[Security Announce] [ MDKSA-2006:164-2 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities
Posted on: 12/14/2006 06:20 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xorg-x11
Date : December 14, 2006
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).

Local exploitation of an integer overflow vulnerability in the
'scan_cidfont()' function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3740).

Updated packages are patched to address this issue.

Update:

Updated packages for Corporate Server 4.0 have been patched
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
3658ca4cd8a4c6e9821c418a5ce7b4b3 corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
c98057d36ee6db65dd49bb540f2dfdb5 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
296d32cb0bb9a4361e5288cd0c136410 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
569c78c8b3842c72cfe361fb89d1989d corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
438e53654ce1c11d5e28cce7d8316c34 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
6cd2047a430d3e10f68062e9e2ed7bc3 corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
61d98fd62be172adc372ef7f10e8d0f0 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
c46a82d37cb2377f9d232ee10fb837b4 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
e5be10030bae448b24998d65a2be9f6c corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
9122ac82818d37d54e096d128866c64f corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
1bfaa8464fefa7515a9abc6a4ff1da01 corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
4c274b747483a610e16677f019c150f6 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
6d1fe79343156bbd680b3d60941380b3 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
c7bdfd3abc0b711abe72e32ffa0b8e76 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
a62d0994768a936bbdef00a42a40e114 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
7e586568c538c87728f51cdee94ba050 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
a4a6aabeae772da093d771695d350dc0 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
95d2a9ad359eb51d2c8743a8f2d8cc21 corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
91629018178a74304f232c38b29ea831 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
93465357b9ff908de20c7448d501c1fa corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
4fe4964642e28e972c34c759d1e726d1 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
461967ff7add4e31702460db4ee6e602 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
6f5fbabba03318860472c0ce5c0a65e4 corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
444fc50e3d9cccf09601026c7487d78e corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
20da8a1239bc532d7c45d32931360d7b corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
40af6535454c3ea73dc4f6473b9f24c0 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
2c7d093af7530397c8b935409080c25c corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
51b4f1d2ef0118a2ed84b430bc89242e corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
66721b5e94867256724faf443ae1e8a3 corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
8e37a1b93e5ae3850d1259eea8aa3de3 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
d705258a79d0cb500560de0f3babe596 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
325bfc125311d543b8808133345afb00 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
ae37ee6f2b895664bfddb06798180907 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
897a5a32aa8e71cd3b644bc75e33f98a corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj
8tuWJMZfMYQMzHlWuRM/BF0=
=xvrZ
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006164_2__updated_xorg_x11xfree86_packages_fix_integer_overflow_vulnerabilities.html)