-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:079 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xorg-x11 Date : April 4, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667) Updated packages are patched to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d96dcc000a74b02fbff0c3c0a5710767 2007.0/i586/libx11-common-1.0.3-2.2mdv2007.0.i586.rpm 0fbae1a4ac97941ea0f5e95e99fdf568 2007.0/i586/libx11_6-1.0.3-2.2mdv2007.0.i586.rpm 598252d23e15315d7213b09b1e3050ef 2007.0/i586/libx11_6-devel-1.0.3-2.2mdv2007.0.i586.rpm 1ffdc1a629ebded0e48cfc1ead8838b5 2007.0/i586/libx11_6-static-devel-1.0.3-2.2mdv2007.0.i586.rpm a3b70e66b722738df4d50295dd1a2604 2007.0/i586/libxfont1-1.1.0-4.2mdv2007.0.i586.rpm 14a727bef0655ad3385305230c16b6df 2007.0/i586/libxfont1-devel-1.1.0-4.2mdv2007.0.i586.rpm 46a3a943ba47a91cae462289425f1777 2007.0/i586/libxfont1-static-devel-1.1.0-4.2mdv2007.0.i586.rpm 71733a31bfce2d014975e7be5151fe87 2007.0/i586/x11-server-1.1.1-11.3mdv2007.0.i586.rpm b9650f724bcc27c9b02e4591b79a8170 2007.0/i586/x11-server-common-1.1.1-11.3mdv2007.0.i586.rpm 96291cb67e5effea3226d228934ca668 2007.0/i586/x11-server-devel-1.1.1-11.3mdv2007.0.i586.rpm ada36533a54b6abb8d9e05edcbe85a9b 2007.0/i586/x11-server-xati-1.1.1-11.3mdv2007.0.i586.rpm 65b27efd9b19e654917dc507a9fcc85b 2007.0/i586/x11-server-xchips-1.1.1-11.3mdv2007.0.i586.rpm 08be63fced01787c67111c49a37a217b 2007.0/i586/x11-server-xdmx-1.1.1-11.3mdv2007.0.i586.rpm b3808f59c82737c0a920f120e2821fda 2007.0/i586/x11-server-xephyr-1.1.1-11.3mdv2007.0.i586.rpm d11c6a18afe3aed8f1a51bf765bbdf68 2007.0/i586/x11-server-xepson-1.1.1-11.3mdv2007.0.i586.rpm 87e8f828f97229acd5ad881894cd1e13 2007.0/i586/x11-server-xfake-1.1.1-11.3mdv2007.0.i586.rpm f6ffd1174cbf64279a2feb6924f66e42 2007.0/i586/x11-server-xfbdev-1.1.1-11.3mdv2007.0.i586.rpm ab872f9c530a3fcc8397b111dfb43b44 2007.0/i586/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.i586.rpm fcc1678a7855a9bd889f819a29df978e 2007.0/i586/x11-server-xi810-1.1.1-11.3mdv2007.0.i586.rpm 3cf1b4fc5536ed5b54e8aad5b268ff2e 2007.0/i586/x11-server-xmach64-1.1.1-11.3mdv2007.0.i586.rpm 4ca148ffa7d5b363fd8fedfeef1cee71 2007.0/i586/x11-server-xmga-1.1.1-11.3mdv2007.0.i586.rpm dbf20841fd17021879081b4a6c869f3e 2007.0/i586/x11-server-xneomagic-1.1.1-11.3mdv2007.0.i586.rpm afd9701501cbe1b55cd5936456b04fc8 2007.0/i586/x11-server-xnest-1.1.1-11.3mdv2007.0.i586.rpm e91bf46f57be620a10bbbeff792df61b 2007.0/i586/x11-server-xnvidia-1.1.1-11.3mdv2007.0.i586.rpm a471731278537202b3c82792ad4e3368 2007.0/i586/x11-server-xorg-1.1.1-11.3mdv2007.0.i586.rpm 61661f612a200395a9d8a16923876ac8 2007.0/i586/x11-server-xpm2-1.1.1-11.3mdv2007.0.i586.rpm c85b6311efa2b1719ab77e5eb7231160 2007.0/i586/x11-server-xprt-1.1.1-11.3mdv2007.0.i586.rpm 08e47b2ae0c09d5d117e583941535a06 2007.0/i586/x11-server-xr128-1.1.1-11.3mdv2007.0.i586.rpm 1aa8aa6927148ac3d64dc047709f5abf 2007.0/i586/x11-server-xsdl-1.1.1-11.3mdv2007.0.i586.rpm 674a1a4c2fb68d234153033efae15394 2007.0/i586/x11-server-xsmi-1.1.1-11.3mdv2007.0.i586.rpm 77e6c7649a00f81d7538593b99d0678a 2007.0/i586/x11-server-xvesa-1.1.1-11.3mdv2007.0.i586.rpm bd6c55d0ad9e770d5680ae9dbd687a02 2007.0/i586/x11-server-xvfb-1.1.1-11.3mdv2007.0.i586.rpm 9867b8ebc08673dc8cf55a888bc0b22d 2007.0/i586/x11-server-xvia-1.1.1-11.3mdv2007.0.i586.rpm 44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm 678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm 18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 19a970386a276dd606b11400cd672c68 2007.0/x86_64/lib64x11_6-1.0.3-2.2mdv2007.0.x86_64.rpm 694178b488cfb01096ade83be1aa0d4c 2007.0/x86_64/lib64x11_6-devel-1.0.3-2.2mdv2007.0.x86_64.rpm 9e666c058971ae71a1644115c2dbc851 2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.2mdv2007.0.x86_64.rpm ae890ea6d025a00b8d1397fb2a8bee2c 2007.0/x86_64/lib64xfont1-1.1.0-4.2mdv2007.0.x86_64.rpm ae510dc95b877ce304c382da30ee6680 2007.0/x86_64/lib64xfont1-devel-1.1.0-4.2mdv2007.0.x86_64.rpm f4a67a4311146a73ea1ac5d2a094f511 