To: [email protected]Subject: [ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities
Date: Thu, 14 Dec 2006 10:03:00 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Gutz2-0005HT-Q3@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xorg-x11
Date : December 14, 2006
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).
Local exploitation of an integer overflow vulnerability in the
'scan_cidfont()' function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3740).
Updated packages are patched to address this issue.
Update:
Updated packages for Corporate Server 4.0 have been patched
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
3658ca4cd8a4c6e9821c418a5ce7b4b3 corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
c98057d36ee6db65dd49bb540f2dfdb5 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
296d32cb0bb9a4361e5288cd0c136410 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
569c78c8b3842c72cfe361fb89d1989d corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
438e53654ce1c11d5e28cce7d8316c34 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
6cd2047a430d3e10f68062e9e2ed7bc3 corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
61d98fd62be172adc372ef7f10e8d0f0 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
c46a82d37cb2377f9d232ee10fb837b4 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
e5be10030bae448b24998d65a2be9f6c corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
9122ac82818d37d54e096d128866c64f corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
1bfaa8464fefa7515a9abc6a4ff1da01 corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
4c274b747483a610e16677f019c150f6 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
6d1fe79343156bbd680b3d60941380b3 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
c7bdfd3abc0b711abe72e32ffa0b8e76 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
a62d0994768a936bbdef00a42a40e114 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
7e586568c538c87728f51cdee94ba050 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
a4a6aabeae772da093d771695d350dc0 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
95d2a9ad359eb51d2c8743a8f2d8cc21 corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
91629018178a74304f232c38b29ea831 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
93465357b9ff908de20c7448d501c1fa corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
4fe4964642e28e972c34c759d1e726d1 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
461967ff7add4e31702460db4ee6e602 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
6f5fbabba03318860472c0ce5c0a65e4 corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
444fc50e3d9cccf09601026c7487d78e corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
20da8a1239bc532d7c45d32931360d7b corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
40af6535454c3ea73dc4f6473b9f24c0 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
2c7d093af7530397c8b935409080c25c corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
51b4f1d2ef0118a2ed84b430bc89242e corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
66721b5e94867256724faf443ae1e8a3 corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
8e37a1b93e5ae3850d1259eea8aa3de3 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
d705258a79d0cb500560de0f3babe596 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
325bfc125311d543b8808133345afb00 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
ae37ee6f2b895664bfddb06798180907 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
897a5a32aa8e71cd3b644bc75e33f98a corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj
8tuWJMZfMYQMzHlWuRM/BF0=
=xvrZ
-----END PGP SIGNATURE-----