Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2007 > Five Mandriva Linux Security Advisories

January 2007

Five Mandriva Linux Security Advisories

ID: 00034
Ref: 31/2007
Date: 16 January 2007:09:36:38
Version: 1
Title: Five Mandriva Linux Security Advisories
Abstract: 1. A functional update for postfix and cyrus-sasl is being provided. Postfix is receiving a major update from 2.2.x to the 2.3 branch. 2. There was a problem with mesa, where OpenGL applications would crash for users having some i965G chipsets. 3. Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. 4. Dean Gaudet discovered the geoipupdate utility fails to do sanity checking on the filename returned by "GET /app/update_getfilename?product_id=%s". 5. Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Five Mandriva Linux Security Advisories:

1. MDKA-2007:003 - Updated postfix and cyrus-sasl packages are provided to fix minor bugs

2. MDKA-2007:004 - Updated mesa packages provided to fix issues with some i965G chipsets

3. MDKSA-2007:001 - Update libmodplug packages fix buffer overflow vulnerabilities

4. MDKSA-2007:004 - Updated geoip packages fix geoipupdate vulnerability

5. MDKSA-2007-005 - Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities


Detail
======

1. A functional update for postfix and cyrus-sasl is being provided.
Postfix is receiving a major update from 2.2.x to the 2.3 branch.

2. There was a problem with mesa, where OpenGL applications would crash for users having some i965G chipsets.

3. Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

4. Dean Gaudet discovered the geoipupdate utility fails to do sanity checking on the filename returned by "GET /app/update_getfilename?product_id=%s".

5. Sean Larsson of iDefense Labs discovered several vulnerabilities in
X.Org/XFree86:




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2007:003
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postfix
Date : January 5, 2007
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

A functional update for postfix and cyrus-sasl is being provided.
Postfix is receiving a major update from 2.2.x to the 2.3 branch. The update process should make all the needed changes to the configuration files, but reading of the RELEASE_NOTES document, located in the documentation directory for the package, is recommended.

Some of the new features of postfix 2.3 include DNS (RFC 3461), Milter, configurable bounce messages, and sender-dependent SASL authentication support.

The primary change of the new cyrus-sasl packages is that the SASL configuration files are now stored in /etc/sasl2 instead of /usr/lib/sasl2./ The library will, however, still search in both places for backwards compatibility.

