[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:023
http://www.mandriva.com/security/
_______________________________________________________________________
Package : x11-server
Date : January 23, 2008
Affected: 2007.0, 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause
a denial of service (crash), or potentially execute arbitrary code
with root privileges on the X.org server (CVE-2007-5760).
A flaw was found in the X.org server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).
A memory corruption flaw was found in the X.org server's XInput
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-6427).
An information disclosure flaw was found in the X.org server's TOG-CUP
extension that could allow a malicious authorized client to cause
a denial of service (crash) or potentially view arbitrary memory
content within the X.org server's address space (CVE-2007-6428).
Two integer overflow flaws were found in the X.org server's EVI and
MIT-SHM modules that could allow a malicious authorized client to
cause a denial of service (crash) or potentially execute arbitrary
code with the privileges of the X.org server (CVE-2007-6429).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
536b2b843db365fa759ebcce5aadf8fa
2007.0/i586/x11-server-1.1.1-12.3mdv2007.0.i586.rpm
4e5e7b280242217f8168f9b47ff8781a
2007.0/i586/x11-server-common-1.1.1-12.3mdv2007.0.i586.rpm
cb1487dd1eceb45aa03b9a0aa77a293c
2007.0/i586/x11-server-devel-1.1.1-12.3mdv2007.0.i586.rpm
2c319a8ae154d1645656dd4a7f1fe239
2007.0/i586/x11-server-xati-1.1.1-12.3mdv2007.0.i586.rpm
079f895ff1d5e2f48aaa556bd7a59519
2007.0/i586/x11-server-xchips-1.1.1-12.3mdv2007.0.i586.rpm
54e005629b2f4b56f2b01dc5a6769b45
2007.0/i586/x11-server-xdmx-1.1.1-12.3mdv2007.0.i586.rpm
582b3f8eaabc14a13c652c9541db5a3a
2007.0/i586/x11-server-xephyr-1.1.1-12.3mdv2007.0.i586.rpm
382083d039b8fb981fdef2d3f2952e5d
2007.0/i586/x11-server-xepson-1.1.1-12.3mdv2007.0.i586.rpm
2cd603401aa8507c79a45a377a5dc5a5
2007.0/i586/x11-server-xfake-1.1.1-12.3mdv2007.0.i586.rpm
4dd7e8fb8b15ac5ae913a770e3dc0edd
2007.0/i586/x11-server-xfbdev-1.1.1-12.3mdv2007.0.i586.rpm
f233d76be20f906e0447a13142e92bda
2007.0/i586/x11-server-xi810-1.1.1-12.3mdv2007.0.i586.rpm
6d54b4cdb68a27648ea045ecaa7e2e93
2007.0/i586/x11-server-xmach64-1.1.1-12.3mdv2007.0.i586.rpm
a205af74dace2a90e0bf7ab595cae4a5
2007.0/i586/x11-server-xmga-1.1.1-12.3mdv2007.0.i586.rpm
99ed4f80e419c9eced26083d27b04dcb
2007.0/i586/x11-server-xneomagic-1.1.1-12.3mdv2007.0.i586.rpm
8cc833f4c1ea7853f4269182ee8c8662
2007.0/i586/x11-server-xnest-1.1.1-12.3mdv2007.0.i586.rpm
0cec70b4e20ffc9ef6da1b277b00a4dc
2007.0/i586/x11-server-xnvidia-1.1.1-12.3mdv2007.0.i586.rpm
a0a7a471c0223fe3a961f602b36b5c3c
2007.0/i586/x11-server-xorg-1.1.1-12.3mdv2007.0.i586.rpm
5d1784f3afcb6f056da1524191d79e7d
2007.0/i586/x11-server-xpm2-1.1.1-12.3mdv2007.0.i586.rpm
ef2a81299e26c3da215f6d1150da75ef
2007.0/i586/x11-server-xprt-1.1.1-12.3mdv2007.0.i586.rpm
8ffbdfbd4fd6d98d88956fbbd1b4547d
2007.0/i586/x11-server-xr128-1.1.1-12.3mdv2007.0.i586.rpm
b847cccad2ee87d6a81e73a450d4be1e
2007.0/i586/x11-server-xsdl-1.1.1-12.3mdv2007.0.i586.rpm
