MDVSA-2008:179

Package name

metisse

Date

2008-08-21

Advisory ID

MDVSA-2008:179

Affected versions

2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

An input validation flaw was found in X.org's MIT-SHM extension.
A client connected to the X.org server could read arbitrary server
memory, resulting in the disclosure of sensitive data of other users
of the X.org server (CVE-2008-1379).

Multiple integer overflows were found in X.org's Render extension.
A malicious authorized client could explot these issues to cause a
denial of service (crash) or possibly execute arbitrary code with
root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362).

The Metisse program is likewise affected by these issues; the updated
packages have been patched to prevent them.

Updated packages

2008.1 i586

 19c95e15e5b2b8a1e6cffc6c41ced6d2  2008.1/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 c80e03efeb74f3a21bacb8ed273c901f  2008.1/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 24ad66bd13b18e5c9a912d3208418f73  2008.1/i586/metisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
 3af08353f0d5dd56f90d368a5f220e63  2008.1/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.i586.rpm
 efcef9f64f1b04b4ab98e87519e60ef3  2008.1/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm 
 23ee1812f563c203cd466d735f57a1b3  2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm

2008.1 x86_64

 1feb9051196c49b31990a0110cd1c005  2008.1/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 9c0a16ed2d43e8b49ec5ebf58326c7f8  2008.1/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 8f25e6cd1bb812e73ec3e1830252b81d  2008.1/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
 9e3bce06db9b7f5632bb3bbe2d20f406  2008.1/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.x86_64.rpm
 2acc17c95fad1de143c11ca9a6bd8f32  2008.1/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm 
 23ee1812f563c203cd466d735f57a1b3  2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm

2008.0 i586

 209b749ac3a7961ddc93878b7fec9aea  2008.0/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 0f6412f126bee76be7b284010de0fa56  2008.0/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 43a3e0d932827212574410a4d7afb047  2008.0/i586/metisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
 4ec03d743d7cf8592b1a48535004218b  2008.0/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.i586.rpm
 e9dedb6ee7e27e3f877dd8be560ef30f  2008.0/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm 
 30a7265222bf23c2d5381b166effb970  2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

2008.0 x86_64

 d9825ccef1440ba9b175c62e7ebf0375  2008.0/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 157e7e05de6b0a4e76b01d507356f4ee  2008.0/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 ae43e394fcb45cd6a133dd149f8f8c1e  2008.0/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
 af06fb5b120956f5773100dbe693d422  2008.0/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.x86_64.rpm
 d9f2a0c5d5d414e8807f1f769d9fed60  2008.0/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm 
 30a7265222bf23c2d5381b166effb970  2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362