-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:023 http://www.mandriva.com/security/ _______________________________________________________________________ Package : x11-server Date : January 23, 2008 Affected: 2007.0, 2007.1, 2008.0 _______________________________________________________________________ Problem Description: An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427). An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428). Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 536b2b843db365fa759ebcce5aadf8fa 2007.0/i586/x11-server-1.1.1-12.3mdv2007.0.i586.rpm 4e5e7b280242217f8168f9b47ff8781a 2007.0/i586/x11-server-common-1.1.1-12.3mdv2007.0.i586.rpm cb1487dd1eceb45aa03b9a0aa77a293c 2007.0/i586/x11-server-devel-1.1.1-12.3mdv2007.0.i586.rpm 2c319a8ae154d1645656dd4a7f1fe239 2007.0/i586/x11-server-xati-1.1.1-12.3mdv2007.0.i586.rpm 079f895ff1d5e2f48aaa556bd7a59519 2007.0/i586/x11-server-xchips-1.1.1-12.3mdv2007.0.i586.rpm 54e005629b2f4b56f2b01dc5a6769b45 2007.0/i586/x11-server-xdmx-1.1.1-12.3mdv2007.0.i586.rpm 582b3f8eaabc14a13c652c9541db5a3a 2007.0/i586/x11-server-xephyr-1.1.1-12.3mdv2007.0.i586.rpm 382083d039b8fb981fdef2d3f2952e5d 2007.0/i586/x11-server-xepson-1.1.1-12.3mdv2007.0.i586.rpm 2cd603401aa8507c79a45a377a5dc5a5 2007.0/i586/x11-server-xfake-1.1.1-12.3mdv2007.0.i586.rpm 4dd7e8fb8b15ac5ae913a770e3dc0edd 2007.0/i586/x11-server-xfbdev-1.1.1-12.3mdv2007.0.i586.rpm f233d76be20f906e0447a13142e92bda 2007.0/i586/x11-server-xi810-1.1.1-12.3mdv2007.0.i586.rpm 6d54b4cdb68a27648ea045ecaa7e2e93 2007.0/i586/x11-server-xmach64-1.1.1-12.3mdv2007.0.i586.rpm a205af74dace2a90e0bf7ab595cae4a5 2007.0/i586/x11-server-xmga-1.1.1-12.3mdv2007.0.i586.rpm 99ed4f80e419c9eced26083d27b04dcb 2007.0/i586/x11-server-xneomagic-1.1.1-12.3mdv2007.0.i586.rpm 8cc833f4c1ea7853f4269182ee8c8662 2007.0/i586/x11-server-xnest-1.1.1-12.3mdv2007.0.i586.rpm 0cec70b4e20ffc9ef6da1b277b00a4dc 2007.0/i586/x11-server-xnvidia-1.1.1-12.3mdv2007.0.i586.rpm a0a7a471c0223fe3a961f602b36b5c3c 2007.0/i586/x11-server-xorg-1.1.1-12.3mdv2007.0.i586.rpm 5d1784f3afcb6f056da1524191d79e7d 2007.0/i586/x11-server-xpm2-1.1.1-12.3mdv2007.0.i586.rpm ef2a81299e26c3da215f6d1150da75ef 2007.0/i586/x11-server-xprt-1.1.1-12.3mdv2007.0.i586.rpm 8ffbdfbd4fd6d98d88956fbbd1b4547d 2007.0/i586/x11-server-xr128-1.1.1-12.3mdv2007.0.i586.rpm b847cccad2ee87d6a81e73a450d4be1e 2007.0/i586/x11-server-xsdl-1.1.1-12.3mdv2007.0.i586.rpm 820cb3af32609084de5af13dae86658a 2007.0/i586/x11-server-xsmi-1.1.1-12.3mdv2007.0.i586.rpm 7386f22db489688076d2a683a2275b16 2007.0/i586/x11-server-xvesa-1.1.1-12.3mdv2007.0.i586.rpm 1be8682ca9f2b5ea024e851015779a6f 2007.0/i586/x11-server-xvfb-1.1.1-12.3mdv2007.0.i586.rpm 4078f13ac77324a07439f964d86c5878 2007.0/i586/x11-server-xvia-1.1.1-12.3mdv2007.0.i586.rpm 0cb8cf686f9af1d660e2bdb52e291c59 2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: bf838b3ef7c3e8e8684c51511a705de3 2007.0/x86_64/x11-server-1.1.1-12.3mdv2007.0.x86_64.rpm 