Mandriva Linux Security Advisory 2008-115

Mandriva Linux Security Advisory 2008-115: Posted Jun 17, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server.; tags | advisory, denial of service, overflow, arbitrary, root; systems | linux, mandriva; advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361; SHA-256 | e0eb11d8b1184320ed2e29b9902a06050ddda7312561602b4589d9c728f495d3; Download | Favorite | View

Mandriva Linux Security Advisory 2008-115


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:115
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : XFree86
 Date    : June 16, 2008
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 An input validation flaw was found in X.org's Security and Record
 extensions.  A malicious authorized client could exploit the issue
 to cause a denial of service (crash) or possibly execute arbitrary
 code with root privileges on the X.org server (CVE-2008-1377).
 
 An input validation flaw was found in X.org's MIT-SHM extension.
 A client connected to the X.org server could read arbitrary server
 memory, resulting in the disclosure of sensitive data of other users
 of the X.org server (CVE-2008-1379).
 
 Multiple integer overflows were found in X.org's Render extension.
 A malicious authorized client could explot these issues to cause a
 denial of service (crash) or possibly execute arbitrary code with
 root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361).
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 a305bb0ad6cd2be60f7adedd5e164411  corporate/3.0/i586/libxfree86-4.3-32.16.C30mdk.i586.rpm
 27f01f163d1d8cb6fd33e852de531a1a  corporate/3.0/i586/libxfree86-devel-4.3-32.16.C30mdk.i586.rpm
 19c3b2641c0aa86a21049e90c2b3ccd9  corporate/3.0/i586/libxfree86-static-devel-4.3-32.16.C30mdk.i586.rpm
 4a0413a3568d7dc418b2d1c2468177ea  corporate/3.0/i586/X11R6-contrib-4.3-32.16.C30mdk.i586.rpm
 54b2492a5c3b21fa05587adff48aa080  corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.16.C30mdk.i586.rpm
 687c21c83530c0d8d306b0c180b0a8d8  corporate/3.0/i586/XFree86-4.3-32.16.C30mdk.i586.rpm
 d3c807bae1c0b26c40043f3a395df345  corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.16.C30mdk.i586.rpm
 78ad2ccdaa585998aff8382d80a611e2  corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.16.C30mdk.i586.rpm
 9526a9761a714042287a6021438ecbb3  corporate/3.0/i586/XFree86-doc-4.3-32.16.C30mdk.i586.rpm
 d234ed69212ada78d4e89fbbb9a37c0f  corporate/3.0/i586/XFree86-glide-module-4.3-32.16.C30mdk.i586.rpm
 b347db273e18d7d6500b5a4850b3b31c  corporate/3.0/i586/XFree86-server-4.3-32.16.C30mdk.i586.rpm
 8628b4470e7324c2ddc933ed81261fcd  corporate/3.0/i586/XFree86-xfs-4.3-32.16.C30mdk.i586.rpm
 06a7a3a7d44d37364d41ebfcd97708c8  corporate/3.0/i586/XFree86-Xnest-4.3-32.16.C30mdk.i586.rpm
 6334310368ddee26fd3727222a88f016  corporate/3.0/i586/XFree86-Xvfb-4.3-32.16.C30mdk.i586.rpm 
 e0cc44b644c9f867f1f89b4a4fb61de2  corporate/3.0/SRPMS/XFree86-4.3-32.16.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 fdae8ca675e6a92d5f3e6a3e12f8dabe  corporate/3.0/x86_64/lib64xfree86-4.3-32.16.C30mdk.x86_64.rpm
 80fe75f04ad54d8e2579cd11714b9079  corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.16.C30mdk.x86_64.rpm
 5b7669cd92060f8e4bb3bb78d366654f  corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.16.C30mdk.x86_64.rpm
 65b98282d535bf04971e11ee5f8bff44  corporate/3.0/x86_64/X11R6-contrib-4.3-32.16.C30mdk.x86_64.rpm
 9ad69cc110dc9bc3f9c2d37d2b157a68  corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.16.C30mdk.x86_64.rpm
 35d8852fd52f67a3db58cfbb71d88b95  corporate/3.0/x86_64/XFree86-4.3-32.16.C30mdk.x86_64.rpm
 0db3d42580a476faee7202b48a546586  corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.16.C30mdk.x86_64.rpm
 1bde0c17d8b6f99bbb1060695395e79e  corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.16.C30mdk.x86_64.rpm
 f38e44512019a5b9f13c9bd19d827e56  corporate/3.0/x86_64/XFree86-doc-4.3-32.16.C30mdk.x86_64.rpm
 b36b4dc06a9f52b3842910f5783c7f3b  corporate/3.0/x86_64/XFree86-server-4.3-32.16.C30mdk.x86_64.rpm
 498d4e9e3d4840fb8ef41c854180f954  corporate/3.0/x86_64/XFree86-xfs-4.3-32.16.C30mdk.x86_64.rpm
 0526b4c13823d7562f53087a1a5d1dac  corporate/3.0/x86_64/XFree86-Xnest-4.3-32.16.C30mdk.x86_64.rpm
 143b310524114a3887e034878a2be14d  corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.16.C30mdk.x86_64.rpm 
 e0cc44b644c9f867f1f89b4a4fb61de2  corporate/3.0/SRPMS/XFree86-4.3-32.16.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIVprwmqjQ0CJFipgRAm5qAJ9LC+6u7y+7mu/WWvhEljhK2ZGyXACfanhh
dxlwGggq7YoB37Ung4mF7A8=
=mbny
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 61 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
Google Security Research 5 files
nu11secur1ty 5 files
Jann Horn 5 files
h00die 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,508)
UNIX (9,402)
UnixWare (187)
Windows (6,660)
Other

Mandriva Linux Security Advisory 2008-115

Mandriva Linux Security Advisory 2008-115

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mandriva Linux Security Advisory 2008-115

Share This

Mandriva Linux Security Advisory 2008-115

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems