USN-453-1: X.org vulnerability
Posted on: 04/18/2007 11:45 PM

A new X.org vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-453-1 April 18, 2007
libx11 vulnerability
CVE-2007-1667
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libx11-6 2:1.0.0-0ubuntu9.1

Ubuntu 6.10:
libx11-6 2:1.0.3-0ubuntu4.1

After a standard system upgrade you need to restart your session or
reboot your computer to effect the necessary changes.

Details follow:

Multiple integer overflows were found in the XGetPixel function of
libx11. If a user were tricked into opening a specially crafted XWD
image, remote attackers could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0-0u=
buntu9.1.diff.gz
Size/MD5: 296713 c02907c6ee1ea4d7de17ec328eb3a2ec
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0-0u=
buntu9.1.dsc
Size/MD5: 904 910682e8e8471c93b9c7f350bde18309
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0.or=
ig.tar.gz
Size/MD5: 1864594 67c938b93d52b71d350f8bb61c4ffd98

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.0-0ubuntu9.1_amd64.deb
Size/MD5: 2516010 f7ccc4a58bb4d231b24f7625efbd62fb
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-=
0ubuntu9.1_amd64.deb
Size/MD5: 753850 23e06d9506f145819681b46663f64a63
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
0-0ubuntu9.1_amd64.deb
Size/MD5: 1309144 363c492cab8c189f64e435b11f61cd4f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.0-0ubuntu9.1_i386.deb
Size/MD5: 2357296 37bcfc960b9659eecd4f18e341d042e0
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-=
0ubuntu9.1_i386.deb
Size/MD5: 709932 a8590be9cb19a19f2e2c5a1a5e77891e
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
0-0ubuntu9.1_i386.deb
Size/MD5: 1239616 7ea6287c6c20e3fc7574bc4ece4a6f8a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.0-0ubuntu9.1_powerpc.deb
Size/MD5: 2556312 7b0cbce8570ffb1a28d4db1b4cafea4c
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-=
0ubuntu9.1_powerpc.deb
Size/MD5: 739432 f5bb7c9015bb78a8028fe8ea610f56eb
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
0-0ubuntu9.1_powerpc.deb
Size/MD5: 1278756 cf9f2f37c22e556d944f6770e7245ec3

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.0-0ubuntu9.1_sparc.deb
Size/MD5: 2422854 6c4445eefac1d5db0351c1099076d0f6
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-=
0ubuntu9.1_sparc.deb
Size/MD5: 708368 e4b90a1837c3ac6225ffae953c96c5b6
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
0-0ubuntu9.1_sparc.deb
Size/MD5: 1247782 649b7509afa1fff166aded5c29589727

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3-0u=
buntu4.1.diff.gz
Size/MD5: 95653 63f1ad8426d56ec2b0bf1f06970a5213
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3-0u=
buntu4.1.dsc
Size/MD5: 998 b8f1fcb2a7439eed68327677488c52b7
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3.or=
ig.tar.gz
Size/MD5: 1927173 d734dacf32abebc4001bd7d63076994a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-data_1.0=
.3-0ubuntu4.1_all.deb
Size/MD5: 196810 7fe93ec08c95dae145b50ef747645ac1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.3-0ubuntu4.1_amd64.deb
Size/MD5: 2610148 8b40eb73bfe3e7f2cf4c051176b34ca6
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-=
0ubuntu4.1_amd64.deb
Size/MD5: 611674 146a9b05faf5693e3d2fd434ca96fe0e
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
3-0ubuntu4.1_amd64.deb
Size/MD5: 1224324 0729fc93822f37b6abc336fcce3f35ff

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.3-0ubuntu4.1_i386.deb
Size/MD5: 2551504 884f521b2ff4b92e59ff3b8caef774c2
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-=
0ubuntu4.1_i386.deb
Size/MD5: 581756 a33f587eb982916ae95ca7f8f433b21d
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
3-0ubuntu4.1_i386.deb
Size/MD5: 1181490 998fa42dbe413a679f4ab90a894ca6e7

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.3-0ubuntu4.1_powerpc.deb
Size/MD5: 2655500 ffba7f335c5e51d869a963742398cddc
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-=
0ubuntu4.1_powerpc.deb
Size/MD5: 606146 cd238fe13446b96c55204a6e598bb126
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
3-0ubuntu4.1_powerpc.deb
Size/MD5: 1206196 a66f92c6944f62d1508051bf0e67f4d1

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.=
0.3-0ubuntu4.1_sparc.deb
Size/MD5: 2551334 f29ccc071861a182e6cbc82d9cb3ccb8
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-=
0ubuntu4.1_sparc.deb
Size/MD5: 569312 2f9bc45693e648a4d7b871f9e73b9615
http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.=
3-0ubuntu4.1_sparc.deb
Size/MD5: 1182732 6cb6272593218030c3f38c49c1006025


--cYG5ZC/RuVsIq1ir
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGJp6QH/9LqRcGPm0RAnMNAKCeOxASM8i42nnDXww2xEgW1FIZGACfWz/e
akfswRPjdmE+niMLTc2HvHA=
┬ęKc
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_453_1_xorg_vulnerability.html)