Nom du paquet
xorg-x11
Date
2007-04-11
Advisory ID
MDKSA-2007:079-1
Affected versions
2007.1 i586 , 2007.1 x86_64

Problem description

Local exploitation of a memory corruption vulnerability in the X.Org
and XFree86 X server could allow an attacker to execute arbitrary
code with privileges of the X server, typically root.

The vulnerability exists in the ProcXCMiscGetXIDList() function in the
XC-MISC extension. This request is used to determine what resource IDs
are available for use. This function contains two vulnerabilities,
both result in memory corruption of either the stack or heap. The
ALLOCATE_LOCAL() macro used by this function allocates memory on the
stack using alloca() on systems where alloca() is present, or using
the heap otherwise. The handler function takes a user provided value,
multiplies it, and then passes it to the above macro. This results in
both an integer overflow vulnerability, and an alloca() stack pointer
shifting vulnerability. Both can be exploited to execute arbitrary
code. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled
various font files. A malicious local user could exploit these issues
to potentially execute arbitrary code with the privileges of the
X.org server. (CVE-2007-1351, CVE-2007-1352)

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
ImageMagick, allow user-assisted remote attackers to cause a denial
of service (crash) or information leak via crafted images with large
or negative values that trigger a buffer overflow. (CVE-2007-1667)

Updated packages are patched to address these issues.

Update:

Packages for Mandriva Linux 2007.1 are now available.

Updated packages

2007.1 i586

 094834b9cec06d41814fcfbb4826a1b4  2007.1/i586/libx11-common-1.1.1-2.1mdv2007.1.i586.rpm
 60ba6ee2def612bab83b056aa9143c28  2007.1/i586/libx11_6-1.1.1-2.1mdv2007.1.i586.rpm
 83832a8b9a359f0199bf0b58024bcc93  2007.1/i586/libx11_6-devel-1.1.1-2.1mdv2007.1.i586.rpm
 e7f0426150c15b701dca49a131d4f911  2007.1/i586/libx11_6-static-devel-1.1.1-2.1mdv2007.1.i586.rpm
 4d737b55208b15a17076ea417fef6e83  2007.1/i586/libxfont1-1.2.7-1.1mdv2007.1.i586.rpm
 28b347acb8851ef8cdc9b8b61ffb669b  2007.1/i586/libxfont1-devel-1.2.7-1.1mdv2007.1.i586.rpm
 aa2e50b1ee6967c2ed3bb8c6dc64c84b  2007.1/i586/libxfont1-static-devel-1.2.7-1.1mdv2007.1.i586.rpm
 530b51e76f6b9a0df342719a8b9ddb99  2007.1/i586/x11-server-1.2.0-8.1mdv2007.1.i586.rpm
 9d717cb5fab234a4c76a4a0811bf4638  2007.1/i586/x11-server-common-1.2.0-8.1mdv2007.1.i586.rpm
 5a47c5a19827c3e820b02c2db7796659  2007.1/i586/x11-server-devel-1.2.0-8.1mdv2007.1.i586.rpm
 76a33d69862b1c457a2cec21a37b51d8  2007.1/i586/x11-server-xati-1.2.0-8.1mdv2007.1.i586.rpm
 880f19417b5379635ddb6c5f2e612971  2007.1/i586/x11-server-xchips-1.2.0-8.1mdv2007.1.i586.rpm
 dc8db2e2fa639a5e5590a9301590e58a  2007.1/i586/x11-server-xdmx-1.2.0-8.1mdv2007.1.i586.rpm
 b71ce20ae5de448b2e54d6458df98526  2007.1/i586/x11-server-xephyr-1.2.0-8.1mdv2007.1.i586.rpm
 fed1ade3cb4ca74c6362837618a5452c  2007.1/i586/x11-server-xepson-1.2.0-8.1mdv2007.1.i586.rpm
 9e3f8d012b49126ee4b217dd24521f29  2007.1/i586/x11-server-xfake-1.2.0-8.1mdv2007.1.i586.rpm
 15adb208aac159c1575a3ddd77ffbaee  2007.1/i586/x11-server-xfbdev-1.2.0-8.1mdv2007.1.i586.rpm
 37b8f6fdbfca1dc9192758dabd9b5adc  2007.1/i586/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.i586.rpm
 f8a04c4056025562b4e280a09c5c8577  2007.1/i586/x11-server-xi810-1.2.0-8.1mdv2007.1.i586.rpm
 ce53fc038ab1f432b216d4057e53057d  2007.1/i586/x11-server-xmach64-1.2.0-8.1mdv2007.1.i586.rpm
 a6fe363ba43b509661709a3c9245ba8c  2007.1/i586/x11-server-xmga-1.2.0-8.1mdv2007.1.i586.rpm
 d95d4a1b0b7e9bdee00f7cf90e934a39  2007.1/i586/x11-server-xneomagic-1.2.0-8.1mdv2007.1.i586.rpm
 7718f0eabcc0b212012ffb0e5c8e6a26  2007.1/i586/x11-server-xnest-1.2.0-8.1mdv2007.1.i586.rpm
 5c06fbc05c7ea8abfdb4ecdeb2ce2d75  2007.1/i586/x11-server-xnvidia-1.2.0-8.1mdv2007.1.i586.rpm
 aa416e9d9cc207be2c801c4570d43015  2007.1/i586/x11-server-xorg-1.2.0-8.1mdv2007.1.i586.rpm
 9076d8da47cfa869a84896cd26722ecc  2007.1/i586/x11-server-xpm2-1.2.0-8.1mdv2007.1.i586.rpm
 b6c9e9c76bfb9ad237fff6b4c2ce2e04  2007.1/i586/x11-server-xprt-1.2.0-8.1mdv2007.1.i586.rpm
 dcaf5905ffdd594ac3b97aa1b94baae6  2007.1/i586/x11-server-xr128-1.2.0-8.1mdv2007.1.i586.rpm
 770630c3643c095ba99d8fbd838bf148  2007.1/i586/x11-server-xsdl-1.2.0-8.1mdv2007.1.i586.rpm
 57c93b2b5f8e289063dc5bd678a15e17  2007.1/i586/x11-server-xsmi-1.2.0-8.1mdv2007.1.i586.rpm
 8e26db22cbba03a68962ecaa7f0f40d0  2007.1/i586/x11-server-xvesa-1.2.0-8.1mdv2007.1.i586.rpm
 caa3a31e61065af8dd25b8f115657910  2007.1/i586/x11-server-xvfb-1.2.0-8.1mdv2007.1.i586.rpm
 f5baee2c239e4b9d5f5c1e0d0ae64ddd  2007.1/i586/x11-server-xvia-1.2.0-8.1mdv2007.1.i586.rpm
 1be993d23f79ba6356b7dfcb0dd36b44  2007.1/i586/x11-server-xvnc-1.2.0-8.1mdv2007.1.i586.rpm 
 aeba38426c094f892a8db7c56ed8c301  2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm

2007.1 x86_64

 a8e9b831949d99880f61e496fcda81fa  2007.1/x86_64/lib64x11_6-1.1.1-2.1mdv2007.1.x86_64.rpm
 8a2cdcf52cb086a7ec479585f4615aff  2007.1/x86_64/lib64x11_6-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 9a3f679f360cf576598f3bd2058b441c  2007.1/x86_64/lib64x11_6-static-devel-1.1.1-2.1mdv2007.1.x86_64.rpm
 38588291d4baf93d53f2cacfc91470fc  2007.1/x86_64/lib64xfont1-1.2.7-1.1mdv2007.1.x86_64.rpm
 08a34ff0e3a6a6c25beaef8b5f4d6dbf  2007.1/x86_64/lib64xfont1-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 0709d442ee2fdc7134abb5d1a71afab1  2007.1/x86_64/lib64xfont1-static-devel-1.2.7-1.1mdv2007.1.x86_64.rpm
 ee41dd9b5381466727456905d4c2b29a  2007.1/x86_64/libx11-common-1.1.1-2.1mdv2007.1.x86_64.rpm
 99fdfc64834e47ed1efc35796f1da887  2007.1/x86_64/x11-server-1.2.0-8.1mdv2007.1.x86_64.rpm
 47570e6070fc356fe3213d5787990a1c  2007.1/x86_64/x11-server-common-1.2.0-8.1mdv2007.1.x86_64.rpm
 deb1c9a780b5789f71c7b3bc23c24f2c  2007.1/x86_64/x11-server-devel-1.2.0-8.1mdv2007.1.x86_64.rpm
 21d5e1148cc503e47a135fad2cf10257  2007.1/x86_64/x11-server-xdmx-1.2.0-8.1mdv2007.1.x86_64.rpm
 500a8bb735d0cdda28044f85d436ea64  2007.1/x86_64/x11-server-xephyr-1.2.0-8.1mdv2007.1.x86_64.rpm
 b7a993ad6689524f5328861f1415af4a  2007.1/x86_64/x11-server-xfake-1.2.0-8.1mdv2007.1.x86_64.rpm
 bbcf31887871cb70d78b6c8c45bd236a  2007.1/x86_64/x11-server-xfbdev-1.2.0-8.1mdv2007.1.x86_64.rpm
 03627273fc38f69659e62dff615e8dee  2007.1/x86_64/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.x86_64.rpm
 f393ec9760d243e1171a7ad38d0ed70d  2007.1/x86_64/x11-server-xnest-1.2.0-8.1mdv2007.1.x86_64.rpm
 95aeec7bb4cf44b44ae9c7ae8f020c6f  2007.1/x86_64/x11-server-xorg-1.2.0-8.1mdv2007.1.x86_64.rpm
 00e692ed014b06e59922e12d8de52e16  2007.1/x86_64/x11-server-xprt-1.2.0-8.1mdv2007.1.x86_64.rpm
 c0d22ee28f8e7fd394cf6e9cdcd7a876  2007.1/x86_64/x11-server-xsdl-1.2.0-8.1mdv2007.1.x86_64.rpm
 d6f33606ca00eb807db566dab93830f5  2007.1/x86_64/x11-server-xvfb-1.2.0-8.1mdv2007.1.x86_64.rpm
 e35758ceb44dddd8e368d0535ad03c49  2007.1/x86_64/x11-server-xvnc-1.2.0-8.1mdv2007.1.x86_64.rpm 
 aeba38426c094f892a8db7c56ed8c301  2007.1/SRPMS/libx11-1.1.1-2.1mdv2007.1.src.rpm
 0e7061bca9907c2b0eca9dacdab4403c  2007.1/SRPMS/libxfont-1.2.7-1.1mdv2007.1.src.rpm
 4f8be7e1843b036a3368f13d4d6a964b  2007.1/SRPMS/x11-server-1.2.0-8.1mdv2007.1.src.rpm
 3771f05b9e14a04e41905e6d145d0c41  2007.1/SRPMS/x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1.src.rpm

References