[Security Announce] [ MDKSA-2007:079 ] - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities
Posted on: 04/05/2007 01:50 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:079
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xorg-x11
Date : April 4, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Local exploitation of a memory corruption vulnerability in the X.Org
and XFree86 X server could allow an attacker to execute arbitrary code
with privileges of the X server, typically root.

The vulnerability exists in the ProcXCMiscGetXIDList() function in the
XC-MISC extension. This request is used to determine what resource IDs
are available for use. This function contains two vulnerabilities,
both result in memory corruption of either the stack or heap. The
ALLOCATE_LOCAL() macro used by this function allocates memory on the
stack using alloca() on systems where alloca() is present, or using
the heap otherwise. The handler function takes a user provided value,
multiplies it, and then passes it to the above macro. This results in
both an integer overflow vulnerability, and an alloca() stack pointer
shifting vulnerability. Both can be exploited to execute arbitrary
code. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled
various font files. A malicious local user could exploit these issues
to potentially execute arbitrary code with the privileges of the X.org
server. (CVE-2007-1351, CVE-2007-1352)

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial
of service (crash) or information leak via crafted images with large
or negative values that trigger a buffer overflow. (CVE-2007-1667)

Updated packages are patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
d96dcc000a74b02fbff0c3c0a5710767 2007.0/i586/libx11-common-1.0.3-2.2mdv2007.0.i586.rpm
0fbae1a4ac97941ea0f5e95e99fdf568 2007.0/i586/libx11_6-1.0.3-2.2mdv2007.0.i586.rpm
598252d23e15315d7213b09b1e3050ef 2007.0/i586/libx11_6-devel-1.0.3-2.2mdv2007.0.i586.rpm
1ffdc1a629ebded0e48cfc1ead8838b5 2007.0/i586/libx11_6-static-devel-1.0.3-2.2mdv2007.0.i586.rpm
a3b70e66b722738df4d50295dd1a2604 2007.0/i586/libxfont1-1.1.0-4.2mdv2007.0.i586.rpm
14a727bef0655ad3385305230c16b6df 2007.0/i586/libxfont1-devel-1.1.0-4.2mdv2007.0.i586.rpm
46a3a943ba47a91cae462289425f1777 2007.0/i586/libxfont1-static-devel-1.1.0-4.2mdv2007.0.i586.rpm
71733a31bfce2d014975e7be5151fe87 2007.0/i586/x11-server-1.1.1-11.3mdv2007.0.i586.rpm
b9650f724bcc27c9b02e4591b79a8170 2007.0/i586/x11-server-common-1.1.1-11.3mdv2007.0.i586.rpm
96291cb67e5effea3226d228934ca668 2007.0/i586/x11-server-devel-1.1.1-11.3mdv2007.0.i586.rpm
ada36533a54b6abb8d9e05edcbe85a9b 2007.0/i586/x11-server-xati-1.1.1-11.3mdv2007.0.i586.rpm
65b27efd9b19e654917dc507a9fcc85b 2007.0/i586/x11-server-xchips-1.1.1-11.3mdv2007.0.i586.rpm
08be63fced01787c67111c49a37a217b 2007.0/i586/x11-server-xdmx-1.1.1-11.3mdv2007.0.i586.rpm
b3808f59c82737c0a920f120e2821fda 2007.0/i586/x11-server-xephyr-1.1.1-11.3mdv2007.0.i586.rpm
d11c6a18afe3aed8f1a51bf765bbdf68 2007.0/i586/x11-server-xepson-1.1.1-11.3mdv2007.0.i586.rpm
87e8f828f97229acd5ad881894cd1e13 2007.0/i586/x11-server-xfake-1.1.1-11.3mdv2007.0.i586.rpm
f6ffd1174cbf64279a2feb6924f66e42 2007.0/i586/x11-server-xfbdev-1.1.1-11.3mdv2007.0.i586.rpm
ab872f9c530a3fcc8397b111dfb43b44 2007.0/i586/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.i586.rpm
fcc1678a7855a9bd889f819a29df978e 2007.0/i586/x11-server-xi810-1.1.1-11.3mdv2007.0.i586.rpm
3cf1b4fc5536ed5b54e8aad5b268ff2e 2007.0/i586/x11-server-xmach64-1.1.1-11.3mdv2007.0.i586.rpm
4ca148ffa7d5b363fd8fedfeef1cee71 2007.0/i586/x11-server-xmga-1.1.1-11.3mdv2007.0.i586.rpm
dbf20841fd17021879081b4a6c869f3e 2007.0/i586/x11-server-xneomagic-1.1.1-11.3mdv2007.0.i586.rpm
afd9701501cbe1b55cd5936456b04fc8 2007.0/i586/x11-server-xnest-1.1.1-11.3mdv2007.0.i586.rpm
e91bf46f57be620a10bbbeff792df61b 2007.0/i586/x11-server-xnvidia-1.1.1-11.3mdv2007.0.i586.rpm
a471731278537202b3c82792ad4e3368 2007.0/i586/x11-server-xorg-1.1.1-11.3mdv2007.0.i586.rpm
61661f612a200395a9d8a16923876ac8 2007.0/i586/x11-server-xpm2-1.1.1-11.3mdv2007.0.i586.rpm
c85b6311efa2b1719ab77e5eb7231160 2007.0/i586/x11-server-xprt-1.1.1-11.3mdv2007.0.i586.rpm
08e47b2ae0c09d5d117e583941535a06 2007.0/i586/x11-server-xr128-1.1.1-11.3mdv2007.0.i586.rpm
1aa8aa6927148ac3d64dc047709f5abf 2007.0/i586/x11-server-xsdl-1.1.1-11.3mdv2007.0.i586.rpm
674a1a4c2fb68d234153033efae15394 2007.0/i586/x11-server-xsmi-1.1.1-11.3mdv2007.0.i586.rpm
77e6c7649a00f81d7538593b99d0678a 2007.0/i586/x11-server-xvesa-1.1.1-11.3mdv2007.0.i586.rpm
bd6c55d0ad9e770d5680ae9dbd687a02 2007.0/i586/x11-server-xvfb-1.1.1-11.3mdv2007.0.i586.rpm
9867b8ebc08673dc8cf55a888bc0b22d 2007.0/i586/x11-server-xvia-1.1.1-11.3mdv2007.0.i586.rpm
44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
19a970386a276dd606b11400cd672c68 2007.0/x86_64/lib64x11_6-1.0.3-2.2mdv2007.0.x86_64.rpm
694178b488cfb01096ade83be1aa0d4c 2007.0/x86_64/lib64x11_6-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
9e666c058971ae71a1644115c2dbc851 2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
ae890ea6d025a00b8d1397fb2a8bee2c 2007.0/x86_64/lib64xfont1-1.1.0-4.2mdv2007.0.x86_64.rpm
ae510dc95b877ce304c382da30ee6680 2007.0/x86_64/lib64xfont1-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
f4a67a4311146a73ea1ac5d2a094f511 2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
b4186951ec846155eef67caf20a713d0 2007.0/x86_64/libx11-common-1.0.3-2.2mdv2007.0.x86_64.rpm
8e4dc66ec5d759761f8d36dd28194499 2007.0/x86_64/x11-server-1.1.1-11.3mdv2007.0.x86_64.rpm
932015ff2760dd9d155a3d62255fe9d8 2007.0/x86_64/x11-server-common-1.1.1-11.3mdv2007.0.x86_64.rpm
89a0a8d5751a07d2533ba5f6afb39584 2007.0/x86_64/x11-server-devel-1.1.1-11.3mdv2007.0.x86_64.rpm
72fc80b4c4ecbc09a6553375dfb45598 2007.0/x86_64/x11-server-xdmx-1.1.1-11.3mdv2007.0.x86_64.rpm
4020ee2d1bb311b944b7cee828a9591b 2007.0/x86_64/x11-server-xephyr-1.1.1-11.3mdv2007.0.x86_64.rpm
ceb7ed60ceabf6beab04fb4f7d5a6b9f 2007.0/x86_64/x11-server-xfake-1.1.1-11.3mdv2007.0.x86_64.rpm
2e283d8183630848bd4bf3c36ec78da2 2007.0/x86_64/x11-server-xfbdev-1.1.1-11.3mdv2007.0.x86_64.rpm
41b186290408566c3af16ad56bff4583 2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.x86_64.rpm
f03f5f7b95ee81d36558cc286dbc09cf 2007.0/x86_64/x11-server-xnest-1.1.1-11.3mdv2007.0.x86_64.rpm
ded05b44c119989703ec335ef8d7ba77 2007.0/x86_64/x11-server-xorg-1.1.1-11.3mdv2007.0.x86_64.rpm
58a552e341f4ccf59906f9ff32f1e96b 2007.0/x86_64/x11-server-xprt-1.1.1-11.3mdv2007.0.x86_64.rpm
908d1a089250581475bf63d3bd615209 2007.0/x86_64/x11-server-xsdl-1.1.1-11.3mdv2007.0.x86_64.rpm
