<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:079-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : April 11, 2007
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of a memory corruption vulnerability in the X.Org
 and XFree86 X server could allow an attacker to execute arbitrary
 code with privileges of the X server, typically root.
 
 The vulnerability exists in the ProcXCMiscGetXIDList() function in the
 XC-MISC extension. This request is used to determine what resource IDs
 are available for use. This function contains two vulnerabilities,
 both result in memory corruption of either the stack or heap. The
 ALLOCATE_LOCAL() macro used by this function allocates memory on the
 stack using alloca() on systems where alloca() is present, or using
 the heap otherwise. The handler function takes a user provided value,
 multiplies it, and then passes it to the above macro. This results in
 both an integer overflow vulnerability, and an alloca() stack pointer
 shifting vulnerability. Both can be exploited to execute arbitrary
 code. (CVE-2007-1003)
 
 iDefense reported two integer overflows in the way X.org handled
 various font files. A malicious local user could exploit these issues
 to potentially execute arbitrary code with the privileges of the
 X.org server. (CVE-2007-1351, CVE-2007-1352)
 
 Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
 in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
 ImageMagick, allow user-assisted remote attackers to cause a denial
 of service (crash) or information leak via crafted images with large
 or negative values that trigger a buffer overflow. (CVE-2007-1667)
 
 Updated packages are patched to address these issues.

 Update:

 Packages for Mandriva Linux 2007.1 are now available.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 094834b9cec06d41814fcfbb4826a1b4  
2007.1/i586/libx11-common-1.1.1-2.1mdv2007.1.i586.rpm
 60ba6ee2def612bab83b056aa9143c28  
2007.1/i586/libx11_6-1.1.1-2.1mdv2007.1.i586.rpm
 83832a8b9a359f0199bf0b58024bcc93  
2007.1/i586/libx11_6-devel-1.1.1-2.1mdv2007.1.i586.rpm
 e7f0426150c15b701dca49a131d4f911  
2007.1/i586/libx11_6-static-devel-1.1.1-2.1mdv2007.1.i586.rpm
 4d737b55208b15a17076ea417fef6e83  
2007.1/i586/libxfont1-1.2.7-1.1mdv2007.1.i586.rpm
 28b347acb8851ef8cdc9b8b61ffb669b  
2007.1/i586/libxfont1-devel-1.2.7-1.1mdv2007.1.i586.rpm
 aa2e50b1ee6967c2ed3bb8c6dc64c84b  
2007.1/i586/libxfont1-static-devel-1.2.7-1.1mdv2007.1.i586.rpm
 530b51e76f6b9a0df342719a8b9ddb99  
2007.1/i586/x11-server-1.2.0-8.1mdv2007.1.i586.rpm
 9d717cb5fab234a4c76a4a0811bf4638  
2007.1/i586/x11-server-common-1.2.0-8.1mdv2007.1.i586.rpm
 5a47c5a19827c3e820b02c2db7796659  
2007.1/i586/x11-server-devel-1.2.0-8.1mdv2007.1.i586.rpm
 76a33d69862b1c457a2cec21a37b51d8  
2007.1/i586/x11-server-xati-1.2.0-8.1mdv2007.1.i586.rpm
 880f19417b5379635ddb6c5f2e612971  
2007.1/i586/x11-server-xchips-1.2.0-8.1mdv2007.1.i586.rpm
 dc8db2e2fa639a5e5590a9301590e58a  
2007.1/i586/x11-server-xdmx-1.2.0-8.1mdv2007.1.i586.rpm
 b71ce20ae5de448b2e54d6458df98526  
2007.1/i586/x11-server-xephyr-1.2.0-8.1mdv2007.1.i586.rpm
 fed1ade3cb4ca74c6362837618a5452c  
2007.1/i586/x11-server-xepson-1.2.0-8.1mdv2007.1.i586.rpm
 9e3f8d012b49126ee4b217dd24521f29  
2007.1/i586/x11-server-xfake-1.2.0-8.1mdv2007.1.i586.rpm
 15adb208aac159c1575a3ddd77ffbaee  
2007.1/i586/x11-server-xfbdev-1.2.0-8.1mdv2007.1.i586.rpm
 37b8f6fdbfca1dc9192758dabd9b5adc  
2007.1/i586/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.i586.rpm
 f8a04c4056025562b4e280a09c5c8577  
2007.1/i586/x11-server-xi810-1.2.0-8.1mdv2007.1.i586.rpm
 ce53fc038ab1f432b216d4057e53057d  
2007.1/i586/x11-server-xmach64-1.2.0-8.1mdv2007.1.i586.rpm
 a6fe363ba43b509661709a3c9245ba8c  
2007.1/i586/x11-server-xmga-1.2.0-8.1mdv2007.1.i586.rpm
 d95d4a1b0b7e9bdee00f7cf90e934a39  
2007.1/i586/x11-server-xneomagic-1.2.0-8.1mdv2007.1.i586.rpm
 7718f0eabcc0b212012ffb0e5c8e6a26  
2007.1/i586/x11-server-xnest-1.2.0-8.1mdv2007.1.i586.rpm
 5c06fbc05c7ea8abfdb4ecdeb2ce2d75  
2007.1/i586/x11-server-xnvidia-1.2.0-8.1mdv2007.1.i586.rpm
 aa416e9d9cc207be2c801c4570d43015  
2007.1/i586/x11-server-xorg-1.2.0-8.1mdv2007.1.i586.rpm
 9076d8da47cfa869a84896cd26722ecc  
2007.1/i586/x11-server-xpm2-1.2.0-8.1mdv2007.1.i586.rpm
 b6c9e9c76bfb9ad237fff6b4c2ce2e04  
2007.1/i586/x11-server-xprt-1.2.0-8.1mdv2007.1.i586.rpm
 dcaf5905ffdd594ac3b97aa1b94baae6  
2007.1/i586/x11-server-xr128-1.2.0-8.1mdv2007.1.i586.rpm
 770630c3643c095ba99d8fbd838bf148  
2007.1/i586/x11-server-xsdl-1.2.0-8.1mdv2007.1.i586.rpm
 57c93b2b5f8e289063dc5bd678a15e17  
2007.1/i586/x11-server-xsmi-1.2.0-8.1mdv2007.1.i586.rpm
 8e26db22cbba03a68962ecaa7f0f40d0  
2007.1/i586/x11-server-xvesa-1.2.0-8.1mdv2007.1.i586.rpm
 caa3a31e61065af8dd25b8f115657910  
2007.1/i586/x11-server-xvfb-1.2.0-8.1mdv2007.1.i586.rpm
 f5baee2c239e4b9d5f5c1e0d0ae64ddd  
2007.1/i586/x11-server-xvia-1.2.0-8.1mdv2007.1.i586.rpm
 1be993d23f79ba6356b7dfcb0dd36b44  
2007.1/i586/x11-server-xvnc-1.2.0-8.1mdv2007.1.i586.rpm 
 aeba38426c094f892a8db7c56ed8c301  
2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  
2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  
2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  
2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 a8e9b831949d99880f61e496fcda81fa  
2007.1/x86_64/lib64x11_6-1.1.1-2.1mdv2007.1.x86_64.rpm
 8a2cdcf52cb086a7ec479585f4615aff  
2007.1/x86_64/lib64x11_6-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 9a3f679f360cf576598f3bd2058b441c  
2007.1/x86_64/lib64x11_6-static-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 38588291d4baf93d53f2cacfc91470fc  
2007.1/x86_64/lib64xfont1-1.2.7-1.1mdv2007.1.x86_64.rpm
 08a34ff0e3a6a6c25beaef8b5f4d6dbf  
2007.1/x86_64/lib64xfont1-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 0709d442ee2fdc7134abb5d1a71afab1  
2007.1/x86_64/lib64xfont1-static-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 ee41dd9b5381466727456905d4c2b29a  
2007.1/x86_64/libx11-common-1.1.1-2.1mdv2007.1.x86_64.rpm
 99fdfc64834e47ed1efc35796f1da887  
2007.1/x86_64/x11-server-1.2.0-8.1mdv2007.1.x86_64.rpm
 47570e6070fc356fe3213d5787990a1c  
2007.1/x86_64/x11-server-common-1.2.0-8.1mdv2007.1.x86_64.rpm
 deb1c9a780b5789f71c7b3bc23c24f2c  
2007.1/x86_64/x11-server-devel-1.2.0-8.1mdv2007.1.x86_64.rpm
 21d5e1148cc503e47a135fad2cf10257  
2007.1/x86_64/x11-server-xdmx-1.2.0-8.1mdv2007.1.x86_64.rpm
 500a8bb735d0cdda28044f85d436ea64  
2007.1/x86_64/x11-server-xephyr-1.2.0-8.1mdv2007.1.x86_64.rpm
 b7a993ad6689524f5328861f1415af4a  
2007.1/x86_64/x11-server-xfake-1.2.0-8.1mdv2007.1.x86_64.rpm
 bbcf31887871cb70d78b6c8c45bd236a  
2007.1/x86_64/x11-server-xfbdev-1.2.0-8.1mdv2007.1.x86_64.rpm
 03627273fc38f69659e62dff615e8dee  
2007.1/x86_64/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.x86_64.rpm
 f393ec9760d243e1171a7ad38d0ed70d  
2007.1/x86_64/x11-server-xnest-1.2.0-8.1mdv2007.1.x86_64.rpm
 95aeec7bb4cf44b44ae9c7ae8f020c6f  
2007.1/x86_64/x11-server-xorg-1.2.0-8.1mdv2007.1.x86_64.rpm
 00e692ed014b06e59922e12d8de52e16  
2007.1/x86_64/x11-server-xprt-1.2.0-8.1mdv2007.1.x86_64.rpm
 c0d22ee28f8e7fd394cf6e9cdcd7a876  
2007.1/x86_64/x11-server-xsdl-1.2.0-8.1mdv2007.1.x86_64.rpm
 d6f33606ca00eb807db566dab93830f5  
2007.1/x86_64/x11-server-xvfb-1.2.0-8.1mdv2007.1.x86_64.rpm
 e35758ceb44dddd8e368d0535ad03c49  
2007.1/x86_64/x11-server-xvnc-1.2.0-8.1mdv2007.1.x86_64.rpm 
 aeba38426c094f892a8db7c56ed8c301  
2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  
2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  
2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  
2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGHQammqjQ0CJFipgRAqaQAKCdjtSCGHIqRkCEZDq51Ybn/Tn6gwCg9H8G
JjBWGCkfa5AOJa5EdSZ4h0Y=
=Xwtx
-----END PGP SIGNATURE-----