-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:164-2 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xorg-x11 Date : December 14, 2006 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740). Updated packages are patched to address this issue. Update: Updated packages for Corporate Server 4.0 have been patched _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 _______________________________________________________________________ Updated Packages: Corporate 4.0: 3658ca4cd8a4c6e9821c418a5ce7b4b3 corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm c98057d36ee6db65dd49bb540f2dfdb5 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm 296d32cb0bb9a4361e5288cd0c136410 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm 569c78c8b3842c72cfe361fb89d1989d corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm 438e53654ce1c11d5e28cce7d8316c34 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm 6cd2047a430d3e10f68062e9e2ed7bc3 corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm 61d98fd62be172adc372ef7f10e8d0f0 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm c46a82d37cb2377f9d232ee10fb837b4 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm e5be10030bae448b24998d65a2be9f6c corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm 9122ac82818d37d54e096d128866c64f corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm 1bfaa8464fefa7515a9abc6a4ff1da01 corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm 4c274b747483a610e16677f019c150f6 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm 6d1fe79343156bbd680b3d60941380b3 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm c7bdfd3abc0b711abe72e32ffa0b8e76 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm a62d0994768a936bbdef00a42a40e114 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm 7e586568c538c87728f51cdee94ba050 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm a4a6aabeae772da093d771695d350dc0 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 95d2a9ad359eb51d2c8743a8f2d8cc21 corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm 91629018178a74304f232c38b29ea831 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm 93465357b9ff908de20c7448d501c1fa corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm 4fe4964642e28e972c34c759d1e726d1 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm 461967ff7add4e31702460db4ee6e602 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm 6f5fbabba03318860472c0ce5c0a65e4 corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm 444fc50e3d9cccf09601026c7487d78e corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm 20da8a1239bc532d7c45d32931360d7b corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm 40af6535454c3ea73dc4f6473b9f24c0 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm 2c7d093af7530397c8b935409080c25c corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm 51b4f1d2ef0118a2ed84b430bc89242e corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm 66721b5e94867256724faf443ae1e8a3 corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm 8e37a1b93e5ae3850d1259eea8aa3de3 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm d705258a79d0cb500560de0f3babe596 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm 325bfc125311d543b8808133345afb00 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm ae37ee6f2b895664bfddb06798180907 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm 897a5a32aa8e71cd3b644bc75e33f98a corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj 8tuWJMZfMYQMzHlWuRM/BF0= =xvrZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/