f1b54633237b6f56857f9022f9621b3a 2007.0/x86_64/x11-server-xvfb-1.1.1-11.3mdv2007.0.x86_64.rpm
44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

Corporate 3.0:
918c04c922a1613680cbbe9487e96c1f corporate/3.0/i586/X11R6-contrib-4.3-32.13.C30mdk.i586.rpm
89f73d5c80e4c5ff474b115d825b5c09 corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.13.C30mdk.i586.rpm
4a350003e29da90f9e20cfc490630e44 corporate/3.0/i586/XFree86-4.3-32.13.C30mdk.i586.rpm
c1337f1ed5267d530dbf665f50619145 corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.13.C30mdk.i586.rpm
38c323d2e089e7f1cac411c6156a5025 corporate/3.0/i586/XFree86-Xnest-4.3-32.13.C30mdk.i586.rpm
9b18d33108c7d5aafb3e2d689045e91a corporate/3.0/i586/XFree86-Xvfb-4.3-32.13.C30mdk.i586.rpm
7fc5ac98bb77dc5ed11b52a17ca1ab18 corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.i586.rpm
be5ab8321d77e24e57553c9e537082e6 corporate/3.0/i586/XFree86-doc-4.3-32.13.C30mdk.i586.rpm
19353085c52e811da6d5cc9f173abb4a corporate/3.0/i586/XFree86-glide-module-4.3-32.13.C30mdk.i586.rpm
3373a7e9398a1788ab4bea0f12a9dce2 corporate/3.0/i586/XFree86-server-4.3-32.13.C30mdk.i586.rpm
f78239e305badabba3d638b361473436 corporate/3.0/i586/XFree86-xfs-4.3-32.13.C30mdk.i586.rpm
69b594d3b0438be4c25c36abb37e5159 corporate/3.0/i586/libxfree86-4.3-32.13.C30mdk.i586.rpm
9d1c0eb89083a9f62c14d29126a0ce06 corporate/3.0/i586/libxfree86-devel-4.3-32.13.C30mdk.i586.rpm
c67bddf7736902533773979e627b8761 corporate/3.0/i586/libxfree86-static-devel-4.3-32.13.C30mdk.i586.rpm
5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
2bd23a1148e5b379ff0305d9f96032f0 corporate/3.0/x86_64/X11R6-contrib-4.3-32.13.C30mdk.x86_64.rpm
dc08cee63f5dcbed1b036c3708a657a1 corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
171a7012e64618b79dc8880180093f76 corporate/3.0/x86_64/XFree86-4.3-32.13.C30mdk.x86_64.rpm
de12bcbf7f7ebdec9becb1c051162ecf corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
7f208dc7263f1558cf3f10e04e1ed5c9 corporate/3.0/x86_64/XFree86-Xnest-4.3-32.13.C30mdk.x86_64.rpm
c24a2d0fa210741e5aade751bd8a61df corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.13.C30mdk.x86_64.rpm
a89a370a0185521e83c37b8daf60fdd0 corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.x86_64.rpm
840dbd21393e5611d162ccf755792d4f corporate/3.0/x86_64/XFree86-doc-4.3-32.13.C30mdk.x86_64.rpm
b9595f9ffe3bc8a1d16522b6a47d5598 corporate/3.0/x86_64/XFree86-server-4.3-32.13.C30mdk.x86_64.rpm
63479edcdcbe976b96582c481b986f5e corporate/3.0/x86_64/XFree86-xfs-4.3-32.13.C30mdk.x86_64.rpm
525e0d97ff88d1905502d405f90d4085 corporate/3.0/x86_64/lib64xfree86-4.3-32.13.C30mdk.x86_64.rpm
66f6f35a1c45d88672bbc2b2ea9c8f2d corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.13.C30mdk.x86_64.rpm
2717e4c7875f4de5e880ad95b595fecd corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.13.C30mdk.x86_64.rpm
5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

Corporate 4.0:
e63a99edfa23138af23caa7c9c980d54 corporate/4.0/i586/X11R6-contrib-6.9.0-5.15.20060mlcs4.i586.rpm
9fa37dcac91bc52853239a3b86acbfa8 corporate/4.0/i586/libxorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
b34ee5541e4d8e7f37dcde66a75c6cfb corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.15.20060mlcs4.i586.rpm
71d076aff757c1778782065b3e7de161 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.15.20060mlcs4.i586.rpm
59b2613a3f02781d966b76751a4f432c corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
111813e2cbdeef71c025de2235199e90 corporate/4.0/i586/xorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
44b0a56d98313c72b05bfc4b28ff024b corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
08026da35859225b367ab26e813d57d7 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.i586.rpm
46f848204211932f59a8ecaf02a3894e corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.i586.rpm
eb232b39a68609ffb5adc5f472dc5d1d corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.i586.rpm
055b63beae6e771a6b948049fed128cf corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.i586.rpm
b2438635efdf6ed16508580cc901ecb5 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
91ac90d71030f3bfe0fdb9ddaf2ad816 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.15.20060mlcs4.i586.rpm
bf50b7e3fa360f3fd1aa61444526b9b8 corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.i586.rpm
372cfc8231f2f2d31760f165ee80d4e6 corporate/4.0/i586/xorg-x11-server-6.9.0-5.15.20060mlcs4.i586.rpm
7a73f4094d5ea7c3020a3b78ea9c9c98 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.i586.rpm
61bd1d2dae41148425196597d28460af corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.i586.rpm
1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
32ff784cd7c2401ee6bb9cd2b814159b corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.15.20060mlcs4.x86_64.rpm
d2575d1962896839c66e5a6d4f0d243b corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
49455f9280c0f2e45cbfe40957644a06 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
f57c87d13d3411731b28ac002873887f corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
cec0f84d92610fe7319678d52f85d69d corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
bbccb6cf65819363d944b72ea5dc0f94 corporate/4.0/x86_64/xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
6aef383c3f44fc6b66fc3175084b87fc corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
c036dce014adc7e5a74a181cf9fabdaf corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.x86_64.rpm
59d992851f3d52838a9515f9449905d5 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.x86_64.rpm
11867453dc758141fb38c33e3812e8e1 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.x86_64.rpm
a248cd02f7d7864c779491c6a9e696e1 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.x86_64.rpm
6bec3e71d6c044a563bca2733260adb9 corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
d2f5b5cebcecefdce3cc1bfb550bf481 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.15.20060mlcs4.x86_64.rpm
780c01a55862d4b9ac03286ac787b725 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.x86_64.rpm
3ad687a6bb67d02ed23cb6d57ca0ea85 corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.15.20060mlcs4.x86_64.rpm
3f02a8bf7e6e94b4696baa3998712dae corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.x86_64.rpm
5df334cae18035961430532b7fa6a71f corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.x86_64.rpm
1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGFAoYmqjQ0CJFipgRAvkHAJwJVFe0mT1yBHKjcTWYIRiSz7YoZQCdF6wt
/Czi8NSscvNCkThUftxcIJY=
=eRgy
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007079__updated_xorg_x11xfree86_packages_fix_integer_overflow_vulnerabilities.html)