HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
ced5c6740042c0cd094d009d362b7d7685ebb91d5fe0e017b9aab934a40f69b1Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200801-09:03 - The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. Versions less than 1.3.0.0-r5 are affected.
ec9718e4bc7cbfde57e6fbae71ba194bdc3199ce1bdd7c9822705ba14c88559bMandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server-xgl.
92ecb1a076f5e1d5237fd0dc8af22f189ba31dda87c81dcb4ac65d4633e134cbMandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server.
7899a5f8c05a71db0dc6e0db3895c11521ba293b378be8e22f34b011a7f8e84cMandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in xorg-X11.
2690245c14cccd070bbdc7a657598d08fbe2f618754259f55d88d7477ba76eceMandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in XFree86.
361ca5c5a576c2dead010393dc88fc0b7518b65926bef03bec670799801efe06Debian Security Advisory 1466-3 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (Sarge) in addition to the fixed packages for Debian stable (Etch), which were provided in DSA 1466-2.
7cf5d67192897942775250970ee137f0418d36a2330262b64f97e3001e0038efGentoo Linux Security Advisory GLSA 200801-09 - Multiple vulnerabilities have been discovered in the X.Org X server and Xfont library, allowing for a local privilege escalation and arbitrary code execution. Versions less than 1.3.0.0-r4 are affected.
7d28a99b610fcc02ab4b414215a56c997828db0b9753eaf6810776b58b6c869fDebian Security Advisory 1466-2 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update fixes this problem and also references the patch for CVE-2008-0006, which was included in the previous update, but not mentioned in the advisory text.
7880a06b59c46aba294ba5d3373d2819e546eb39e8fe850e19452ad8e5448397Ubuntu Security Notice 571-2 - USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.
fbf38ace466f8679c27a645bf67eedb816d28d94e4c9f155caed68a4b00432cbiDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4357bff2a486d2934d0def5af55ed1b0333abfe4897f136cdcb70115231ac4b8Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.
ed802d7374761fc7f216b15cd6a5443aef8801fd64dc5cd436bba1141cfd5934Debian Security Advisory 1466-1 - Several local vulnerabilities have been discovered in the X.Org X server.
e6e2a481ccdd75f77778bd93cac243335052c16bf8480c3180dbf7cf634d7cfaSUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.
db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed