X.Org security advisory: multiple vulnerabilities in the X server

Matthieu Herrb matthieu.herrb at laas.fr
Mon Jan 21 02:08:32 PST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthieu Herrb wrote:
| X.Org security advisory, January 17th, 2008
| Multiple vulnerabilities in the X server
| CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
|          CVE-2007-6429, CVE-2008-0006
|
| Overview
|
| Several vulnerabilities have been identified in server code of the X
| window system caused by lack of proper input validation on user
| controlled data in various parts of the software, causing various
| kinds of overflows.
|

Update: The patch for the MIT-SHM vulnerability (CVE-2007-6429)
introduced a regression for applications that allocate pixmaps with a
less than 8 bits depth. New patches are available for xserver 1.2 and
xserver 1.4:

ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff


MD5: 8e3f74c2cabddd3d629018924140e413
xorg-xserver-1.2-multiple-overflows-v2.diff[[BR]]
SHA1: 38ad95d97e83861c309276a27296787e6d0d1b54
xorg-xserver-1.2-multiple-overflows-v2.diff

MD5: ded4bc31104aedada0155514a968b45f
xorg-xserver-1.4-multiple-overflows-v2.diff[[BR]]
SHA1: af92fd389e72a3bb59d25dbf9cbb06e827b75d7d
xorg-xserver-1.4-multiple-overflows-v2.diff

- --
Matthieu Herrb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBR5RvIHKGCS6JWssnAQJSnwQA3UMGjwMJRf8fQ9nSuKFuURGmpShKbX1B
5V3e9yGnP22LLrrVO46QpZN7v2Gww1ezM7DhQSsGIdwPJAFxJgLPkIaydaerThtv
GsAoeTvITyv0hkNYBEh4+RNXuviz6m5vLIFaIhrx8UiuYwWRFCYDmeRLlsxpmhoM
DLSU0ByLlCU=
=unHW
-----END PGP SIGNATURE-----



More information about the xorg mailing list