2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.2mdv2007.0.x86_64.rpm b4186951ec846155eef67caf20a713d0 2007.0/x86_64/libx11-common-1.0.3-2.2mdv2007.0.x86_64.rpm 8e4dc66ec5d759761f8d36dd28194499 2007.0/x86_64/x11-server-1.1.1-11.3mdv2007.0.x86_64.rpm 932015ff2760dd9d155a3d62255fe9d8 2007.0/x86_64/x11-server-common-1.1.1-11.3mdv2007.0.x86_64.rpm 89a0a8d5751a07d2533ba5f6afb39584 2007.0/x86_64/x11-server-devel-1.1.1-11.3mdv2007.0.x86_64.rpm 72fc80b4c4ecbc09a6553375dfb45598 2007.0/x86_64/x11-server-xdmx-1.1.1-11.3mdv2007.0.x86_64.rpm 4020ee2d1bb311b944b7cee828a9591b 2007.0/x86_64/x11-server-xephyr-1.1.1-11.3mdv2007.0.x86_64.rpm ceb7ed60ceabf6beab04fb4f7d5a6b9f 2007.0/x86_64/x11-server-xfake-1.1.1-11.3mdv2007.0.x86_64.rpm 2e283d8183630848bd4bf3c36ec78da2 2007.0/x86_64/x11-server-xfbdev-1.1.1-11.3mdv2007.0.x86_64.rpm 41b186290408566c3af16ad56bff4583 2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.x86_64.rpm f03f5f7b95ee81d36558cc286dbc09cf 2007.0/x86_64/x11-server-xnest-1.1.1-11.3mdv2007.0.x86_64.rpm ded05b44c119989703ec335ef8d7ba77 2007.0/x86_64/x11-server-xorg-1.1.1-11.3mdv2007.0.x86_64.rpm 58a552e341f4ccf59906f9ff32f1e96b 2007.0/x86_64/x11-server-xprt-1.1.1-11.3mdv2007.0.x86_64.rpm 908d1a089250581475bf63d3bd615209 2007.0/x86_64/x11-server-xsdl-1.1.1-11.3mdv2007.0.x86_64.rpm f1b54633237b6f56857f9022f9621b3a 2007.0/x86_64/x11-server-xvfb-1.1.1-11.3mdv2007.0.x86_64.rpm 44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm 678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm 18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm Corporate 3.0: 918c04c922a1613680cbbe9487e96c1f corporate/3.0/i586/X11R6-contrib-4.3-32.13.C30mdk.i586.rpm 89f73d5c80e4c5ff474b115d825b5c09 corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.13.C30mdk.i586.rpm 4a350003e29da90f9e20cfc490630e44 corporate/3.0/i586/XFree86-4.3-32.13.C30mdk.i586.rpm c1337f1ed5267d530dbf665f50619145 corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.13.C30mdk.i586.rpm 38c323d2e089e7f1cac411c6156a5025 corporate/3.0/i586/XFree86-Xnest-4.3-32.13.C30mdk.i586.rpm 9b18d33108c7d5aafb3e2d689045e91a corporate/3.0/i586/XFree86-Xvfb-4.3-32.13.C30mdk.i586.rpm 7fc5ac98bb77dc5ed11b52a17ca1ab18 corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.i586.rpm be5ab8321d77e24e57553c9e537082e6 corporate/3.0/i586/XFree86-doc-4.3-32.13.C30mdk.i586.rpm 19353085c52e811da6d5cc9f173abb4a corporate/3.0/i586/XFree86-glide-module-4.3-32.13.C30mdk.i586.rpm 3373a7e9398a1788ab4bea0f12a9dce2 corporate/3.0/i586/XFree86-server-4.3-32.13.C30mdk.i586.rpm f78239e305badabba3d638b361473436 corporate/3.0/i586/XFree86-xfs-4.3-32.13.C30mdk.i586.rpm 69b594d3b0438be4c25c36abb37e5159 corporate/3.0/i586/libxfree86-4.3-32.13.C30mdk.i586.rpm 9d1c0eb89083a9f62c14d29126a0ce06 corporate/3.0/i586/libxfree86-devel-4.3-32.13.C30mdk.i586.rpm c67bddf7736902533773979e627b8761 corporate/3.0/i586/libxfree86-static-devel-4.3-32.13.C30mdk.i586.rpm 5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm Corporate 3.0/X86_64: 2bd23a1148e5b379ff0305d9f96032f0 corporate/3.0/x86_64/X11R6-contrib-4.3-32.13.C30mdk.x86_64.rpm dc08cee63f5dcbed1b036c3708a657a1 corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm 171a7012e64618b79dc8880180093f76 corporate/3.0/x86_64/XFree86-4.3-32.13.C30mdk.x86_64.rpm de12bcbf7f7ebdec9becb1c051162ecf corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm 7f208dc7263f1558cf3f10e04e1ed5c9 corporate/3.0/x86_64/XFree86-Xnest-4.3-32.13.C30mdk.x86_64.rpm c24a2d0fa210741e5aade751bd8a61df corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.13.C30mdk.x86_64.rpm a89a370a0185521e83c37b8daf60fdd0 corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.x86_64.rpm 840dbd21393e5611d162ccf755792d4f corporate/3.0/x86_64/XFree86-doc-4.3-32.13.C30mdk.x86_64.rpm b9595f9ffe3bc8a1d16522b6a47d5598 corporate/3.0/x86_64/XFree86-server-4.3-32.13.C30mdk.x86_64.rpm 63479edcdcbe976b96582c481b986f5e corporate/3.0/x86_64/XFree86-xfs-4.3-32.13.C30mdk.x86_64.rpm 525e0d97ff88d1905502d405f90d4085 corporate/3.0/x86_64/lib64xfree86-4.3-32.13.C30mdk.x86_64.rpm 66f6f35a1c45d88672bbc2b2ea9c8f2d corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.13.C30mdk.x86_64.rpm 2717e4c7875f4de5e880ad95b595fecd corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.13.C30mdk.x86_64.rpm 5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm Corporate 4.0: e63a99edfa23138af23caa7c9c980d54 corporate/4.0/i586/X11R6-contrib-6.9.0-5.15.20060mlcs4.i586.rpm 9fa37dcac91bc52853239a3b86acbfa8 corporate/4.0/i586/libxorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm b34ee5541e4d8e7f37dcde66a75c6cfb corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.15.20060mlcs4.i586.rpm 71d076aff757c1778782065b3e7de161 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.15.20060mlcs4.i586.rpm 59b2613a3f02781d966b76751a4f432c corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 111813e2cbdeef71c025de2235199e90 corporate/4.0/i586/xorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm 44b0a56d98313c72b05bfc4b28ff024b corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 08026da35859225b367ab26e813d57d7 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.i586.rpm 46f848204211932f59a8ecaf02a3894e corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.i586.rpm eb232b39a68609ffb5adc5f472dc5d1d corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.i586.rpm 055b63beae6e771a6b948049fed128cf corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.i586.rpm b2438635efdf6ed16508580cc901ecb5 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 91ac90d71030f3bfe0fdb9ddaf2ad816 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.15.20060mlcs4.i586.rpm bf50b7e3fa360f3fd1aa61444526b9b8 corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.i586.rpm 372cfc8231f2f2d31760f165ee80d4e6 corporate/4.0/i586/xorg-x11-server-6.9.0-5.15.20060mlcs4.i586.rpm 7a73f4094d5ea7c3020a3b78ea9c9c98 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.i586.rpm 61bd1d2dae41148425196597d28460af corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.i586.rpm 1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm Corporate 4.0/X86_64: 32ff784cd7c2401ee6bb9cd2b814159b corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.15.20060mlcs4.x86_64.rpm d2575d1962896839c66e5a6d4f0d243b corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm 49455f9280c0f2e45cbfe40957644a06 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm f57c87d13d3411731b28ac002873887f corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm cec0f84d92610fe7319678d52f85d69d corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm bbccb6cf65819363d944b72ea5dc0f94 corporate/4.0/x86_64/xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm 6aef383c3f44fc6b66fc3175084b87fc corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm c036dce014adc7e5a74a181cf9fabdaf corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.x86_64.rpm 59d992851f3d52838a9515f9449905d5 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.x86_64.rpm 11867453dc758141fb38c33e3812e8e1 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.x86_64.rpm a248cd02f7d7864c779491c6a9e696e1 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.x86_64.rpm 6bec3e71d6c044a563bca2733260adb9 corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm d2f5b5cebcecefdce3cc1bfb550bf481 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.15.20060mlcs4.x86_64.rpm 780c01a55862d4b9ac03286ac787b725 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.x86_64.rpm 3ad687a6bb67d02ed23cb6d57ca0ea85 corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.15.20060mlcs4.x86_64.rpm 3f02a8bf7e6e94b4696baa3998712dae corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.x86_64.rpm 5df334cae18035961430532b7fa6a71f corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.x86_64.rpm 1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGFAoYmqjQ0CJFipgRAvkHAJwJVFe0mT1yBHKjcTWYIRiSz7YoZQCdF6wt /Czi8NSscvNCkThUftxcIJY= =eRgy -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/