what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-179

Mandriva Linux Security Advisory 2008-179
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
SHA-256 | 21ab26995f3e8ac3cf68bea088a9613c7a17cdd32ee933bb7754a04a8a14dea0

Mandriva Linux Security Advisory 2008-179

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:179
http://www.mandriva.com/security/
_______________________________________________________________________

Package : metisse
Date : August 21, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

An input validation flaw was found in X.org's MIT-SHM extension.
A client connected to the X.org server could read arbitrary server
memory, resulting in the disclosure of sensitive data of other users
of the X.org server (CVE-2008-1379).

Multiple integer overflows were found in X.org's Render extension.
A malicious authorized client could explot these issues to cause a
denial of service (crash) or possibly execute arbitrary code with
root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362).

The Metisse program is likewise affected by these issues; the updated
packages have been patched to prevent them.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
209b749ac3a7961ddc93878b7fec9aea 2008.0/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
0f6412f126bee76be7b284010de0fa56 2008.0/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
43a3e0d932827212574410a4d7afb047 2008.0/i586/metisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
4ec03d743d7cf8592b1a48535004218b 2008.0/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.i586.rpm
e9dedb6ee7e27e3f877dd8be560ef30f 2008.0/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.i586.rpm
30a7265222bf23c2d5381b166effb970 2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d9825ccef1440ba9b175c62e7ebf0375 2008.0/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
157e7e05de6b0a4e76b01d507356f4ee 2008.0/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
ae43e394fcb45cd6a133dd149f8f8c1e 2008.0/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
af06fb5b120956f5773100dbe693d422 2008.0/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.0.x86_64.rpm
d9f2a0c5d5d414e8807f1f769d9fed60 2008.0/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.0.x86_64.rpm
30a7265222bf23c2d5381b166effb970 2008.0/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
19c95e15e5b2b8a1e6cffc6c41ced6d2 2008.1/i586/libmetisse1-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
c80e03efeb74f3a21bacb8ed273c901f 2008.1/i586/libmetisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
24ad66bd13b18e5c9a912d3208418f73 2008.1/i586/metisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
3af08353f0d5dd56f90d368a5f220e63 2008.1/i586/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.i586.rpm
efcef9f64f1b04b4ab98e87519e60ef3 2008.1/i586/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.i586.rpm
23ee1812f563c203cd466d735f57a1b3 2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
1feb9051196c49b31990a0110cd1c005 2008.1/x86_64/lib64metisse1-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
9c0a16ed2d43e8b49ec5ebf58326c7f8 2008.1/x86_64/lib64metisse1-devel-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
8f25e6cd1bb812e73ec3e1830252b81d 2008.1/x86_64/metisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
9e3bce06db9b7f5632bb3bbe2d20f406 2008.1/x86_64/metisse-fvwm-2.5.20-1.rc4.10.1mdv2008.1.x86_64.rpm
2acc17c95fad1de143c11ca9a6bd8f32 2008.1/x86_64/x11-server-xmetisse-0.4.0-1.rc4.10.1mdv2008.1.x86_64.rpm
23ee1812f563c203cd466d735f57a1b3 2008.1/SRPMS/metisse-0.4.0-1.rc4.10.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrbTTmqjQ0CJFipgRAgnaAJ4pq+USA4fliYUszlfcdViKwF8nNQCgg9mA
+uheP4mB2lIzG1AlYPHGxu4=
=8Xrn
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close