[ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2008:023 ] - Updated x11-server packages fix multiple vulnerabilities
From: security@xxxxxxxxxxxx
Date: Thu, 24 Jan 2008 06:46:27 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: xsecurity@xxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:023
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : x11-server
 Date    : January 23, 2008
 Affected: 2007.0, 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 An input validation flaw was found in the X.org server's XFree86-Misc
 extension that could allow a malicious authorized client to cause
 a denial of service (crash), or potentially execute arbitrary code
 with root privileges on the X.org server (CVE-2007-5760).
 
 A flaw was found in the X.org server's XC-SECURITY extension that
 could allow a local user to verify the existence of an arbitrary file,
 even in directories that are not normally accessible to that user
 (CVE-2007-5958).
 
 A memory corruption flaw was found in the X.org server's XInput
 extension that could allow a malicious authorized client to cause a
 denial of service (crash) or potentially execute arbitrary code with
 root privileges on the X.org server (CVE-2007-6427).
 
 An information disclosure flaw was found in the X.org server's TOG-CUP
 extension that could allow a malicious authorized client to cause
 a denial of service (crash) or potentially view arbitrary memory
 content within the X.org server's address space (CVE-2007-6428).
 
 Two integer overflow flaws were found in the X.org server's EVI and
 MIT-SHM modules that could allow a malicious authorized client to
 cause a denial of service (crash) or potentially execute arbitrary
 code with the privileges of the X.org server (CVE-2007-6429).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 536b2b843db365fa759ebcce5aadf8fa  
2007.0/i586/x11-server-1.1.1-12.3mdv2007.0.i586.rpm
 4e5e7b280242217f8168f9b47ff8781a  
2007.0/i586/x11-server-common-1.1.1-12.3mdv2007.0.i586.rpm
 cb1487dd1eceb45aa03b9a0aa77a293c  
2007.0/i586/x11-server-devel-1.1.1-12.3mdv2007.0.i586.rpm
 2c319a8ae154d1645656dd4a7f1fe239  
2007.0/i586/x11-server-xati-1.1.1-12.3mdv2007.0.i586.rpm
 079f895ff1d5e2f48aaa556bd7a59519  
2007.0/i586/x11-server-xchips-1.1.1-12.3mdv2007.0.i586.rpm
 54e005629b2f4b56f2b01dc5a6769b45  
2007.0/i586/x11-server-xdmx-1.1.1-12.3mdv2007.0.i586.rpm
 582b3f8eaabc14a13c652c9541db5a3a  
2007.0/i586/x11-server-xephyr-1.1.1-12.3mdv2007.0.i586.rpm
 382083d039b8fb981fdef2d3f2952e5d  
2007.0/i586/x11-server-xepson-1.1.1-12.3mdv2007.0.i586.rpm
 2cd603401aa8507c79a45a377a5dc5a5  
2007.0/i586/x11-server-xfake-1.1.1-12.3mdv2007.0.i586.rpm
 4dd7e8fb8b15ac5ae913a770e3dc0edd  
2007.0/i586/x11-server-xfbdev-1.1.1-12.3mdv2007.0.i586.rpm