820cb3af32609084de5af13dae86658a
2007.0/i586/x11-server-xsmi-1.1.1-12.3mdv2007.0.i586.rpm
7386f22db489688076d2a683a2275b16
2007.0/i586/x11-server-xvesa-1.1.1-12.3mdv2007.0.i586.rpm
1be8682ca9f2b5ea024e851015779a6f
2007.0/i586/x11-server-xvfb-1.1.1-12.3mdv2007.0.i586.rpm
4078f13ac77324a07439f964d86c5878
2007.0/i586/x11-server-xvia-1.1.1-12.3mdv2007.0.i586.rpm
0cb8cf686f9af1d660e2bdb52e291c59
2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
bf838b3ef7c3e8e8684c51511a705de3
2007.0/x86_64/x11-server-1.1.1-12.3mdv2007.0.x86_64.rpm
969a80b0fd6e55fec6548392bcebb9c6
2007.0/x86_64/x11-server-common-1.1.1-12.3mdv2007.0.x86_64.rpm
c629fdc6b3437d105296245b5f2b714d
2007.0/x86_64/x11-server-devel-1.1.1-12.3mdv2007.0.x86_64.rpm
4656a0128755192b4dd385a61d47c79f
2007.0/x86_64/x11-server-xdmx-1.1.1-12.3mdv2007.0.x86_64.rpm
95074952395ca22438f36095fd1b8b89
2007.0/x86_64/x11-server-xephyr-1.1.1-12.3mdv2007.0.x86_64.rpm
beeff525e9266eb9868c8d8678c73c15
2007.0/x86_64/x11-server-xfake-1.1.1-12.3mdv2007.0.x86_64.rpm
1de55a43f5ddbee1915da4f4168081e6
2007.0/x86_64/x11-server-xfbdev-1.1.1-12.3mdv2007.0.x86_64.rpm
e641780613f609debbb6bf8a3ccffb70
2007.0/x86_64/x11-server-xnest-1.1.1-12.3mdv2007.0.x86_64.rpm
b5e65fb9bd6e8269be240b81a341bd05
2007.0/x86_64/x11-server-xorg-1.1.1-12.3mdv2007.0.x86_64.rpm
83a7254129bd392490b51ce15262a3cc
2007.0/x86_64/x11-server-xprt-1.1.1-12.3mdv2007.0.x86_64.rpm
8195afdcaf12dafe279a3d2c59494e97
2007.0/x86_64/x11-server-xsdl-1.1.1-12.3mdv2007.0.x86_64.rpm
4cfe6e309d62fc1b11b335f8b14b4eb0
2007.0/x86_64/x11-server-xvfb-1.1.1-12.3mdv2007.0.x86_64.rpm
0cb8cf686f9af1d660e2bdb52e291c59
2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
388798b1f4934014ca661b52fe310ade
2007.1/i586/x11-server-1.2.0-9.4mdv2007.1.i586.rpm
742089c79152ca05d0add15baf0bd4ce
2007.1/i586/x11-server-common-1.2.0-9.4mdv2007.1.i586.rpm
030b01b3659ea01bcbf5d58507fc09f9
2007.1/i586/x11-server-devel-1.2.0-9.4mdv2007.1.i586.rpm
5ef1cabb18c59f2d281e7a79ac9c0619
2007.1/i586/x11-server-xati-1.2.0-9.4mdv2007.1.i586.rpm
84d47834f8b17a2bca2661a5087a33e5
2007.1/i586/x11-server-xchips-1.2.0-9.4mdv2007.1.i586.rpm
67bc7dfb36270216a4474a0561413d3a
2007.1/i586/x11-server-xdmx-1.2.0-9.4mdv2007.1.i586.rpm
07106f417292958e4d4ceac1018420f8
2007.1/i586/x11-server-xephyr-1.2.0-9.4mdv2007.1.i586.rpm
92d8e3079ba6623cc56313b7906b6753
2007.1/i586/x11-server-xepson-1.2.0-9.4mdv2007.1.i586.rpm
7ee3cc8a79ee42173d28fd44646ccebc
2007.1/i586/x11-server-xfake-1.2.0-9.4mdv2007.1.i586.rpm
fbca430287fbed560ff2c7cc6d5ae5ae
2007.1/i586/x11-server-xfbdev-1.2.0-9.4mdv2007.1.i586.rpm
6ae5978e60c72991d391343911c01bc7
2007.1/i586/x11-server-xi810-1.2.0-9.4mdv2007.1.i586.rpm
7f03196a6983963b615be5005de8be75
2007.1/i586/x11-server-xmach64-1.2.0-9.4mdv2007.1.i586.rpm
afb7b10e37050dea9dd04c6c3363d99b
2007.1/i586/x11-server-xmga-1.2.0-9.4mdv2007.1.i586.rpm
e1b2a16bc25be90bd60cd73dacdcb22c
2007.1/i586/x11-server-xneomagic-1.2.0-9.4mdv2007.1.i586.rpm
6b69c4613210e5b3270e25641f767cd8
2007.1/i586/x11-server-xnest-1.2.0-9.4mdv2007.1.i586.rpm
8066ea51c17540e71c72315f90d2137f
2007.1/i586/x11-server-xnvidia-1.2.0-9.4mdv2007.1.i586.rpm
