Package name
xorg-x11
Date
2007-04-04
Advisory ID
MDKSA-2007:079
Affected versions
CS4.0 x86_64 , 2007.0 x86_64 , 2007.0 i586 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586

Problem description

Local exploitation of a memory corruption vulnerability in the X.Org
and XFree86 X server could allow an attacker to execute arbitrary code
with privileges of the X server, typically root.

The vulnerability exists in the ProcXCMiscGetXIDList() function in the
XC-MISC extension. This request is used to determine what resource IDs
are available for use. This function contains two vulnerabilities,
both result in memory corruption of either the stack or heap. The
ALLOCATE_LOCAL() macro used by this function allocates memory on the
stack using alloca() on systems where alloca() is present, or using
the heap otherwise. The handler function takes a user provided value,
multiplies it, and then passes it to the above macro. This results in
both an integer overflow vulnerability, and an alloca() stack pointer
shifting vulnerability. Both can be exploited to execute arbitrary
code. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled
various font files. A malicious local user could exploit these issues
to potentially execute arbitrary code with the privileges of the X.org
server. (CVE-2007-1351, CVE-2007-1352)

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial
of service (crash) or information leak via crafted images with large
or negative values that trigger a buffer overflow. (CVE-2007-1667)

Updated packages are patched to address these issues.

Updated packages

CS4.0 x86_64

 32ff784cd7c2401ee6bb9cd2b814159b  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.15.20060mlcs4.x86_64.rpm
 d2575d1962896839c66e5a6d4f0d243b  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
 49455f9280c0f2e45cbfe40957644a06  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
 f57c87d13d3411731b28ac002873887f  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm
 cec0f84d92610fe7319678d52f85d69d  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 bbccb6cf65819363d944b72ea5dc0f94  corporate/4.0/x86_64/xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm
 6aef383c3f44fc6b66fc3175084b87fc  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 c036dce014adc7e5a74a181cf9fabdaf  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.x86_64.rpm
 59d992851f3d52838a9515f9449905d5  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.x86_64.rpm
 11867453dc758141fb38c33e3812e8e1  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.x86_64.rpm
 a248cd02f7d7864c779491c6a9e696e1  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.x86_64.rpm
 6bec3e71d6c044a563bca2733260adb9  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm
 d2f5b5cebcecefdce3cc1bfb550bf481  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.15.20060mlcs4.x86_64.rpm
 780c01a55862d4b9ac03286ac787b725  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.x86_64.rpm
 3ad687a6bb67d02ed23cb6d57ca0ea85  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.15.20060mlcs4.x86_64.rpm
 3f02a8bf7e6e94b4696baa3998712dae  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.x86_64.rpm
 5df334cae18035961430532b7fa6a71f  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.x86_64.rpm 
 1e8a87194b755917783b1a6856a684a3  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm

2007.0 x86_64

 19a970386a276dd606b11400cd672c68  2007.0/x86_64/lib64x11_6-1.0.3-2.2mdv2007.0.x86_64.rpm
 694178b488cfb01096ade83be1aa0d4c  2007.0/x86_64/lib64x11_6-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
 9e666c058971ae71a1644115c2dbc851  2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.2mdv2007.0.x86_64.rpm
 ae890ea6d025a00b8d1397fb2a8bee2c  2007.0/x86_64/lib64xfont1-1.1.0-4.2mdv2007.0.x86_64.rpm
 ae510dc95b877ce304c382da30ee6680  2007.0/x86_64/lib64xfont1-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
 f4a67a4311146a73ea1ac5d2a094f511  2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.2mdv2007.0.x86_64.rpm
 b4186951ec846155eef67caf20a713d0  2007.0/x86_64/libx11-common-1.0.3-2.2mdv2007.0.x86_64.rpm
 8e4dc66ec5d759761f8d36dd28194499  2007.0/x86_64/x11-server-1.1.1-11.3mdv2007.0.x86_64.rpm
 932015ff2760dd9d155a3d62255fe9d8  2007.0/x86_64/x11-server-common-1.1.1-11.3mdv2007.0.x86_64.rpm
 89a0a8d5751a07d2533ba5f6afb39584  2007.0/x86_64/x11-server-devel-1.1.1-11.3mdv2007.0.x86_64.rpm
 72fc80b4c4ecbc09a6553375dfb45598  2007.0/x86_64/x11-server-xdmx-1.1.1-11.3mdv2007.0.x86_64.rpm
 4020ee2d1bb311b944b7cee828a9591b  2007.0/x86_64/x11-server-xephyr-1.1.1-11.3mdv2007.0.x86_64.rpm
 ceb7ed60ceabf6beab04fb4f7d5a6b9f  2007.0/x86_64/x11-server-xfake-1.1.1-11.3mdv2007.0.x86_64.rpm
 2e283d8183630848bd4bf3c36ec78da2  2007.0/x86_64/x11-server-xfbdev-1.1.1-11.3mdv2007.0.x86_64.rpm
 41b186290408566c3af16ad56bff4583  2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.x86_64.rpm
 f03f5f7b95ee81d36558cc286dbc09cf  2007.0/x86_64/x11-server-xnest-1.1.1-11.3mdv2007.0.x86_64.rpm
 ded05b44c119989703ec335ef8d7ba77  2007.0/x86_64/x11-server-xorg-1.1.1-11.3mdv2007.0.x86_64.rpm
 58a552e341f4ccf59906f9ff32f1e96b  2007.0/x86_64/x11-server-xprt-1.1.1-11.3mdv2007.0.x86_64.rpm
 908d1a089250581475bf63d3bd615209  2007.0/x86_64/x11-server-xsdl-1.1.1-11.3mdv2007.0.x86_64.rpm
 f1b54633237b6f56857f9022f9621b3a  2007.0/x86_64/x11-server-xvfb-1.1.1-11.3mdv2007.0.x86_64.rpm 
 44e16d3504f636eec6f4d51a5b506d39  2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
 c552e38dc91ffef35ca44c4b5b09d22d  2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
 678c7993955955fe45eb7c3a3d8c51c1  2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
 18a0b058a4b1d5150139dea9a733e024  2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

