Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > UNIRAS Brief - 224/06 - Two Mandriva Linux Security Advisories: 1. MDKSA-2006:056, 2. MDKSA-2006:057

March 2006

UNIRAS Brief - 224/06 - Two Mandriva Linux Security Advisories: 1. MDKSA-2006:056, 2. MDKSA-2006:057

ID: 00224
Ref: 224
Date: 22 March 2006:10:45:20
Version: 1
Title: UNIRAS Brief - 224/06 - Two Mandriva Linux Security Advisories: 1. MDKSA-2006:056, 2. MDKSA-2006:057
Abstract: Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c. GNOME Evolution allows remote attackers to cause a denial of service.
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:056
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xorg-x11
Date : March 20, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which
allows non-root users to use the -modulepath, -logfile and -configure
options. This allows loading of arbitrary modules which will execute as
the root user, as well as a local DoS by overwriting system files.

Updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
46ee786eaf6fbcf7bf938ebce48a7ce1 2006.0/RPMS/libxorg-x11-6.9.0-5.3.20060mdk.i586.rpm
3f06cae5a43ea06de97ab93b623c7f1e 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.3.20060mdk.i586.rpm
96c329453a07eda970f6eaeb7a689156 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.3.20060mdk.i586.rpm
bcf177b1901d78020090b0197f5b43d4 2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.i586.rpm
32a16643784c1968104d12471bc7ebd1 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm
7a652e4429fc77aee754a5661bdfe755 2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.i586.rpm
975a38dcfc7d21448e62c584d7016f2f 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm
f9c48a395f08686de37a0df30e48e6cc 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.i586.rpm
fbec9c1632e1ca322f1536ffcbc8446d 2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.i586.rpm
36a55aa930a752bc2aa75b4af85d9c47 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.i586.rpm
ceeafcc3c7c41374058a16d33f46339f 2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.i586.rpm
801a6438b6dad8bb7293741deddb1b43 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.i586.rpm
252fdbd50c231c9ad5f81b42c199a2a8 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.i586.rpm
8e4e6c5f5d84bf80d70f0740ec9ea690 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.i586.rpm
e58bbda0563823ac115cbd88c6c987d8 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.i586.rpm
01500c42871893583e0b63057fe25167 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.i586.rpm
ffb613cb4bce6da186cc1db5cb23544d 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.i586.rpm
6e5852165a323a9bb414bd242df87721 2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c7b4f00e9a29235312f0175b9fb409ef x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm
eec32f6ccd371dac59972bda2337f956 x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.3.20060mdk.x86_64.rpm
7e022bbb1fffd0ea29535929b7a5b77f x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.3.20060mdk.x86_64.rpm
b5a9fc15100a53fd0bfc1d9650b79442 x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.x86_64.rpm
0c6b1355f3463cc933cdda3a25ecc8da x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
dbd2c5fab3e5e0cfe7ecad3116dc5148 x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm
8b47d4d7e111764d57049bfe0de214a2 x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
6c7ffd2d8466546d40bbf7d34d07a33c x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
770a043b690b71592009b36aaa49478c x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.x86_64.rpm
809daf9878848084378c461ca44e3f24 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.x86_64.rpm
c1345cff6c24d7b79148077b7175c193 x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.x86_64.rpm
affb27f1d415f544acdcc62a126ab3e6 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.x86_64.rpm
f16c26fd827c175c674ec16f1e62a391 x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.x86_64.rpm
0ba0619da42ede7ec4eeea529798010c x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.x86_64.rpm
c7aea15c582521540c8e6827f79d0bc4 x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.x86_64.rpm
6a9081fe30c8c84c280c6a1e63c2c913 x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.x86_64.rpm
7b1e6dd1fa20d2ce0cd410a7562edbaa x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.x86_64.rpm
6e5852165a323a9bb414bd242df87721 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEHwzTmqjQ0CJFipgRAixMAKDW9bewEG0zCQSI7zN0NdseCcz7ZACfaorS
enUQ01nWpdBfnLZQ0hXXtng=
=m0Zf
-----END PGP SIGNATURE-----

2.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:057
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cairo
Date : March 20, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

GNOME Evolution allows remote attackers to cause a denial of service
(persistent client crash) via an attached text file that contains
"Content-Disposition: inline" in the header, and a very long line in
the body, which causes the client to repeatedly crash until the e-mail
message is manually removed, possibly due to a buffer overflow, as
demonstrated using an XML attachment.

The underlying issue is in libcairo, which is used by recent versions
of Evolution for message rendering.

The Corporate Desktop 3.0 version of Evolution does not use libcairo
and is not vulnerable to this issue.

Updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0528
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
18795da3000ba593f1667b14c299a505 2006.0/RPMS/libcairo2-1.0.0-8.1.20060mdk.i586.rpm
8cc112928efae0689998f9eeab317e16 2006.0/RPMS/libcairo2-devel-1.0.0-8.1.20060mdk.i586.rpm
38abc115e3d581fed3788a543d54acea 2006.0/RPMS/libcairo2-static-devel-1.0.0-8.1.20060mdk.i586.rpm
d611cf94f1bee1c88810053cc6dce68c 2006.0/SRPMS/cairo-1.0.0-8.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
8b134af67bed9ea300530e02765d34bb x86_64/2006.0/RPMS/lib64cairo2-1.0.0-8.1.20060mdk.x86_64.rpm
e3626b3500ab87dc9abd0ef05d8b1870 x86_64/2006.0/RPMS/lib64cairo2-devel-1.0.0-8.1.20060mdk.x86_64.rpm
ce16dbfb1065b07c758ff5afb5e89dca x86_64/2006.0/RPMS/lib64cairo2-static-devel-1.0.0-8.1.20060mdk.x86_64.rpm
d611cf94f1bee1c88810053cc6dce68c x86_64/2006.0/SRPMS/cairo-1.0.0-8.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEHw0bmqjQ0CJFipgRAj3PAJ9MKwFvrdwhll7obp6h0tDiBoi36ACfVijD
7KS+I5Xzsv7M2NAxP62ukrM=
=RwN4
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information
contained in this Briefing.
----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning
that problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
----------------------------------------------------------------------------------

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |