what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-115

Mandriva Linux Security Advisory 2008-115
Posted Jun 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361
SHA-256 | e0eb11d8b1184320ed2e29b9902a06050ddda7312561602b4589d9c728f495d3

Mandriva Linux Security Advisory 2008-115

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:115
http://www.mandriva.com/security/
_______________________________________________________________________

Package : XFree86
Date : June 16, 2008
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

An input validation flaw was found in X.org's Security and Record
extensions. A malicious authorized client could exploit the issue
to cause a denial of service (crash) or possibly execute arbitrary
code with root privileges on the X.org server (CVE-2008-1377).

An input validation flaw was found in X.org's MIT-SHM extension.
A client connected to the X.org server could read arbitrary server
memory, resulting in the disclosure of sensitive data of other users
of the X.org server (CVE-2008-1379).

Multiple integer overflows were found in X.org's Render extension.
A malicious authorized client could explot these issues to cause a
denial of service (crash) or possibly execute arbitrary code with
root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361).

The updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
a305bb0ad6cd2be60f7adedd5e164411 corporate/3.0/i586/libxfree86-4.3-32.16.C30mdk.i586.rpm
27f01f163d1d8cb6fd33e852de531a1a corporate/3.0/i586/libxfree86-devel-4.3-32.16.C30mdk.i586.rpm
19c3b2641c0aa86a21049e90c2b3ccd9 corporate/3.0/i586/libxfree86-static-devel-4.3-32.16.C30mdk.i586.rpm
4a0413a3568d7dc418b2d1c2468177ea corporate/3.0/i586/X11R6-contrib-4.3-32.16.C30mdk.i586.rpm
54b2492a5c3b21fa05587adff48aa080 corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.16.C30mdk.i586.rpm
687c21c83530c0d8d306b0c180b0a8d8 corporate/3.0/i586/XFree86-4.3-32.16.C30mdk.i586.rpm
d3c807bae1c0b26c40043f3a395df345 corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.16.C30mdk.i586.rpm
78ad2ccdaa585998aff8382d80a611e2 corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.16.C30mdk.i586.rpm
9526a9761a714042287a6021438ecbb3 corporate/3.0/i586/XFree86-doc-4.3-32.16.C30mdk.i586.rpm
d234ed69212ada78d4e89fbbb9a37c0f corporate/3.0/i586/XFree86-glide-module-4.3-32.16.C30mdk.i586.rpm
b347db273e18d7d6500b5a4850b3b31c corporate/3.0/i586/XFree86-server-4.3-32.16.C30mdk.i586.rpm
8628b4470e7324c2ddc933ed81261fcd corporate/3.0/i586/XFree86-xfs-4.3-32.16.C30mdk.i586.rpm
06a7a3a7d44d37364d41ebfcd97708c8 corporate/3.0/i586/XFree86-Xnest-4.3-32.16.C30mdk.i586.rpm
6334310368ddee26fd3727222a88f016 corporate/3.0/i586/XFree86-Xvfb-4.3-32.16.C30mdk.i586.rpm
e0cc44b644c9f867f1f89b4a4fb61de2 corporate/3.0/SRPMS/XFree86-4.3-32.16.C30mdk.src.rpm

Corporate 3.0/X86_64:
fdae8ca675e6a92d5f3e6a3e12f8dabe corporate/3.0/x86_64/lib64xfree86-4.3-32.16.C30mdk.x86_64.rpm
80fe75f04ad54d8e2579cd11714b9079 corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.16.C30mdk.x86_64.rpm
5b7669cd92060f8e4bb3bb78d366654f corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.16.C30mdk.x86_64.rpm
65b98282d535bf04971e11ee5f8bff44 corporate/3.0/x86_64/X11R6-contrib-4.3-32.16.C30mdk.x86_64.rpm
9ad69cc110dc9bc3f9c2d37d2b157a68 corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.16.C30mdk.x86_64.rpm
35d8852fd52f67a3db58cfbb71d88b95 corporate/3.0/x86_64/XFree86-4.3-32.16.C30mdk.x86_64.rpm
0db3d42580a476faee7202b48a546586 corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.16.C30mdk.x86_64.rpm
1bde0c17d8b6f99bbb1060695395e79e corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.16.C30mdk.x86_64.rpm
f38e44512019a5b9f13c9bd19d827e56 corporate/3.0/x86_64/XFree86-doc-4.3-32.16.C30mdk.x86_64.rpm
b36b4dc06a9f52b3842910f5783c7f3b corporate/3.0/x86_64/XFree86-server-4.3-32.16.C30mdk.x86_64.rpm
498d4e9e3d4840fb8ef41c854180f954 corporate/3.0/x86_64/XFree86-xfs-4.3-32.16.C30mdk.x86_64.rpm
0526b4c13823d7562f53087a1a5d1dac corporate/3.0/x86_64/XFree86-Xnest-4.3-32.16.C30mdk.x86_64.rpm
143b310524114a3887e034878a2be14d corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.16.C30mdk.x86_64.rpm
e0cc44b644c9f867f1f89b4a4fb61de2 corporate/3.0/SRPMS/XFree86-4.3-32.16.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIVprwmqjQ0CJFipgRAm5qAJ9LC+6u7y+7mu/WWvhEljhK2ZGyXACfanhh
dxlwGggq7YoB37Ung4mF7A8=
=mbny
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close