2007.0 i586

 d96dcc000a74b02fbff0c3c0a5710767  2007.0/i586/libx11-common-1.0.3-2.2mdv2007.0.i586.rpm
 0fbae1a4ac97941ea0f5e95e99fdf568  2007.0/i586/libx11_6-1.0.3-2.2mdv2007.0.i586.rpm
 598252d23e15315d7213b09b1e3050ef  2007.0/i586/libx11_6-devel-1.0.3-2.2mdv2007.0.i586.rpm
 1ffdc1a629ebded0e48cfc1ead8838b5  2007.0/i586/libx11_6-static-devel-1.0.3-2.2mdv2007.0.i586.rpm
 a3b70e66b722738df4d50295dd1a2604  2007.0/i586/libxfont1-1.1.0-4.2mdv2007.0.i586.rpm
 14a727bef0655ad3385305230c16b6df  2007.0/i586/libxfont1-devel-1.1.0-4.2mdv2007.0.i586.rpm
 46a3a943ba47a91cae462289425f1777  2007.0/i586/libxfont1-static-devel-1.1.0-4.2mdv2007.0.i586.rpm
 71733a31bfce2d014975e7be5151fe87  2007.0/i586/x11-server-1.1.1-11.3mdv2007.0.i586.rpm
 b9650f724bcc27c9b02e4591b79a8170  2007.0/i586/x11-server-common-1.1.1-11.3mdv2007.0.i586.rpm
 96291cb67e5effea3226d228934ca668  2007.0/i586/x11-server-devel-1.1.1-11.3mdv2007.0.i586.rpm
 ada36533a54b6abb8d9e05edcbe85a9b  2007.0/i586/x11-server-xati-1.1.1-11.3mdv2007.0.i586.rpm
 65b27efd9b19e654917dc507a9fcc85b  2007.0/i586/x11-server-xchips-1.1.1-11.3mdv2007.0.i586.rpm
 08be63fced01787c67111c49a37a217b  2007.0/i586/x11-server-xdmx-1.1.1-11.3mdv2007.0.i586.rpm
 b3808f59c82737c0a920f120e2821fda  2007.0/i586/x11-server-xephyr-1.1.1-11.3mdv2007.0.i586.rpm
 d11c6a18afe3aed8f1a51bf765bbdf68  2007.0/i586/x11-server-xepson-1.1.1-11.3mdv2007.0.i586.rpm
 87e8f828f97229acd5ad881894cd1e13  2007.0/i586/x11-server-xfake-1.1.1-11.3mdv2007.0.i586.rpm
 f6ffd1174cbf64279a2feb6924f66e42  2007.0/i586/x11-server-xfbdev-1.1.1-11.3mdv2007.0.i586.rpm
 ab872f9c530a3fcc8397b111dfb43b44  2007.0/i586/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.i586.rpm
 fcc1678a7855a9bd889f819a29df978e  2007.0/i586/x11-server-xi810-1.1.1-11.3mdv2007.0.i586.rpm
 3cf1b4fc5536ed5b54e8aad5b268ff2e  2007.0/i586/x11-server-xmach64-1.1.1-11.3mdv2007.0.i586.rpm
 4ca148ffa7d5b363fd8fedfeef1cee71  2007.0/i586/x11-server-xmga-1.1.1-11.3mdv2007.0.i586.rpm
 dbf20841fd17021879081b4a6c869f3e  2007.0/i586/x11-server-xneomagic-1.1.1-11.3mdv2007.0.i586.rpm
 afd9701501cbe1b55cd5936456b04fc8  2007.0/i586/x11-server-xnest-1.1.1-11.3mdv2007.0.i586.rpm
 e91bf46f57be620a10bbbeff792df61b  2007.0/i586/x11-server-xnvidia-1.1.1-11.3mdv2007.0.i586.rpm
 a471731278537202b3c82792ad4e3368  2007.0/i586/x11-server-xorg-1.1.1-11.3mdv2007.0.i586.rpm
 61661f612a200395a9d8a16923876ac8  2007.0/i586/x11-server-xpm2-1.1.1-11.3mdv2007.0.i586.rpm
 c85b6311efa2b1719ab77e5eb7231160  2007.0/i586/x11-server-xprt-1.1.1-11.3mdv2007.0.i586.rpm
 08e47b2ae0c09d5d117e583941535a06  2007.0/i586/x11-server-xr128-1.1.1-11.3mdv2007.0.i586.rpm
 1aa8aa6927148ac3d64dc047709f5abf  2007.0/i586/x11-server-xsdl-1.1.1-11.3mdv2007.0.i586.rpm
 674a1a4c2fb68d234153033efae15394  2007.0/i586/x11-server-xsmi-1.1.1-11.3mdv2007.0.i586.rpm
 77e6c7649a00f81d7538593b99d0678a  2007.0/i586/x11-server-xvesa-1.1.1-11.3mdv2007.0.i586.rpm
 bd6c55d0ad9e770d5680ae9dbd687a02  2007.0/i586/x11-server-xvfb-1.1.1-11.3mdv2007.0.i586.rpm
 9867b8ebc08673dc8cf55a888bc0b22d  2007.0/i586/x11-server-xvia-1.1.1-11.3mdv2007.0.i586.rpm 
 44e16d3504f636eec6f4d51a5b506d39  2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm
 c552e38dc91ffef35ca44c4b5b09d22d  2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm
 678c7993955955fe45eb7c3a3d8c51c1  2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm
 18a0b058a4b1d5150139dea9a733e024  2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm

CS4.0 i586

 e63a99edfa23138af23caa7c9c980d54  corporate/4.0/i586/X11R6-contrib-6.9.0-5.15.20060mlcs4.i586.rpm
 9fa37dcac91bc52853239a3b86acbfa8  corporate/4.0/i586/libxorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
 b34ee5541e4d8e7f37dcde66a75c6cfb  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.15.20060mlcs4.i586.rpm
 71d076aff757c1778782065b3e7de161  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.15.20060mlcs4.i586.rpm
 59b2613a3f02781d966b76751a4f432c  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 111813e2cbdeef71c025de2235199e90  corporate/4.0/i586/xorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm
 44b0a56d98313c72b05bfc4b28ff024b  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 08026da35859225b367ab26e813d57d7  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.i586.rpm
 46f848204211932f59a8ecaf02a3894e  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.i586.rpm
 eb232b39a68609ffb5adc5f472dc5d1d  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.i586.rpm
 055b63beae6e771a6b948049fed128cf  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.i586.rpm
 b2438635efdf6ed16508580cc901ecb5  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.i586.rpm
 91ac90d71030f3bfe0fdb9ddaf2ad816  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.15.20060mlcs4.i586.rpm
 bf50b7e3fa360f3fd1aa61444526b9b8  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.i586.rpm
 372cfc8231f2f2d31760f165ee80d4e6  corporate/4.0/i586/xorg-x11-server-6.9.0-5.15.20060mlcs4.i586.rpm
 7a73f4094d5ea7c3020a3b78ea9c9c98  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.i586.rpm
 61bd1d2dae41148425196597d28460af  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.i586.rpm 
 1e8a87194b755917783b1a6856a684a3  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm

CS3.0 x86_64

 2bd23a1148e5b379ff0305d9f96032f0  corporate/3.0/x86_64/X11R6-contrib-4.3-32.13.C30mdk.x86_64.rpm
 dc08cee63f5dcbed1b036c3708a657a1  corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
 171a7012e64618b79dc8880180093f76  corporate/3.0/x86_64/XFree86-4.3-32.13.C30mdk.x86_64.rpm
 de12bcbf7f7ebdec9becb1c051162ecf  corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm
 7f208dc7263f1558cf3f10e04e1ed5c9  corporate/3.0/x86_64/XFree86-Xnest-4.3-32.13.C30mdk.x86_64.rpm
 c24a2d0fa210741e5aade751bd8a61df  corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.13.C30mdk.x86_64.rpm
 a89a370a0185521e83c37b8daf60fdd0  corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.x86_64.rpm
 840dbd21393e5611d162ccf755792d4f  corporate/3.0/x86_64/XFree86-doc-4.3-32.13.C30mdk.x86_64.rpm
 b9595f9ffe3bc8a1d16522b6a47d5598  corporate/3.0/x86_64/XFree86-server-4.3-32.13.C30mdk.x86_64.rpm
 63479edcdcbe976b96582c481b986f5e  corporate/3.0/x86_64/XFree86-xfs-4.3-32.13.C30mdk.x86_64.rpm
 525e0d97ff88d1905502d405f90d4085  corporate/3.0/x86_64/lib64xfree86-4.3-32.13.C30mdk.x86_64.rpm
 66f6f35a1c45d88672bbc2b2ea9c8f2d  corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.13.C30mdk.x86_64.rpm
 2717e4c7875f4de5e880ad95b595fecd  corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.13.C30mdk.x86_64.rpm 
 5f194d3c82ab8f214c16f33bd4952107  corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

CS3.0 i586

 918c04c922a1613680cbbe9487e96c1f  corporate/3.0/i586/X11R6-contrib-4.3-32.13.C30mdk.i586.rpm
 89f73d5c80e4c5ff474b115d825b5c09  corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.13.C30mdk.i586.rpm
 4a350003e29da90f9e20cfc490630e44  corporate/3.0/i586/XFree86-4.3-32.13.C30mdk.i586.rpm
 c1337f1ed5267d530dbf665f50619145  corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.13.C30mdk.i586.rpm
 38c323d2e089e7f1cac411c6156a5025  corporate/3.0/i586/XFree86-Xnest-4.3-32.13.C30mdk.i586.rpm
 9b18d33108c7d5aafb3e2d689045e91a  corporate/3.0/i586/XFree86-Xvfb-4.3-32.13.C30mdk.i586.rpm
 7fc5ac98bb77dc5ed11b52a17ca1ab18  corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.i586.rpm
 be5ab8321d77e24e57553c9e537082e6  corporate/3.0/i586/XFree86-doc-4.3-32.13.C30mdk.i586.rpm
 19353085c52e811da6d5cc9f173abb4a  corporate/3.0/i586/XFree86-glide-module-4.3-32.13.C30mdk.i586.rpm
 3373a7e9398a1788ab4bea0f12a9dce2  corporate/3.0/i586/XFree86-server-4.3-32.13.C30mdk.i586.rpm
 f78239e305badabba3d638b361473436  corporate/3.0/i586/XFree86-xfs-4.3-32.13.C30mdk.i586.rpm
 69b594d3b0438be4c25c36abb37e5159  corporate/3.0/i586/libxfree86-4.3-32.13.C30mdk.i586.rpm
 9d1c0eb89083a9f62c14d29126a0ce06  corporate/3.0/i586/libxfree86-devel-4.3-32.13.C30mdk.i586.rpm
 c67bddf7736902533773979e627b8761  corporate/3.0/i586/libxfree86-static-devel-4.3-32.13.C30mdk.i586.rpm 
 5f194d3c82ab8f214c16f33bd4952107  corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm

References