969a80b0fd6e55fec6548392bcebb9c6 2007.0/x86_64/x11-server-common-1.1.1-12.3mdv2007.0.x86_64.rpm c629fdc6b3437d105296245b5f2b714d 2007.0/x86_64/x11-server-devel-1.1.1-12.3mdv2007.0.x86_64.rpm 4656a0128755192b4dd385a61d47c79f 2007.0/x86_64/x11-server-xdmx-1.1.1-12.3mdv2007.0.x86_64.rpm 95074952395ca22438f36095fd1b8b89 2007.0/x86_64/x11-server-xephyr-1.1.1-12.3mdv2007.0.x86_64.rpm beeff525e9266eb9868c8d8678c73c15 2007.0/x86_64/x11-server-xfake-1.1.1-12.3mdv2007.0.x86_64.rpm 1de55a43f5ddbee1915da4f4168081e6 2007.0/x86_64/x11-server-xfbdev-1.1.1-12.3mdv2007.0.x86_64.rpm e641780613f609debbb6bf8a3ccffb70 2007.0/x86_64/x11-server-xnest-1.1.1-12.3mdv2007.0.x86_64.rpm b5e65fb9bd6e8269be240b81a341bd05 2007.0/x86_64/x11-server-xorg-1.1.1-12.3mdv2007.0.x86_64.rpm 83a7254129bd392490b51ce15262a3cc 2007.0/x86_64/x11-server-xprt-1.1.1-12.3mdv2007.0.x86_64.rpm 8195afdcaf12dafe279a3d2c59494e97 2007.0/x86_64/x11-server-xsdl-1.1.1-12.3mdv2007.0.x86_64.rpm 4cfe6e309d62fc1b11b335f8b14b4eb0 2007.0/x86_64/x11-server-xvfb-1.1.1-12.3mdv2007.0.x86_64.rpm 0cb8cf686f9af1d660e2bdb52e291c59 2007.0/SRPMS/x11-server-1.1.1-12.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 388798b1f4934014ca661b52fe310ade 2007.1/i586/x11-server-1.2.0-9.4mdv2007.1.i586.rpm 742089c79152ca05d0add15baf0bd4ce 2007.1/i586/x11-server-common-1.2.0-9.4mdv2007.1.i586.rpm 030b01b3659ea01bcbf5d58507fc09f9 2007.1/i586/x11-server-devel-1.2.0-9.4mdv2007.1.i586.rpm 5ef1cabb18c59f2d281e7a79ac9c0619 2007.1/i586/x11-server-xati-1.2.0-9.4mdv2007.1.i586.rpm 84d47834f8b17a2bca2661a5087a33e5 2007.1/i586/x11-server-xchips-1.2.0-9.4mdv2007.1.i586.rpm 67bc7dfb36270216a4474a0561413d3a 2007.1/i586/x11-server-xdmx-1.2.0-9.4mdv2007.1.i586.rpm 07106f417292958e4d4ceac1018420f8 2007.1/i586/x11-server-xephyr-1.2.0-9.4mdv2007.1.i586.rpm 92d8e3079ba6623cc56313b7906b6753 2007.1/i586/x11-server-xepson-1.2.0-9.4mdv2007.1.i586.rpm 7ee3cc8a79ee42173d28fd44646ccebc 2007.1/i586/x11-server-xfake-1.2.0-9.4mdv2007.1.i586.rpm fbca430287fbed560ff2c7cc6d5ae5ae 2007.1/i586/x11-server-xfbdev-1.2.0-9.4mdv2007.1.i586.rpm 6ae5978e60c72991d391343911c01bc7 2007.1/i586/x11-server-xi810-1.2.0-9.4mdv2007.1.i586.rpm 7f03196a6983963b615be5005de8be75 2007.1/i586/x11-server-xmach64-1.2.0-9.4mdv2007.1.i586.rpm afb7b10e37050dea9dd04c6c3363d99b 2007.1/i586/x11-server-xmga-1.2.0-9.4mdv2007.1.i586.rpm e1b2a16bc25be90bd60cd73dacdcb22c 2007.1/i586/x11-server-xneomagic-1.2.0-9.4mdv2007.1.i586.rpm 6b69c4613210e5b3270e25641f767cd8 2007.1/i586/x11-server-xnest-1.2.0-9.4mdv2007.1.i586.rpm 8066ea51c17540e71c72315f90d2137f 2007.1/i586/x11-server-xnvidia-1.2.0-9.4mdv2007.1.i586.rpm baff340cb05b89926a896a23bef16ea9 2007.1/i586/x11-server-xorg-1.2.0-9.4mdv2007.1.i586.rpm 93190dea1b50ecf724aa6d1186ffcc50 2007.1/i586/x11-server-xpm2-1.2.0-9.4mdv2007.1.i586.rpm 065a0f475d38c671e7aa516bb54ac599 2007.1/i586/x11-server-xprt-1.2.0-9.4mdv2007.1.i586.rpm 0cd6d73d1d5498609ba97a43a729a182 2007.1/i586/x11-server-xr128-1.2.0-9.4mdv2007.1.i586.rpm 8ab6e2956f7821ca617a047c4eca06a6 2007.1/i586/x11-server-xsdl-1.2.0-9.4mdv2007.1.i586.rpm d650a2c243f5f52fddbaa4f4a21eed20 2007.1/i586/x11-server-xsmi-1.2.0-9.4mdv2007.1.i586.rpm 4b5d71cc7ee9af83a12966c2a7efe059 2007.1/i586/x11-server-xvesa-1.2.0-9.4mdv2007.1.i586.rpm 04da7fbe30ad733c12ce5be8ac4b638c 2007.1/i586/x11-server-xvfb-1.2.0-9.4mdv2007.1.i586.rpm b8a2a7506d83190b765eb77229229a1c 2007.1/i586/x11-server-xvia-1.2.0-9.4mdv2007.1.i586.rpm 589b0b1ee8e832f2bde7681d4536e052 2007.1/i586/x11-server-xvnc-1.2.0-9.4mdv2007.1.i586.rpm fba07c79d3b5f9e96336b554b8a73bd6 2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: e2622e9cd8d24a96acbecad6b4a13027 2007.1/x86_64/x11-server-1.2.0-9.4mdv2007.1.x86_64.rpm a1a7e7b4a91434848891366481d6a089 2007.1/x86_64/x11-server-common-1.2.0-9.4mdv2007.1.x86_64.rpm 8245f6ccda109b7587bd63a70a3b7cf7 2007.1/x86_64/x11-server-devel-1.2.0-9.4mdv2007.1.x86_64.rpm dced8648fa2d73282cb489ad0c213e18 2007.1/x86_64/x11-server-xdmx-1.2.0-9.4mdv2007.1.x86_64.rpm 4e0f01b5a0e1205c3648107f4c2c1473 2007.1/x86_64/x11-server-xephyr-1.2.0-9.4mdv2007.1.x86_64.rpm 1fa3759689b6322f8f42a05ff9aedecb 2007.1/x86_64/x11-server-xfake-1.2.0-9.4mdv2007.1.x86_64.rpm a0987e83bb3de61ab2d87313fd787140 2007.1/x86_64/x11-server-xfbdev-1.2.0-9.4mdv2007.1.x86_64.rpm f5a06c4510883ee09f925d58aa66aa42 2007.1/x86_64/x11-server-xnest-1.2.0-9.4mdv2007.1.x86_64.rpm 9571b8153f055cc4afb95e8f71f5cf09 2007.1/x86_64/x11-server-xorg-1.2.0-9.4mdv2007.1.x86_64.rpm b9cdac0dcc89765463b6c5f4b2f4ba7c 2007.1/x86_64/x11-server-xprt-1.2.0-9.4mdv2007.1.x86_64.rpm ba2a89724c06dded464523c35b598070 2007.1/x86_64/x11-server-xsdl-1.2.0-9.4mdv2007.1.x86_64.rpm afb5340818bb8e78fa85fc992d1bebf3 2007.1/x86_64/x11-server-xvfb-1.2.0-9.4mdv2007.1.x86_64.rpm a1198af0d1b9aaa4133cb91e468de173 2007.1/x86_64/x11-server-xvnc-1.2.0-9.4mdv2007.1.x86_64.rpm fba07c79d3b5f9e96336b554b8a73bd6 2007.1/SRPMS/x11-server-1.2.0-9.4mdv2007.1.src.rpm Mandriva Linux 2008.0: 7a8ae9851a0325b360a8f97b56a816b5 2008.0/i586/x11-server-1.3.0.0-24.1mdv2008.0.i586.rpm 3f0a2bc7757c56fe0f392997a5022e34 2008.0/i586/x11-server-common-1.3.0.0-24.1mdv2008.0.i586.rpm a62b388c88977ae948dba870ea5b866f 2008.0/i586/x11-server-devel-1.3.0.0-24.1mdv2008.0.i586.rpm e0825379b328e7c955894c9ff7518d04 2008.0/i586/x11-server-xati-1.3.0.0-24.1mdv2008.0.i586.rpm 77410dd4c07ac6623e73b895b004ef0a 2008.0/i586/x11-server-xchips-1.3.0.0-24.1mdv2008.0.i586.rpm 9379a469c54ff0254fe435746a3d356b 2008.0/i586/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.i586.rpm 2df3a6867ca4606418dbfd9a1f5bf79d 2008.0/i586/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.i586.rpm 442ddb81a8097f0537d174c304f83b21 2008.0/i586/x11-server-xepson-1.3.0.0-24.1mdv2008.0.i586.rpm 8bf4e58c0a9b3f8fc7d1fa061fed05a6 2008.0/i586/x11-server-xfake-1.3.0.0-24.1mdv2008.0.i586.rpm b4cfa9f8748e3edfb6b183821c74e249 2008.0/i586/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.i586.rpm 