f9ffe3bc8a1d16522b6a47d5598  
corporate/3.0/x86_64/XFree86-server-4.3-32.13.C30mdk.x86_64.rpm
 63479edcdcbe976b96582c481b986f5e  
corporate/3.0/x86_64/XFree86-xfs-4.3-32.13.C30mdk.x86_64.rpm
 525e0d97ff88d1905502d405f90d4085  
corporate/3.0/x86_64/lib64xfree86-4.3-32.13.C30mdk.x86_64.rpm
 66f6f35a1c45d88672bbc2b2ea9c8f2d  
corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.13.C30mdk.x86_64.rpm
 2717e4c7875f4de5e880ad95b595fecd  
corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.13.C30mdk.x86_64.rpm 
 5f194d3c82ab8f214c16f33bd4952107  
corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

 Corporate 4.0:
 e63a99edfa23138af23caa7c9c980d54  
corporate/4.0/i586/X11R6-contrib-6.9.0-5.15.20060mlcs4.i586.rpm
 9fa37dcac91bc52853239a3b86acbfa8  
corporate/4.0/i586/libxorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
 b34ee5541e4d8e7f37dcde66a75c6cfb  
corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.15.20060mlcs4.i586.rpm
 71d076aff757c1778782065b3e7de161  
corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.15.20060mlcs4.i586.rpm
 59b2613a3f02781d966b76751a4f432c  
corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 111813e2cbdeef71c025de2235199e90  
corporate/4.0/i586/xorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
 44b0a56d98313c72b05bfc4b28ff024b  
corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 08026da35859225b367ab26e813d57d7  
corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.i586.rpm
 46f848204211932f59a8ecaf02a3894e  
corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.i586.rpm
 eb232b39a68609ffb5adc5f472dc5d1d  
corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.i586.rpm
 055b63beae6e771a6b948049fed128cf  
corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.i586.rpm
 b2438635efdf6ed16508580cc901ecb5  
corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 91ac90d71030f3bfe0fdb9ddaf2ad816  
corporate/4.0/i586/xorg-x11-doc-6.9.0-5.15.20060mlcs4.i586.rpm
 bf50b7e3fa360f3fd1aa61444526b9b8  
corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.i586.rpm
 372cfc8231f2f2d31760f165ee80d4e6  
corporate/4.0/i586/xorg-x11-server-6.9.0-5.15.20060mlcs4.i586.rpm
 7a73f4094d5ea7c3020a3b78ea9c9c98  
corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.i586.rpm
 61bd1d2dae41148425196597d28460af  
corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.i586.rpm 
 1e8a87194b755917783b1a6856a684a3  
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 32ff784cd7c2401ee6bb9cd2b814159b  
corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.15.20060mlcs4.x86_64.rpm
 d2575d1962896839c66e5a6d4f0d243b  
corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
 49455f9280c0f2e45cbfe40957644a06  
corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
 f57c87d13d3411731b28ac002873887f  
corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
 cec0f84d92610fe7319678d52f85d69d  
corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 bbccb6cf65819363d944b72ea5dc0f94  
corporate/4.0/x86_64/xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
 6aef383c3f44fc6b66fc3175084b87fc  
corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 c036dce014adc7e5a74a181cf9fabdaf  
corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.x86_64.rpm
 59d992851f3d52838a9515f9449905d5  
corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.x86_64.rpm
 11867453dc758141fb38c33e3812e8e1  
corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.x86_64.rpm
 a248cd02f7d7864c779491c6a9e696e1  
corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.x86_64.rpm
 6bec3e71d6c044a563bca2733260adb9  
corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 d2f5b5cebcecefdce3cc1bfb550bf481  
corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.15.20060mlcs4.x86_64.rpm
 780c01a55862d4b9ac03286ac787b725  
corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.x86_64.rpm
 3ad687a6bb67d02ed23cb6d57ca0ea85  
corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.15.20060mlcs4.x86_64.rpm
 3f02a8bf7e6e94b4696baa3998712dae  
corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.x86_64.rpm
 5df334cae18035961430532b7fa6a71f  
corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.x86_64.rpm 
 1e8a87194b755917783b1a6856a684a3  
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGFAoYmqjQ0CJFipgRAvkHAJwJVFe0mT1yBHKjcTWYIRiSz7YoZQCdF6wt
/Czi8NSscvNCkThUftxcIJY=
=eRgy
-----END PGP SIGNATURE-----