Nom du paquet
xorg-x11
Date
2008-01-23
Advisory ID
MDVSA-2008:022
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which if exploited could lead to local privilege
escalation (CVE-2007-4730).

An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause
a denial of service (crash), or potentially execute arbitrary code
with root privileges on the X.org server (CVE-2007-5760).

A flaw was found in the X.org server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).

A memory corruption flaw was found in the X.org server's XInput
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-6427).

An information disclosure flaw was found in the X.org server's TOG-CUP
extension that could allow a malicious authorized client to cause
a denial of service (crash) or potentially view arbitrary memory
content within the X.org server's address space (CVE-2007-6428).

Two integer overflow flaws were found in the X.org server's EVI and
MIT-SHM modules that could allow a malicious authorized client to
cause a denial of service (crash) or potentially execute arbitrary
code with the privileges of the X.org server (CVE-2007-6429).

A heap-based buffer overflow flaw was found in how the X.org server
handled malformed font files that could allow a malicious local user
to potentially execute arbitrary code with the privileges of the
X.org server (CVE-2008-0006).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 aa9933a623aacfb3ef98af60bdf02978  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.17.20060mlcs4.x86_64.rpm
 c16ee8baaa17ae5559abdf05a68b29b7  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.17.20060mlcs4.x86_64.rpm
 dbb91844486b5d2810179df77c79d9cb  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.17.20060mlcs4.x86_64.rpm
 c9ef3ba366265a7a98dc7702783d8e0b  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.17.20060mlcs4.x86_64.rpm
 d13fe9fc2cff5b2586150a90ec5007e0  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm
 0b7271ca041dfaffcfc80accb94147e2  corporate/4.0/x86_64/xorg-x11-6.9.0-5.17.20060mlcs4.x86_64.rpm
 19bb3f9eb4b3de572c392502b7fc85b4  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm
 b4f05761ce514904d2ca9a4f2d2b0c78  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.17.20060mlcs4.x86_64.rpm
 eb0dbdf467755e2e97812e08b5aaa9f4  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.17.20060mlcs4.x86_64.rpm
 7d6eb9f8fe531fbbbd4103aa7372f20a  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.17.20060mlcs4.x86_64.rpm
 bc662a72716be2960e8dcc753f6d6000  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.17.20060mlcs4.x86_64.rpm
 93f41ba4dadacc7b52e19e6be7bc2e03  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm
 6a4a81a0b5636fabb82076fdf8af77f1  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.17.20060mlcs4.x86_64.rpm
 eccbe735c36fa828af2f847e57179654  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.17.20060mlcs4.x86_64.rpm
 d9a11280a9c4708247bfd57020f8aa72  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.17.20060mlcs4.x86_64.rpm
 09494026941f6d0c0b1ed762e4a8fa82  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.17.20060mlcs4.x86_64.rpm
 13e12eff1eda79197b9461be4104b37a  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.17.20060mlcs4.x86_64.rpm 
 6fe68d18ca8573fa8f8ef54044f04bd9  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.17.20060mlcs4.src.rpm

CS4.0 i586

 745259cf5b88b71fc3bd7789f499d5fa  corporate/4.0/i586/X11R6-contrib-6.9.0-5.17.20060mlcs4.i586.rpm
 52427cf3c1baca4faeb5b0270486afb1  corporate/4.0/i586/libxorg-x11-6.9.0-5.17.20060mlcs4.i586.rpm
 0104d49fd4dc17d675e97bd78c39dcb7  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.17.20060mlcs4.i586.rpm
 0a4a5623e79a93dc8c9cf149f8802df5  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.17.20060mlcs4.i586.rpm
 7a1a346cbeaccf5529c9369834b9c141  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.17.20060mlcs4.i586.rpm
 8b08ddcbcb9d2e44e113dabbcaa31f3f  corporate/4.0/i586/xorg-x11-6.9.0-5.17.20060mlcs4.i586.rpm
 f9d8d3489804385eeea25f14d431ac6c  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.17.20060mlcs4.i586.rpm
 664c44d87d9aac5923b6ba23c9415a93  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.17.20060mlcs4.i586.rpm
 b987adc63236649ab473d1613a610b59  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.17.20060mlcs4.i586.rpm
 1640c9b1f6d92092982ca24d41c3c2cc  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.17.20060mlcs4.i586.rpm
 2c327bbfa16512a74ea1e6497312a474  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.17.20060mlcs4.i586.rpm
 bb338bd4893fa9ec954bfdaee111e8fa  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.17.20060mlcs4.i586.rpm
 226b8d73d9f4752ca96b0af4d8d2dc8c  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.17.20060mlcs4.i586.rpm
 fbc643b4ddff57a15259ebdcee83ae3b  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.17.20060mlcs4.i586.rpm
 d094dff242abe72e8629587f407e5372  corporate/4.0/i586/xorg-x11-server-6.9.0-5.17.20060mlcs4.i586.rpm
 cadc6217f3231657004c33a0e4ee8176  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.17.20060mlcs4.i586.rpm
 090cbdc2ffb0c87e633877a082f618d2  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.17.20060mlcs4.i586.rpm 
 6fe68d18ca8573fa8f8ef54044f04bd9  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.17.20060mlcs4.src.rpm

References