 f233d76be20f906e0447a13142e92bda  
2007.0/i586/x11-server-xi810-1.1.1-12.3mdv2007.0.i586.rpm
 6d54b4cdb68a27648ea045ecaa7e2e93  
2007.0/i586/x11-server-xmach64-1.1.1-12.3mdv2007.0.i586.rpm
 a205af74dace2a90e0bf7ab595cae4a5  
2007.0/i586/x11-server-xmga-1.1.1-12.3mdv2007.0.i586.rpm
 99ed4f80e419c9eced26083d27b04dcb  
2007.0/i586/x11-server-xneomagic-1.1.1-12.3mdv2007.0.i586.rpm
 8cc833f4c1ea7853f4269182ee8c8662  
2007.0/i586/x11-server-xnest-1.1.1-12.3mdv2007.0.i586.rpm
 0cec70b4e20ffc9ef6da1b277b00a4dc  
2007.0/i586/x11-server-xnvidia-1.1.1-12.3mdv2007.0.i586.rpm
 a0a7a471c0223fe3a961f602b36b5c3c  
2007.0/i586/x11-server-xorg-1.1.1-12.3mdv2007.0.i586.rpm
 5d1784f3afcb6f056da1524191d79e7d  
2007.0/i586/x11-server-xpm2-1.1.1-12.3mdv2007.0.i586.rpm
 ef2a81299e26c3da215f6d1150da75ef  
2007.0/i586/x11-server-xprt-1.1.1-12.3mdv2007.0.i586.rpm
 8ffbdfbd4fd6d98d88956fbbd1b4547d  
2007.0/i586/x11-server-xr128-1.1.1-12.3mdv2007.0.i586.rpm
 b847cccad2ee87d6a81e73a450d4be1e  
2007.0/i586/x11-server-xsdl-1.1.1-12.3mdv2007.0.i586.rpm
 820cb3af32609084de5af13dae86658a  
2007.0/i586/x11-server-xsmi-1.1.1-12.3mdv2007.0.i586.rpm
 7386f22db489688076d2a683a2275b16  
2007.0/i586/x11-server-xvesa-1.1.1-12.3mdv2007.0.i586.rpm
 1be8682ca9f2b5ea024e851015779a6f  
2007.0/i586/x11-server-xvfb-1.1.1-12.3mdv2007.0.i586.rpm
 4078f13ac77324a07439f964d86c5878  
2007.0/i586/x11-server-xvia-1.1.1-12.3mdv2007.0.i586.rpm 
 0cb8cf686f9af1d660e2bdb52e291c59  
2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 bf838b3ef7c3e8e8684c51511a705de3  
2007.0/x86_64/x11-server-1.1.1-12.3mdv2007.0.x86_64.rpm
 969a80b0fd6e55fec6548392bcebb9c6  
2007.0/x86_64/x11-server-common-1.1.1-12.3mdv2007.0.x86_64.rpm
 c629fdc6b3437d105296245b5f2b714d  
2007.0/x86_64/x11-server-devel-1.1.1-12.3mdv2007.0.x86_64.rpm
 4656a0128755192b4dd385a61d47c79f  
2007.0/x86_64/x11-server-xdmx-1.1.1-12.3mdv2007.0.x86_64.rpm
 95074952395ca22438f36095fd1b8b89  
2007.0/x86_64/x11-server-xephyr-1.1.1-12.3mdv2007.0.x86_64.rpm
 beeff525e9266eb9868c8d8678c73c15  
2007.0/x86_64/x11-server-xfake-1.1.1-12.3mdv2007.0.x86_64.rpm
 1de55a43f5ddbee1915da4f4168081e6  
2007.0/x86_64/x11-server-xfbdev-1.1.1-12.3mdv2007.0.x86_64.rpm
 e641780613f609debbb6bf8a3ccffb70  
2007.0/x86_64/x11-server-xnest-1.1.1-12.3mdv2007.0.x86_64.rpm
 b5e65fb9bd6e8269be240b81a341bd05  
2007.0/x86_64/x11-server-xorg-1.1.1-12.3mdv2007.0.x86_64.rpm
 83a7254129bd392490b51ce15262a3cc  
2007.0/x86_64/x11-server-xprt-1.1.1-12.3mdv2007.0.x86_64.rpm
 8195afdcaf12dafe279a3d2c59494e97  
2007.0/x86_64/x11-server-xsdl-1.1.1-12.3mdv2007.0.x86_64.rpm
 4cfe6e309d62fc1b11b335f8b14b4eb0  
2007.0/x86_64/x11-server-xvfb-1.1.1-12.3mdv2007.0.x86_64.rpm 
 0cb8cf686f9af1d660e2bdb52e291c59  
2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 388798b1f4934014ca661b52fe310ade  
2007.1/i586/x11-server-1.2.0-9.4mdv2007.1.i586.rpm
 742089c79152ca05d0add15baf0bd4ce  
2007.1/i586/x11-server-common-1.2.0-9.4mdv2007.1.i586.rpm
 030b01b3659ea01bcbf5d58507fc09f9  
2007.1/i586/x11-server-devel-1.2.0-9.4mdv2007.1.i586.rpm
 5ef1cabb18c59f2d281e7a79ac9c0619  
2007.1/i586/x11-server-xati-1.2.0-9.4mdv2007.1.i586.rpm
 84d47834f8b17a2bca2661a5087a33e5  
2007.1/i586/x11-server-xchips-1.2.0-9.4mdv2007.1.i586.rpm
 67bc7dfb36270216a4474a0561413d3a  
2007.1/i586/x11-server-xdmx-1.2.0-9.4mdv2007.1.i586.rpm
 07106f417292958e4d4ceac1018420f8  
2007.1/i586/x11-server-xephyr-1.2.0-9.4mdv2007.1.i586.rpm
 92d8e3079ba6623cc56313b7906b6753  
2007.1/i586/x11-server-xepson-1.2.0-9.4mdv2007.1.i586.rpm
 7ee3cc8a79ee42173d28fd44646ccebc  
2007.1/i586/x11-server-xfake-1.2.0-9.4mdv2007.1.i586.rpm
 fbca430287fbed560ff2c7cc6d5ae5ae  
2007.1/i586/x11-server-xfbdev-1.2.0-9.4mdv2007.1.i586.rpm
 6ae5978e60c72991d391343911c01bc7  
2007.1/i586/x11-server-xi810-1.2.0-9.4mdv2007.1.i586.rpm
 7f03196a6983963b615be5005de8be75  
2007.1/i586/x11-server-xmach64-1.2.0-9.4mdv2007.1.i586.rpm
 afb7b10e37050dea9dd04c6c3363d99b  
2007.1/i586/x11-server-xmga-1.2.0-9.4mdv2007.1.i586.rpm
 e1b2a16bc25be90bd60cd73dacdcb22c  
2007.1/i586/x11-server-xneomagic-1.2.0-9.4mdv2007.1.i586.rpm
 6b69c4613210e5b3270e25641f767cd8  
2007.1/i586/x11-server-xnest-1.2.0-9.4mdv2007.1.i586.rpm
 8066ea51c17540e71c72315f90d2137f  
2007.1/i586/x11-server-xnvidia-1.2.0-9.4mdv2007.1.i586.rpm
 baff340cb05b89926a896a23bef16ea9  
2007.1/i586/x11-server-xorg-1.2.0-9.4mdv2007.1.i586.rpm
 93190dea1b50ecf724aa6d1186ffcc50  
2007.1/i586/x11-server-xpm2-1.2.0-9.4mdv2007.1.i586.rpm
 065a0f475d38c671e7aa516bb54ac599  
2007.1/i586/x11-server-xprt-1.2.0-9.4mdv2007.1.i586.rpm
 0cd6d73d1d5498609ba97a43a729a182  
2007.1/i586/x11-server-xr128-1.2.0-9.4mdv2007.1.i586.rpm
 8ab6e2956f7821ca617a047c4eca06a6  
2007.1/i586/x11-server-xsdl-1.2.0-9.4mdv2007.1.i586.rpm
 d650a2c243f5f52fddbaa4f4a21eed20  
2007.1/i586/x11-server-xsmi-1.2.0-9.4mdv2007.1.i586.rpm
 4b5d71cc7ee9af83a12966c2a7efe059  
2007.1/i586/x11-server-xvesa-1.2.0-9.4mdv2007.1.i586.rpm
 04da7fbe30ad733c12ce5be8ac4b638c  
2007.1/i586/x11-server-xvfb-1.2.0-9.4mdv2007.1.i586.rpm
 b8a2a7506d83190b765eb77229229a1c  
2007.1/i586/x11-server-xvia-1.2.0-9.4mdv2007.1.i586.rpm
 589b0b1ee8e832f2bde7681d4536e052  
2007.1/i586/x11-server-xvnc-1.2.0-9.4mdv2007.1.i586.rpm 
 fba07c79d3b5f9e96336b554b8a73bd6  
2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 e2622e9cd8d24a96acbecad6b4a13027  
2007.1/x86_64/x11-server-1.2.0-9.4mdv2007.1.x86_64.rpm
 a1a7e7b4a91434848891366481d6a089  
2007.1/x86_64/x11-server-common-1.2.0-9.4mdv2007.1.x86_64.rpm
 8245f6ccda109b7587bd63a70a3b7cf7  
2007.1/x86_64/x11-server-devel-1.2.0-9.4mdv2007.1.x86_64.rpm
 dced8648fa2d73282cb489ad0c213e18  
2007.1/x86_64/x11-server-xdmx-1.2.0-9.4mdv2007.1.x86_64.rpm
 4e0f01b5a0e1205c3648107f4c2c1473  
2007.1/x86_64/x11-server-xephyr-1.2.0-9.4mdv2007.1.x86_64.rpm
 1fa3759689b6322f8f42a05ff9aedecb  
2007.1/x86_64/x11-server-xfake-1.2.0-9.4mdv2007.1.x86_64.rpm
 a0987e83bb3de61ab2d87313fd787140  
2007.1/x86_64/x11-server-xfbdev-1.2.0-9.4mdv2007.1.x86_64.rpm
 f5a06c4510883ee09f925d58aa66aa42  
2007.1/x86_64/x11-server-xnest-1.2.0-9.4mdv2007.1.x86_64.rpm
 9571b8153f055cc4afb95e8f71f5cf09  
2007.1/x86_64/x11-server-xorg-1.2.0-9.4mdv2007.1.x86_64.rpm
 b9cdac0dcc89765463b6c5f4b2f4ba7c  
2007.1/x86_64/x11-server-xprt-1.2.0-9.4mdv2007.1.x86_64.rpm
 ba2a89724c06dded464523c35b598070  
2007.1/x86_64/x11-server-xsdl-1.2.0-9.4mdv2007.1.x86_64.rpm
 afb5340818bb8e78fa85fc992d1bebf3  
2007.1/x86_64/x11-server-xvfb-1.2.0-9.4mdv2007.1.x86_64.rpm
 a1198af0d1b9aaa4133cb91e468de173  
2007.1/x86_64/x11-server-xvnc-1.2.0-9.4mdv2007.1.x86_64.rpm 
 fba07c79d3b5f9e96336b554b8a73bd6  
2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 7a8ae9851a0325b360a8f97b56a816b5  
2008.0/i586/x11-server-1.3.0.0-24.1mdv2008.0.i586.rpm
 3f0a2bc7757c56fe0f392997a5022e34  
2008.0/i586/x11-server-common-1.3.0.0-24.1mdv2008.0.i586.rpm
 a62b388c88977ae948dba870ea5b866f  
2008.0/i586/x11-server-devel-1.3.0.0-24.1mdv2008.0.i586.rpm
 e0825379b328e7c955894c9ff7518d04  
2008.0/i586/x11-server-xati-1.3.0.0-24.1mdv2008.0.i586.rpm
 77410dd4c07ac6623e73b895b004ef0a  
2008.0/i586/x11-server-xchips-1.3.0.0-24.1mdv2008.0.i586.rpm
 9379a469c54ff0254fe435746a3d356b  
2008.0/i586/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.i586.rpm
 2df3a6867ca4606418dbfd9a1f5bf79d  
2008.0/i586/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.i586.rpm
 442ddb81a8097f0537d174c304f83b21  
2008.0/i586/x11-server-xepson-1.3.0.0-24.1mdv2008.0.i586.rpm
 8bf4e58c0a9b3f8fc7d1fa061fed05a6  
2008.0/i586/x11-server-xfake-1.3.0.0-24.1mdv2008.0.i586.rpm
 b4cfa9f8748e3edfb6b183821c74e249  
2008.0/i586/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.i586.rpm
 0e95fe7a388e0ac62942f00dbdb92974  
2008.0/i586/x11-server-xi810-1.3.0.0-24.1mdv2008.0.i586.rpm
 f4b796a0ad06722519080294bcf56423  
2008.0/i586/x11-server-xmach64-1.3.0.0-24.1mdv2008.0.i586.rpm
 6e013afb26f004779837925f74bda90d  
2008.0/i586/x11-server-xmga-1.3.0.0-24.1mdv2008.0.i586.rpm
 bc2113c528b1aeb54eca4b12e7ec16dc  
2008.0/i586/x11-server-xneomagic-1.3.0.0-24.1mdv2008.0.i586.rpm
 4b71555ae1b62c033a523269660d71d9  
2008.0/i586/x11-server-xnest-1.3.0.0-24.1mdv2008.0.i586.rpm
 1d913e066a9769c203ea03a72f25824e  
2008.0/i586/x11-server-xnvidia-1.3.0.0-24.1mdv2008.0.i586.rpm
 a06cd065427cf1c6ab0621eb34d5eba1  
2008.0/i586/x11-server-xorg-1.3.0.0-24.1mdv2008.0.i586.rpm
 a56b4a8ca70282768af931a27c2455c5  
2008.0/i586/x11-server-xpm2-1.3.0.0-24.1mdv2008.0.i586.rpm
 62b802c7e47a35d54d0b2fcc32a8bd11  
2008.0/i586/x11-server-xr128-1.3.0.0-24.1mdv2008.0.i586.rpm
 800c1ac057f5130dc6313651ea90feeb  
2008.0/i586/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.i586.rpm
 800d9bd5a5f6cbbeb91a8cc82a67df32  
2008.0/i586/x11-server-xsmi-1.3.0.0-24.1mdv2008.0.i586.rpm
 ed92778c5da4ef1193fd5525df4e72b0  
2008.0/i586/x11-server-xvesa-1.3.0.0-24.1mdv2008.0.i586.rpm
 328ff2c03ff4898388657d1e0d5ff5e4  
2008.0/i586/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.i586.rpm
 855c3309702a66073c969311b65b16db  
2008.0/i586/x11-server-xvia-1.3.0.0-24.1mdv2008.0.i586.rpm
 0e432734e00e0d824fb2282242b13da7  
2008.0/i586/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.i586.rpm 
 94c64a78a829896c63de007abb598804  
2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c8080f0318af2cd1999fbf6b141ccadf  
2008.0/x86_64/x11-server-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 dd9acd06310c1aedc53a721419169a3b  
2008.0/x86_64/x11-server-common-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 6f537021c81986e1b2d8ff1bbd344d6d  
2008.0/x86_64/x11-server-devel-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 681fb76aad7b9952d4e8032242b467c8  
2008.0/x86_64/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 d6c774b0037d44a6c6e782fe7bf4dec5  
2008.0/x86_64/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 e4b299a96c197ac732bd773220efa2c6  
2008.0/x86_64/x11-server-xfake-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 1d8ea5ce027dcc55cfd67d63f8c27c29  
2008.0/x86_64/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 6cea468e32959f90a9ebfd6d5c8c8034  
2008.0/x86_64/x11-server-xnest-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 12b0404258cae8d6d28eb9b5a3231f70  
2008.0/x86_64/x11-server-xorg-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 aae2b62fc505b80c8192aed8ff93b759  
2008.0/x86_64/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 bfaef8a8c8fec77159ab74c89f6b8967  
2008.0/x86_64/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.x86_64.rpm
 bff8283116ad7667a2507602ed95da6e  
2008.0/x86_64/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.x86_64.rpm 
 94c64a78a829896c63de007abb598804  
2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHl+frmqjQ0CJFipgRAvmDAKCFHl1auUASHQpbhQaTWVHsBHcRBACfUGk+
GiqeE9dPmJ+feX0zqi5JCnI=
=/oR9
-----END PGP SIGNATURE-----
Prev by Date: [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities
Next by Date: [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability
Previous by thread: [ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple vulnerabilities
Next by thread: [ MDVSA-2008:024 ] - Updated libxfont packages fix font handling vulnerability
Index(es):
- Date
- Thread