baff340cb05b89926a896a23bef16ea9
2007.1/i586/x11-server-xorg-1.2.0-9.4mdv2007.1.i586.rpm
93190dea1b50ecf724aa6d1186ffcc50
2007.1/i586/x11-server-xpm2-1.2.0-9.4mdv2007.1.i586.rpm
065a0f475d38c671e7aa516bb54ac599
2007.1/i586/x11-server-xprt-1.2.0-9.4mdv2007.1.i586.rpm
0cd6d73d1d5498609ba97a43a729a182
2007.1/i586/x11-server-xr128-1.2.0-9.4mdv2007.1.i586.rpm
8ab6e2956f7821ca617a047c4eca06a6
2007.1/i586/x11-server-xsdl-1.2.0-9.4mdv2007.1.i586.rpm
d650a2c243f5f52fddbaa4f4a21eed20
2007.1/i586/x11-server-xsmi-1.2.0-9.4mdv2007.1.i586.rpm
4b5d71cc7ee9af83a12966c2a7efe059
2007.1/i586/x11-server-xvesa-1.2.0-9.4mdv2007.1.i586.rpm
04da7fbe30ad733c12ce5be8ac4b638c
2007.1/i586/x11-server-xvfb-1.2.0-9.4mdv2007.1.i586.rpm
b8a2a7506d83190b765eb77229229a1c
2007.1/i586/x11-server-xvia-1.2.0-9.4mdv2007.1.i586.rpm
589b0b1ee8e832f2bde7681d4536e052
2007.1/i586/x11-server-xvnc-1.2.0-9.4mdv2007.1.i586.rpm
fba07c79d3b5f9e96336b554b8a73bd6
2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
e2622e9cd8d24a96acbecad6b4a13027
2007.1/x86_64/x11-server-1.2.0-9.4mdv2007.1.x86_64.rpm
a1a7e7b4a91434848891366481d6a089
2007.1/x86_64/x11-server-common-1.2.0-9.4mdv2007.1.x86_64.rpm
8245f6ccda109b7587bd63a70a3b7cf7
2007.1/x86_64/x11-server-devel-1.2.0-9.4mdv2007.1.x86_64.rpm
dced8648fa2d73282cb489ad0c213e18
2007.1/x86_64/x11-server-xdmx-1.2.0-9.4mdv2007.1.x86_64.rpm
4e0f01b5a0e1205c3648107f4c2c1473
2007.1/x86_64/x11-server-xephyr-1.2.0-9.4mdv2007.1.x86_64.rpm
1fa3759689b6322f8f42a05ff9aedecb
2007.1/x86_64/x11-server-xfake-1.2.0-9.4mdv2007.1.x86_64.rpm
a0987e83bb3de61ab2d87313fd787140
2007.1/x86_64/x11-server-xfbdev-1.2.0-9.4mdv2007.1.x86_64.rpm
f5a06c4510883ee09f925d58aa66aa42
2007.1/x86_64/x11-server-xnest-1.2.0-9.4mdv2007.1.x86_64.rpm
9571b8153f055cc4afb95e8f71f5cf09
2007.1/x86_64/x11-server-xorg-1.2.0-9.4mdv2007.1.x86_64.rpm
b9cdac0dcc89765463b6c5f4b2f4ba7c
2007.1/x86_64/x11-server-xprt-1.2.0-9.4mdv2007.1.x86_64.rpm
ba2a89724c06dded464523c35b598070
2007.1/x86_64/x11-server-xsdl-1.2.0-9.4mdv2007.1.x86_64.rpm
afb5340818bb8e78fa85fc992d1bebf3
2007.1/x86_64/x11-server-xvfb-1.2.0-9.4mdv2007.1.x86_64.rpm
a1198af0d1b9aaa4133cb91e468de173
2007.1/x86_64/x11-server-xvnc-1.2.0-9.4mdv2007.1.x86_64.rpm
fba07c79d3b5f9e96336b554b8a73bd6
2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
7a8ae9851a0325b360a8f97b56a816b5
2008.0/i586/x11-server-1.3.0.0-24.1mdv2008.0.i586.rpm
3f0a2bc7757c56fe0f392997a5022e34
2008.0/i586/x11-server-common-1.3.0.0-24.1mdv2008.0.i586.rpm
a62b388c88977ae948dba870ea5b866f
2008.0/i586/x11-server-devel-1.3.0.0-24.1mdv2008.0.i586.rpm
e0825379b328e7c955894c9ff7518d04
2008.0/i586/x11-server-xati-1.3.0.0-24.1mdv2008.0.i586.rpm
77410dd4c07ac6623e73b895b004ef0a
2008.0/i586/x11-server-xchips-1.3.0.0-24.1mdv2008.0.i586.rpm
9379a469c54ff0254fe435746a3d356b
2008.0/i586/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.i586.rpm
2df3a6867ca4606418dbfd9a1f5bf79d
2008.0/i586/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.i586.rpm
442ddb81a8097f0537d174c304f83b21
2008.0/i586/x11-server-xepson-1.3.0.0-24.1mdv2008.0.i586.rpm
8bf4e58c0a9b3f8fc7d1fa061fed05a6
2008.0/i586/x11-server-xfake-1.3.0.0-24.1mdv2008.0.i586.rpm
b4cfa9f8748e3edfb6b183821c74e249
2008.0/i586/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.i586.rpm
0e95fe7a388e0ac62942f00dbdb92974
2008.0/i586/x11-server-xi810-1.3.0.0-24.1mdv2008.0.i586.rpm
f4b796a0ad06722519080294bcf56423
2008.0/i586/x11-server-xmach64-1.3.0.0-24.1mdv2008.0.i586.rpm
6e013afb26f004779837925f74bda90d
2008.0/i586/x11-server-xmga-1.3.0.0-24.1mdv2008.0.i586.rpm
bc2113c528b1aeb54eca4b12e7ec16dc
2008.0/i586/x11-server-xneomagic-1.3.0.0-24.1mdv2008.0.i586.rpm
4b71555ae1b62c033a523269660d71d9
2008.0/i586/x11-server-xnest-1.3.0.0-24.1mdv2008.0.i586.rpm
1d913e066a9769c203ea03a72f25824e
2008.0/i586/x11-server-xnvidia-1.3.0.0-24.1mdv2008.0.i586.rpm
a06cd065427cf1c6ab0621eb34d5eba1
2008.0/i586/x11-server-xorg-1.3.0.0-24.1mdv2008.0.i586.rpm
a56b4a8ca70282768af931a27c2455c5
2008.0/i586/x11-server-xpm2-1.3.0.0-24.1mdv2008.0.i586.rpm
62b802c7e47a35d54d0b2fcc32a8bd11
2008.0/i586/x11-server-xr128-1.3.0.0-24.1mdv2008.0.i586.rpm
800c1ac057f5130dc6313651ea90feeb
2008.0/i586/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.i586.rpm
800d9bd5a5f6cbbeb91a8cc82a67df32
2008.0/i586/x11-server-xsmi-1.3.0.0-24.1mdv2008.0.i586.rpm
ed92778c5da4ef1193fd5525df4e72b0
2008.0/i586/x11-server-xvesa-1.3.0.0-24.1mdv2008.0.i586.rpm
328ff2c03ff4898388657d1e0d5ff5e4
2008.0/i586/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.i586.rpm
855c3309702a66073c969311b65b16db
2008.0/i586/x11-server-xvia-1.3.0.0-24.1mdv2008.0.i586.rpm
0e432734e00e0d824fb2282242b13da7
2008.0/i586/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.i586.rpm
94c64a78a829896c63de007abb598804
2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c8080f0318af2cd1999fbf6b141ccadf
2008.0/x86_64/x11-server-1.3.0.0-24.1mdv2008.0.x86_64.rpm
dd9acd06310c1aedc53a721419169a3b
2008.0/x86_64/x11-server-common-1.3.0.0-24.1mdv2008.0.x86_64.rpm
6f537021c81986e1b2d8ff1bbd344d6d
2008.0/x86_64/x11-server-devel-1.3.0.0-24.1mdv2008.0.x86_64.rpm
681fb76aad7b9952d4e8032242b467c8
2008.0/x86_64/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.x86_64.rpm
d6c774b0037d44a6c6e782fe7bf4dec5
2008.0/x86_64/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.x86_64.rpm
e4b299a96c197ac732bd773220efa2c6
2008.0/x86_64/x11-server-xfake-1.3.0.0-24.1mdv2008.0.x86_64.rpm
1d8ea5ce027dcc55cfd67d63f8c27c29
2008.0/x86_64/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.x86_64.rpm
6cea468e32959f90a9ebfd6d5c8c8034
2008.0/x86_64/x11-server-xnest-1.3.0.0-24.1mdv2008.0.x86_64.rpm
12b0404258cae8d6d28eb9b5a3231f70
2008.0/x86_64/x11-server-xorg-1.3.0.0-24.1mdv2008.0.x86_64.rpm
aae2b62fc505b80c8192aed8ff93b759
2008.0/x86_64/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.x86_64.rpm
bfaef8a8c8fec77159ab74c89f6b8967
2008.0/x86_64/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.x86_64.rpm
bff8283116ad7667a2507602ed95da6e
2008.0/x86_64/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.x86_64.rpm
94c64a78a829896c63de007abb598804
2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHl+frmqjQ0CJFipgRAvmDAKCFHl1auUASHQpbhQaTWVHsBHcRBACfUGk+
GiqeE9dPmJ+feX0zqi5JCnI=
=/oR9
-----END PGP SIGNATURE-----