0e95fe7a388e0ac62942f00dbdb92974 2008.0/i586/x11-server-xi810-1.3.0.0-24.1mdv2008.0.i586.rpm f4b796a0ad06722519080294bcf56423 2008.0/i586/x11-server-xmach64-1.3.0.0-24.1mdv2008.0.i586.rpm 6e013afb26f004779837925f74bda90d 2008.0/i586/x11-server-xmga-1.3.0.0-24.1mdv2008.0.i586.rpm bc2113c528b1aeb54eca4b12e7ec16dc 2008.0/i586/x11-server-xneomagic-1.3.0.0-24.1mdv2008.0.i586.rpm 4b71555ae1b62c033a523269660d71d9 2008.0/i586/x11-server-xnest-1.3.0.0-24.1mdv2008.0.i586.rpm 1d913e066a9769c203ea03a72f25824e 2008.0/i586/x11-server-xnvidia-1.3.0.0-24.1mdv2008.0.i586.rpm a06cd065427cf1c6ab0621eb34d5eba1 2008.0/i586/x11-server-xorg-1.3.0.0-24.1mdv2008.0.i586.rpm a56b4a8ca70282768af931a27c2455c5 2008.0/i586/x11-server-xpm2-1.3.0.0-24.1mdv2008.0.i586.rpm 62b802c7e47a35d54d0b2fcc32a8bd11 2008.0/i586/x11-server-xr128-1.3.0.0-24.1mdv2008.0.i586.rpm 800c1ac057f5130dc6313651ea90feeb 2008.0/i586/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.i586.rpm 800d9bd5a5f6cbbeb91a8cc82a67df32 2008.0/i586/x11-server-xsmi-1.3.0.0-24.1mdv2008.0.i586.rpm ed92778c5da4ef1193fd5525df4e72b0 2008.0/i586/x11-server-xvesa-1.3.0.0-24.1mdv2008.0.i586.rpm 328ff2c03ff4898388657d1e0d5ff5e4 2008.0/i586/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.i586.rpm 855c3309702a66073c969311b65b16db 2008.0/i586/x11-server-xvia-1.3.0.0-24.1mdv2008.0.i586.rpm 0e432734e00e0d824fb2282242b13da7 2008.0/i586/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.i586.rpm 94c64a78a829896c63de007abb598804 2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c8080f0318af2cd1999fbf6b141ccadf 2008.0/x86_64/x11-server-1.3.0.0-24.1mdv2008.0.x86_64.rpm dd9acd06310c1aedc53a721419169a3b 2008.0/x86_64/x11-server-common-1.3.0.0-24.1mdv2008.0.x86_64.rpm 6f537021c81986e1b2d8ff1bbd344d6d 2008.0/x86_64/x11-server-devel-1.3.0.0-24.1mdv2008.0.x86_64.rpm 681fb76aad7b9952d4e8032242b467c8 2008.0/x86_64/x11-server-xdmx-1.3.0.0-24.1mdv2008.0.x86_64.rpm d6c774b0037d44a6c6e782fe7bf4dec5 2008.0/x86_64/x11-server-xephyr-1.3.0.0-24.1mdv2008.0.x86_64.rpm e4b299a96c197ac732bd773220efa2c6 2008.0/x86_64/x11-server-xfake-1.3.0.0-24.1mdv2008.0.x86_64.rpm 1d8ea5ce027dcc55cfd67d63f8c27c29 2008.0/x86_64/x11-server-xfbdev-1.3.0.0-24.1mdv2008.0.x86_64.rpm 6cea468e32959f90a9ebfd6d5c8c8034 2008.0/x86_64/x11-server-xnest-1.3.0.0-24.1mdv2008.0.x86_64.rpm 12b0404258cae8d6d28eb9b5a3231f70 2008.0/x86_64/x11-server-xorg-1.3.0.0-24.1mdv2008.0.x86_64.rpm aae2b62fc505b80c8192aed8ff93b759 2008.0/x86_64/x11-server-xsdl-1.3.0.0-24.1mdv2008.0.x86_64.rpm bfaef8a8c8fec77159ab74c89f6b8967 2008.0/x86_64/x11-server-xvfb-1.3.0.0-24.1mdv2008.0.x86_64.rpm bff8283116ad7667a2507602ed95da6e 2008.0/x86_64/x11-server-xvnc-1.3.0.0-24.1mdv2008.0.x86_64.rpm 94c64a78a829896c63de007abb598804 2008.0/SRPMS/x11-server-1.3.0.0-24.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHl+frmqjQ0CJFipgRAvmDAKCFHl1auUASHQpbhQaTWVHsBHcRBACfUGk+ GiqeE9dPmJ+feX0zqi5JCnI= =/oR9 -----END PGP SIGNATURE-----