[Security Announce] [ MDKSA-2007:178 ] - Updated x11-server packages fix vulnerability
Posted on: 09/12/2007 05:10 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:178
http://www.mandriva.com/security/
_______________________________________________________________________

Package : x11-server
Date : September 11, 2007
Affected: 2007.0, 2007.1
_______________________________________________________________________

Problem Description:

Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which if exploited could lead to local privilege
escalation.

Updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4730
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
b7f65f220a7e0d60468de2591480c81f 2007.0/i586/x11-server-1.1.1-12.2mdv2007.0.i586.rpm
6531fccbefc159f11ab350a5005a2a37 2007.0/i586/x11-server-common-1.1.1-12.2mdv2007.0.i586.rpm
d226660aa402ad02c1a6409a530315a4 2007.0/i586/x11-server-devel-1.1.1-12.2mdv2007.0.i586.rpm
1cbd8d452b28b3ef33fb87bd62627472 2007.0/i586/x11-server-xati-1.1.1-12.2mdv2007.0.i586.rpm
5ae5f6604245486ae6c4fe5718b4708d 2007.0/i586/x11-server-xchips-1.1.1-12.2mdv2007.0.i586.rpm
f5a5d272c45a70c27b10c01c4d5fedbe 2007.0/i586/x11-server-xdmx-1.1.1-12.2mdv2007.0.i586.rpm
97b8a31e97ce2560b084b31400f8db19 2007.0/i586/x11-server-xephyr-1.1.1-12.2mdv2007.0.i586.rpm
08215333e77aedf5295a2a7f3de363a6 2007.0/i586/x11-server-xepson-1.1.1-12.2mdv2007.0.i586.rpm
251281eb2c8bbc593c64c8431da23264 2007.0/i586/x11-server-xfake-1.1.1-12.2mdv2007.0.i586.rpm
2da1f5f9b51c5dc6382ddd75c6f21705 2007.0/i586/x11-server-xfbdev-1.1.1-12.2mdv2007.0.i586.rpm
649c70b4548c0a2c9cff273f6050b49a 2007.0/i586/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.i586.rpm
d9e4f46fc32a7ef7e0867d0be8c8d5a5 2007.0/i586/x11-server-xi810-1.1.1-12.2mdv2007.0.i586.rpm
031ae580506097876217fb649112d883 2007.0/i586/x11-server-xmach64-1.1.1-12.2mdv2007.0.i586.rpm
2239a80521a1b74505bff4b03eae9ade 2007.0/i586/x11-server-xmga-1.1.1-12.2mdv2007.0.i586.rpm
5c0ba6b312c07e8aa54d220be66dcccb 2007.0/i586/x11-server-xneomagic-1.1.1-12.2mdv2007.0.i586.rpm
d589cf3b29b764b0155f6fc4ccef7560 2007.0/i586/x11-server-xnest-1.1.1-12.2mdv2007.0.i586.rpm
4a4d7944f435dccd6e6d14a419451add 2007.0/i586/x11-server-xnvidia-1.1.1-12.2mdv2007.0.i586.rpm
a4dfc77d69799d1fff4cdd740afe97fc 2007.0/i586/x11-server-xorg-1.1.1-12.2mdv2007.0.i586.rpm
940ca130c5173a96be8a02d1cca00900 2007.0/i586/x11-server-xpm2-1.1.1-12.2mdv2007.0.i586.rpm
1a79715f3811769ccd6ebc9024e2c188 2007.0/i586/x11-server-xprt-1.1.1-12.2mdv2007.0.i586.rpm
763825c0b68ac98ef45d7b17191d5b6f 2007.0/i586/x11-server-xr128-1.1.1-12.2mdv2007.0.i586.rpm
afcddc9001954e94e25c71802dc3dbb0 2007.0/i586/x11-server-xsdl-1.1.1-12.2mdv2007.0.i586.rpm
88c03e6cf97ce32a58b867a323b749e0 2007.0/i586/x11-server-xsmi-1.1.1-12.2mdv2007.0.i586.rpm
f021f41f108226046db77b55c0ac893b 2007.0/i586/x11-server-xvesa-1.1.1-12.2mdv2007.0.i586.rpm
4095bf9b8b47e31234603e4edacb7116 2007.0/i586/x11-server-xvfb-1.1.1-12.2mdv2007.0.i586.rpm
503e8cd0668ede239bc78a0f855c5ab9 2007.0/i586/x11-server-xvia-1.1.1-12.2mdv2007.0.i586.rpm
e65256c48101eb1f0d51f8e246b74f9e 2007.0/SRPMS/x11-server-1.1.1-12.2mdv2007.0.src.rpm
c94f94783b9a833f9ba84a2c6447360b 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0e28499a5c6b439a25d9fabb1a9a4b47 2007.0/x86_64/x11-server-1.1.1-12.2mdv2007.0.x86_64.rpm
f20c62bbccc71f6c501d25b4ea913a74 2007.0/x86_64/x11-server-common-1.1.1-12.2mdv2007.0.x86_64.rpm
c96011aa8acbab908139604c05ab23e4 2007.0/x86_64/x11-server-devel-1.1.1-12.2mdv2007.0.x86_64.rpm
729bc1d5ad879d4c1942899a4df7c59b 2007.0/x86_64/x11-server-xdmx-1.1.1-12.2mdv2007.0.x86_64.rpm
0d4c1599d50f76b792bbecc904f01567 2007.0/x86_64/x11-server-xephyr-1.1.1-12.2mdv2007.0.x86_64.rpm
90f0260b44b5fb3bedf77bd2cd0f6ceb 2007.0/x86_64/x11-server-xfake-1.1.1-12.2mdv2007.0.x86_64.rpm
1db3512f3401934ffd82a12e74d3a3bf 2007.0/x86_64/x11-server-xfbdev-1.1.1-12.2mdv2007.0.x86_64.rpm
24812e53f83a6751fad94544814fbb63 2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.x86_64.rpm
84b70cd0146b642215596eec51dcb7b1 2007.0/x86_64/x11-server-xnest-1.1.1-12.2mdv2007.0.x86_64.rpm
b16678c47a6f526e904eb764d1aa5c68 2007.0/x86_64/x11-server-xorg-1.1.1-12.2mdv2007.0.x86_64.rpm
5466332d5fd645bd0b1de06f41f2e7d7 2007.0/x86_64/x11-server-xprt-1.1.1-12.2mdv2007.0.x86_64.rpm
071baaa67706c90aac05e9362b32f1de 2007.0/x86_64/x11-server-xsdl-1.1.1-12.2mdv2007.0.x86_64.rpm
d0cfa2a81086e55ad3a024da165e1570 2007.0/x86_64/x11-server-xvfb-1.1.1-12.2mdv2007.0.x86_64.rpm
e65256c48101eb1f0d51f8e246b74f9e 2007.0/SRPMS/x11-server-1.1.1-12.2mdv2007.0.src.rpm
c94f94783b9a833f9ba84a2c6447360b 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.11.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
68d47b19c4b867ee11f15b71f3c8226a 2007.1/i586/x11-server-1.2.0-9.3mdv2007.1.i586.rpm
39872d0705024f838c47bdeb5c01b63b 2007.1/i586/x11-server-common-1.2.0-9.3mdv2007.1.i586.rpm
58c57bf66d436909db3aa46332f1161d 2007.1/i586/x11-server-devel-1.2.0-9.3mdv2007.1.i586.rpm
7f46aea7b12cc7d63ca1094e45fd8185 2007.1/i586/x11-server-xati-1.2.0-9.3mdv2007.1.i586.rpm
ce49e5eb2b938d0b2439c4d23cc6c886 2007.1/i586/x11-server-xchips-1.2.0-9.3mdv2007.1.i586.rpm
1b8288fa1550e75e506ebb5613fab8b1 2007.1/i586/x11-server-xdmx-1.2.0-9.3mdv2007.1.i586.rpm
051d34d81ae1e041fbec3d2d3142178e 2007.1/i586/x11-server-xephyr-1.2.0-9.3mdv2007.1.i586.rpm
d3771704e8094acc9a19f31d0a3e5b23 2007.1/i586/x11-server-xepson-1.2.0-9.3mdv2007.1.i586.rpm
d1af00fd18f02cebe28c319319b7147a 2007.1/i586/x11-server-xfake-1.2.0-9.3mdv2007.1.i586.rpm
b742892b760c61c6ea689a5541246c5d 2007.1/i586/x11-server-xfbdev-1.2.0-9.3mdv2007.1.i586.rpm
3e9ab8e79ccd908056943704eb849659 2007.1/i586/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.i586.rpm
170e7f0b8cae29dcd4fbd54ece1c89f8 2007.1/i586/x11-server-xi810-1.2.0-9.3mdv2007.1.i586.rpm
491413b40e7dc71b86cba615bca7c465 2007.1/i586/x11-server-xmach64-1.2.0-9.3mdv2007.1.i586.rpm
5890faac3b923e21c0dc5bded02d086e 2007.1/i586/x11-server-xmga-1.2.0-9.3mdv2007.1.i586.rpm
f494f66f71ddc5b69479a23ce201a41d 2007.1/i586/x11-server-xneomagic-1.2.0-9.3mdv2007.1.i586.rpm
