-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:148 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xorg-x11 Date : August 24, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server. Updated packages are patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: e96690462ea6e57335b457d763e26b80 2006.0/RPMS/libxorg-x11-6.9.0-5.8.20060mdk.i586.rpm 31f632a499f6a55459ce5446ad5871b5 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.8.20060mdk.i586.rpm 1c0eda1098546a703159832671e10e99 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.8.20060mdk.i586.rpm 5ac9c8c715cb5df656ccbacec5a87dae 2006.0/RPMS/X11R6-contrib-6.9.0-5.8.20060mdk.i586.rpm ac15309aaeb2a021658314afde737da4 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.8.20060mdk.i586.rpm f155986261ac4d70982f68b51a38c3dc 2006.0/RPMS/xorg-x11-6.9.0-5.8.20060mdk.i586.rpm 1c7afcc1116ae6db0df1fbec846c552f 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.8.20060mdk.i586.rpm 2273cbc4aac47f3060e39a5bebc69392 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.8.20060mdk.i586.rpm f67859d61e75afe3bcc1e481e346c72c 2006.0/RPMS/xorg-x11-doc-6.9.0-5.8.20060mdk.i586.rpm f2685335f3b56d1e4d00f629fc4c4bad 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.8.20060mdk.i586.rpm dbb7aecf3aa04ebdd98ce07a2d8e7ba5 2006.0/RPMS/xorg-x11-server-6.9.0-5.8.20060mdk.i586.rpm bdb37de9d95ac078fa2e1a0e87de7a5e 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.8.20060mdk.i586.rpm 06022dee267d75d01ff580a9e7afa3d4 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.8.20060mdk.i586.rpm 483903328a38387fc0d0584e5478d474 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.8.20060mdk.i586.rpm 6c720d145e82cfa47b3ffabae2b5493a 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.8.20060mdk.i586.rpm bc7b594caa1d2142eb32f25e5a8bbf57 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.8.20060mdk.i586.rpm 5861d29021e989dd2ebcc668c6620444 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.8.20060mdk.i586.rpm 5915dadb375c54be929c6f336b7c0231 2006.0/SRPMS/xorg-x11-6.9.0-5.8.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2f0e74defdcef7544d949eaef81051b7 x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.8.20060mdk.x86_64.rpm f9dca9d58a256e537586df14f0f3709b x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.8.20060mdk.x86_64.rpm ff60d844dbf4f376a2e7ec5468cd5701 x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.8.20060mdk.x86_64.rpm 3d7251620e95952a72708a25a9d6b9ad x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.8.20060mdk.x86_64.rpm ae47c639f87ca7238c54449e4dac06e4 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.8.20060mdk.x86_64.rpm a9b1178ae4b51e0f04ca6ab305b7dd00 x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.8.20060mdk.x86_64.rpm 1c53adb504f5bdd86123e8cc470e2316 x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.8.20060mdk.x86_64.rpm 49f3696276eb8d8db9894ad74aa300e7 x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.8.20060mdk.x86_64.rpm f2b94e866eeafb9db914990f19ace8c7 x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.8.20060mdk.x86_64.rpm f31dd3184054ea253f98e9b628a835e4 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.8.20060mdk.x86_64.rpm 2f17814f669ec11941bf1a8d72213cfa x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.8.20060mdk.x86_64.rpm b55e6ba22af3d404d83a4e6c762620b1 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.8.20060mdk.x86_64.rpm 130f98fbbbd53c49f1af4a174ce46d48 x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.8.20060mdk.x86_64.rpm 263baf4aa6f429af65a4f22c25b1f967 x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.8.20060mdk.x86_64.rpm 893c19c630ef1c6adcc189c7e87fd533 x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.8.20060mdk.x86_64.rpm 9e83acc573420cebe10682e38e9435ac x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.8.20060mdk.x86_64.rpm 7d562d5dcccc236eee9e9b62e68297f4 x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.8.20060mdk.x86_64.rpm 5915dadb375c54be929c6f336b7c0231 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.8.20060mdk.src.rpm Corporate 3.0: b8ec2f34a2de5dcce58c767d7acb9742 corporate/3.0/RPMS/libxfree86-4.3-32.6.C30mdk.i586.rpm 17ef760371f3c6132ffbeb16b8cc334f corporate/3.0/RPMS/libxfree86-devel-4.3-32.6.C30mdk.i586.rpm 0dfdac241d26016477688c7cdafa9954 corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.6.C30mdk.i586.rpm b3c9d0af6cd576695f42646b0e64823b corporate/3.0/RPMS/X11R6-contrib-4.3-32.6.C30mdk.i586.rpm 68c7ceffb72aa9962ff785470a4420eb corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.6.C30mdk.i586.rpm f6c0dcbb55abfdb3fe731e7a02a516d7 corporate/3.0/RPMS/XFree86-4.3-32.6.C30mdk.i586.rpm 691a6da2b476618b92410b54b2cc659e corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.6.C30mdk.i586.rpm 7d86c5eed71597a8ccb9615dbdcd203e corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.6.C30mdk.i586.rpm 54890690be35fa07c24a153294b4f047 corporate/3.0/RPMS/XFree86-doc-4.3-32.6.C30mdk.i586.rpm ad22989ca3a580e832224a032ccb2e5f corporate/3.0/RPMS/XFree86-glide-module-4.3-32.6.C30mdk.i586.rpm 67f5e5000b538a5df6dd7d999acfaecd corporate/3.0/RPMS/XFree86-server-4.3-32.6.C30mdk.i586.rpm db5ba130a18b93d416e781b77e48b752 corporate/3.0/RPMS/XFree86-xfs-4.3-32.6.C30mdk.i586.rpm 2c09fd4d1a1b61a1170c6d50eb675979 corporate/3.0/RPMS/XFree86-Xnest-4.3-32.6.C30mdk.i586.rpm 70b0c2ec881d07f1db12921d072b77d6 corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.6.C30mdk.i586.rpm 61d6302023daef2488822d0146d73baf corporate/3.0/SRPMS/XFree86-4.3-32.6.C30mdk.src.rpm Corporate 3.0/X86_64: 40d18d307b0d7ebcc665559a31226c97 x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.6.C30mdk.x86_64.rpm b482d0e7d223afeda7c15a78dc91f526 x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.6.C30mdk.x86_64.rpm 4850377b6975c3b6747ced40f77fefda x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.6.C30mdk.x86_64.rpm 962df4b68d2ac9b94540b1f12b5daeb4 x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.6.C30mdk.x86_64.rpm a7ef4764f0e80e25f46d8118ea926eb0 x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.6.C30mdk.x86_64.rpm 93da80be668a3feeb55cbf418e9ca3ba x86_64/corporate/3.0/RPMS/XFree86-4.3-32.6.C30mdk.x86_64.rpm cb6db58a236a35a6923f475b595426fa x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.6.C30mdk.x86_64.rpm 5243dcbb796550a6c3cb6097ef0e8b93 x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.6.C30mdk.x86_64.rpm 7212b487461c2f16c7b53adc6883bc9e x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.6.C30mdk.x86_64.rpm 059398da9ef868e4c445a3c3963804d7 x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.6.C30mdk.x86_64.rpm 7fa19747b99f4ddda0fa8bedc4e08e2b x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.6.C30mdk.x86_64.rpm 01fc36b3ec6878c51a61ec35f0e98328 x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.6.C30mdk.x86_64.rpm be65abdd2513cf7e687542a12638e907 x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.6.C30mdk.x86_64.rpm 61d6302023daef2488822d0146d73baf x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.6.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE7dE5mqjQ0CJFipgRAkmJAJ987IPd2J7hufP3zvRBCAhRjADZHwCcDjYV QXRKDea0qG0wZbb7c0ZIgsk= =RU87 -----END PGP SIGNATURE-----