c8e42471bdbbdc4a66ffd91b1f0cb182 2007.1/i586/x11-server-xnest-1.2.0-9.3mdv2007.1.i586.rpm
701cd236e6a50d072bf10e2d739dea99 2007.1/i586/x11-server-xnvidia-1.2.0-9.3mdv2007.1.i586.rpm
6c0a51eb71c5e08a514065a86940345b 2007.1/i586/x11-server-xorg-1.2.0-9.3mdv2007.1.i586.rpm
2dd8ca5bbce666924593f66ed7e9186c 2007.1/i586/x11-server-xpm2-1.2.0-9.3mdv2007.1.i586.rpm
d53a2928b2068609b8429baa3de55098 2007.1/i586/x11-server-xprt-1.2.0-9.3mdv2007.1.i586.rpm
a167c69874d9122d19806af6ac57e10c 2007.1/i586/x11-server-xr128-1.2.0-9.3mdv2007.1.i586.rpm
e21ed3731dbf7e5345e4c57223e1c47d 2007.1/i586/x11-server-xsdl-1.2.0-9.3mdv2007.1.i586.rpm
3642c4ab48e21c5f810e83502aec4ff0 2007.1/i586/x11-server-xsmi-1.2.0-9.3mdv2007.1.i586.rpm
24004ec8195d11e8fb0e13ba19c700a7 2007.1/i586/x11-server-xvesa-1.2.0-9.3mdv2007.1.i586.rpm
74bd661eaf42b16fe38c4b08a268600b 2007.1/i586/x11-server-xvfb-1.2.0-9.3mdv2007.1.i586.rpm
5d340c30d104e1396436f6d6a83b21db 2007.1/i586/x11-server-xvia-1.2.0-9.3mdv2007.1.i586.rpm
9abbbeae06a1e0c527d96236ca9cc41e 2007.1/i586/x11-server-xvnc-1.2.0-9.3mdv2007.1.i586.rpm
893f78ce4f78b7def6d01c02d28262b7 2007.1/SRPMS/x11-server-1.2.0-9.3mdv2007.1.src.rpm
6df770cb70e3eb4bc5cd9baa9af8b0c9 2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
fe1fb94aff46fdfb0b8a1f1d325267b6 2007.1/x86_64/x11-server-1.2.0-9.3mdv2007.1.x86_64.rpm
50451c60869e8790c386de687462b208 2007.1/x86_64/x11-server-common-1.2.0-9.3mdv2007.1.x86_64.rpm
7dd32f5f112988c8ea7260f0ce21123e 2007.1/x86_64/x11-server-devel-1.2.0-9.3mdv2007.1.x86_64.rpm
886994cfc8ee33d2ec47f8c5fd5498f6 2007.1/x86_64/x11-server-xdmx-1.2.0-9.3mdv2007.1.x86_64.rpm
746ffd08c46db2b3c1d3d6978aa4750c 2007.1/x86_64/x11-server-xephyr-1.2.0-9.3mdv2007.1.x86_64.rpm
1245fecc83cf5be468248891a64ff533 2007.1/x86_64/x11-server-xfake-1.2.0-9.3mdv2007.1.x86_64.rpm
c298bd4969d404cf917496daf93fae2e 2007.1/x86_64/x11-server-xfbdev-1.2.0-9.3mdv2007.1.x86_64.rpm
6deb0b784971e39c3a488ec8cbd14393 2007.1/x86_64/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.x86_64.rpm
7e17896d835ba51451c04d075db91894 2007.1/x86_64/x11-server-xnest-1.2.0-9.3mdv2007.1.x86_64.rpm
2aab234827f3c4d61c47d5ebd7af4a8b 2007.1/x86_64/x11-server-xorg-1.2.0-9.3mdv2007.1.x86_64.rpm
8cfcf665a3979e1faaab471444adcd64 2007.1/x86_64/x11-server-xprt-1.2.0-9.3mdv2007.1.x86_64.rpm
657e13900d1e6a9844261e4428fb2776 2007.1/x86_64/x11-server-xsdl-1.2.0-9.3mdv2007.1.x86_64.rpm
61186f95dc6356f5be674d0497fc2251 2007.1/x86_64/x11-server-xvfb-1.2.0-9.3mdv2007.1.x86_64.rpm
287707c225cb7f3069ed2393b7f6dcbb 2007.1/x86_64/x11-server-xvnc-1.2.0-9.3mdv2007.1.x86_64.rpm
893f78ce4f78b7def6d01c02d28262b7 2007.1/SRPMS/x11-server-1.2.0-9.3mdv2007.1.src.rpm
6df770cb70e3eb4bc5cd9baa9af8b0c9 2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.2mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG5xaqmqjQ0CJFipgRAhRuAJ9Y5j0mYanN/+HMYvdSBybAFfIm2QCcC1Ul
fqRU1TTiYp26HW5hDH6qFLc=
=qpa2
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007178__updated_x11_server_packages_fix_vulnerability.html)