Please note that both packages must be installed together for the upgrade to work as intended.
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
7c68111a4a143ebf608c2e0ee144ea27 corporate/4.0/i586/cyrus-sasl-2.1.22-11.1.20060mlcs4.i586.rpm
20a521a2e2e0f1a004beed1dd73847a9 corporate/4.0/i586/libpostfix1-2.3.5-0.1.20060mlcs4.i586.rpm
2de34850b619078b7c2ae9e6e2170296 corporate/4.0/i586/libsasl2-2.1.22-11.1.20060mlcs4.i586.rpm
908d37e29b5b3ac38e65c61685942a82 corporate/4.0/i586/libsasl2-devel-2.1.22-11.1.20060mlcs4.i586.rpm
eaad37f1e07e33bfd433a5988655eb71 corporate/4.0/i586/libsasl2-plug-anonymous-2.1.22-11.1.20060mlcs4.i586.rpm
d84f7296cf29002d047f5605b3c16c7c corporate/4.0/i586/libsasl2-plug-crammd5-2.1.22-11.1.20060mlcs4.i586.rpm
98935f5639d38eb86655691df2722422 corporate/4.0/i586/libsasl2-plug-digestmd5-2.1.22-11.1.20060mlcs4.i586.rpm
e41edbf129e35d2ba53b84de8f0145b1 corporate/4.0/i586/libsasl2-plug-gssapi-2.1.22-11.1.20060mlcs4.i586.rpm
c06e863341073a147bc5ca2cf4651997 corporate/4.0/i586/libsasl2-plug-ldapdb-2.1.22-11.1.20060mlcs4.i586.rpm
e4fde8220f02e41b130324db5b00691b corporate/4.0/i586/libsasl2-plug-login-2.1.22-11.1.20060mlcs4.i586.rpm
9081a92a5a7865f311855119d9ce1181 corporate/4.0/i586/libsasl2-plug-ntlm-2.1.22-11.1.20060mlcs4.i586.rpm
e7278aac235e710fdd0bdda3825b6e9e corporate/4.0/i586/libsasl2-plug-otp-2.1.22-11.1.20060mlcs4.i586.rpm
649a77bb33d3bbf828edae619d810539 corporate/4.0/i586/libsasl2-plug-plain-2.1.22-11.1.20060mlcs4.i586.rpm
42dbed440ec5942763e0b30ca49157e9 corporate/4.0/i586/libsasl2-plug-sasldb-2.1.22-11.1.20060mlcs4.i586.rpm
010c8a8dcce20411588ed942163e293f corporate/4.0/i586/libsasl2-plug-sql-2.1.22-11.1.20060mlcs4.i586.rpm
a4381277400633d1ef93b807de317b8c corporate/4.0/i586/postfix-2.3.5-0.1.20060mlcs4.i586.rpm
ac33cd69106ab7c5020dbccaab256614 corporate/4.0/i586/postfix-ldap-2.3.5-0.1.20060mlcs4.i586.rpm
3ad136896d3edab3e71d989fc996b7b4 corporate/4.0/i586/postfix-mysql-2.3.5-0.1.20060mlcs4.i586.rpm
32ebca78ffbf4e36598c4b765a80f1d9 corporate/4.0/i586/postfix-pcre-2.3.5-0.1.20060mlcs4.i586.rpm
459c710cd00310d5c0d2f7771b8b2658 corporate/4.0/i586/postfix-pgsql-2.3.5-0.1.20060mlcs4.i586.rpm
07d0a6d6e8d9e9a029c5b441f6fb0ef5 corporate/4.0/SRPMS/cyrus-sasl-2.1.22-11.1.20060mlcs4.src.rpm
c030248cf190cce31f0e3953ff7319ab corporate/4.0/SRPMS/postfix-2.3.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
d4e74edf6b3b2eb899cdbbb3bd95e6e1 corporate/4.0/x86_64/cyrus-sasl-2.1.22-11.1.20060mlcs4.x86_64.rpm
6d835aebcb8afd3843b76d2930cb7b31 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.1.20060mlcs4.x86_64.rpm
678c562d2b121eab9af7d7e92dd58035 corporate/4.0/x86_64/lib64sasl2-2.1.22-11.1.20060mlcs4.x86_64.rpm
3a25a9765ee9c3d59bd09fe4bf54f92e corporate/4.0/x86_64/lib64sasl2-devel-2.1.22-11.1.20060mlcs4.x86_64.rpm
24fbc5d40c044942d3960dd20b5db882 corporate/4.0/x86_64/lib64sasl2-plug-anonymous-2.1.22-11.1.20060mlcs4.x86_64.rpm
338ac1c0e79781ab85164c782c561401 corporate/4.0/x86_64/lib64sasl2-plug-crammd5-2.1.22-11.1.20060mlcs4.x86_64.rpm
66ca25e125fa102a09f1db46b021f8a2 corporate/4.0/x86_64/lib64sasl2-plug-digestmd5-2.1.22-11.1.20060mlcs4.x86_64.rpm
a82b7bce3295561eed3ebbbe1d75e67a corporate/4.0/x86_64/lib64sasl2-plug-gssapi-2.1.22-11.1.20060mlcs4.x86_64.rpm
4d47a0c69fab6e718286aa2033f6ebe7 corporate/4.0/x86_64/lib64sasl2-plug-ldapdb-2.1.22-11.1.20060mlcs4.x86_64.rpm
47a0085bc163eb545fbecc3ce4d6d3c4 corporate/4.0/x86_64/lib64sasl2-plug-login-2.1.22-11.1.20060mlcs4.x86_64.rpm
70c82af586ff48b92f370cbc290635d2 corporate/4.0/x86_64/lib64sasl2-plug-ntlm-2.1.22-11.1.20060mlcs4.x86_64.rpm
4ec9044a2562e4a04aec78654a4cfc74 corporate/4.0/x86_64/lib64sasl2-plug-otp-2.1.22-11.1.20060mlcs4.x86_64.rpm
36f6985119739c0495ca474b88057cd6 corporate/4.0/x86_64/lib64sasl2-plug-plain-2.1.22-11.1.20060mlcs4.x86_64.rpm
277a197f4b8f8fee138c362369795c49 corporate/4.0/x86_64/lib64sasl2-plug-sasldb-2.1.22-11.1.20060mlcs4.x86_64.rpm
e28cf271f133185ff901fcbd76bf6e7b corporate/4.0/x86_64/lib64sasl2-plug-sql-2.1.22-11.1.20060mlcs4.x86_64.rpm
fbcac0b79bf24bbff6dc81b75c15767c corporate/4.0/x86_64/postfix-2.3.5-0.1.20060mlcs4.x86_64.rpm
776962d8c3307568a409521528906299 corporate/4.0/x86_64/postfix-ldap-2.3.5-0.1.20060mlcs4.x86_64.rpm
d9ac6b36111ae656390d1dc7b92d4781 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.1.20060mlcs4.x86_64.rpm
a5e4f86531c576de6663c67f79303196 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.1.20060mlcs4.x86_64.rpm
934e3855242172345a8fbd4c9c9fdc2b corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.1.20060mlcs4.x86_64.rpm
07d0a6d6e8d9e9a029c5b441f6fb0ef5 corporate/4.0/SRPMS/cyrus-sasl-2.1.22-11.1.20060mlcs4.src.rpm
c030248cf190cce31f0e3953ff7319ab corporate/4.0/SRPMS/postfix-2.3.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFnrhLmqjQ0CJFipgRAofWAKDsy3aQsf/FF/N51fAELCiPkRswMQCfT+Um
9msmGBapmFhmChbBzBvRlmY=
=fR00
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2007:004
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mesa
Date : January 9, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

There was a problem with mesa, where OpenGL applications would crash for users having some i965G chipsets.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://qa.mandriva.com/show_bug.cgi?id=26082
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
3f0bcb03a6d43da9531d60f686dfb2a4 2007.0/i586/libmesagl1-6.5-18.1mdv2007.0.i586.rpm
0a459b1d3ab1eed6b2810606d2f68040 2007.0/i586/libmesagl1-devel-6.5-18.1mdv2007.0.i586.rpm
cfe39d5e79eb47f6a2175501cefb8bf8 2007.0/i586/libmesaglu1-6.5-18.1mdv2007.0.i586.rpm
651649cc5b666ab51637295057f76763 2007.0/i586/libmesaglu1-devel-6.5-18.1mdv2007.0.i586.rpm
00b5a1c98b99a1b7c1bb62b5ca5eb3f4 2007.0/i586/libmesaglut3-6.5-18.1mdv2007.0.i586.rpm
4a4e0f89876b3db17e39357338765b37 2007.0/i586/libmesaglut3-devel-6.5-18.1mdv2007.0.i586.rpm
d0a95a594b3ecb94b012da8a78ffc641 2007.0/i586/libmesaglw1-6.5-18.1mdv2007.0.i586.rpm
2b6b1a863370ee147c2344773262f00e 2007.0/i586/libmesaglw1-devel-6.5-18.1mdv2007.0.i586.rpm
5f1c539d67d62b2cf9e3079ffb22a59e 2007.0/i586/mesa-6.5-18.1mdv2007.0.i586.rpm
1911f521b3df05f162898c227c701f14 2007.0/i586/mesa-common-devel-6.5-18.1mdv2007.0.i586.rpm
74d175fc86e0b8542ff3b6e0ba5de5be 2007.0/i586/mesa-demos-6.5-18.1mdv2007.0.i586.rpm
c0d223488e590aada5eae575a4df07c7 2007.0/i586/mesa-source-6.5-18.1mdv2007.0.i586.rpm
bf1667ca6070b8809727c930b4ae8fc1 2007.0/SRPMS/mesa-6.5-18.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
2cbf34023f0a7438c10a2ff6a9bc4a40 2007.0/x86_64/lib64mesagl1-6.5-18.1mdv2007.0.x86_64.rpm
6a63d3d66bca60d9f492209ae130f77c 2007.0/x86_64/lib64mesagl1-devel-6.5-18.1mdv2007.0.x86_64.rpm
48f5958e6942fd20ccc3da7b02481864 2007.0/x86_64/lib64mesaglu1-6.5-18.1mdv2007.0.x86_64.rpm
13d7c055640e3cf69d8d426cdfdd5734 2007.0/x86_64/lib64mesaglu1-devel-6.5-18.1mdv2007.0.x86_64.rpm
c04edf54aefc0c114b8bb34e8f5bba22 2007.0/x86_64/lib64mesaglut3-6.5-18.1mdv2007.0.x86_64.rpm
c2d6e4a50455dc2ed35a7a513fd88e79 2007.0/x86_64/lib64mesaglut3-devel-6.5-18.1mdv2007.0.x86_64.rpm
84f9e4d7f433f7e6d0b19322aa578dea 2007.0/x86_64/lib64mesaglw1-6.5-18.1mdv2007.0.x86_64.rpm
043d3c56b0706f3812d98e660ad00f40 2007.0/x86_64/lib64mesaglw1-devel-6.5-18.1mdv2007.0.x86_64.rpm
c6c8dd00d881c75a7de575d23cac6e4e 2007.0/x86_64/mesa-6.5-18.1mdv2007.0.x86_64.rpm
88d976e161d902dff646b214ad4f2f25 2007.0/x86_64/mesa-common-devel-6.5-18.1mdv2007.0.x86_64.rpm
22d61bf798d3ce2593da0b50bd1f68ee 2007.0/x86_64/mesa-demos-6.5-18.1mdv2007.0.x86_64.rpm
d41b4c54eb4990560f2c97f91e3aa15e 2007.0/x86_64/mesa-source-6.5-18.1mdv2007.0.x86_64.rpm
bf1667ca6070b8809727c930b4ae8fc1 2007.0/SRPMS/mesa-6.5-18.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFo6SamqjQ0CJFipgRAtuTAKDYPQiRS0+YpRFmCbqwIIzoKtiGugCgxGkW
NdAHQwYGm/5KkmKbTmupO7c=
=yW5L
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:001
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libmodplug
Date : January 2, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Updated packages are patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
c710c50a92587abd6f55078af2da22e7 2007.0/i586/libmodplug0-0.7-7.1mdv2007.0.i586.rpm
4cf79b5be35cdf2e4d22af922140d32e 2007.0/i586/libmodplug0-devel-0.7-7.1mdv2007.0.i586.rpm
68181a6907f78b10d3b0c379ca3fd76b 2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
fe5b2a2b546f98922a124b4f52cbf202 2007.0/x86_64/lib64modplug0-0.7-7.1mdv2007.0.x86_64.rpm
2b10aaf2fefcaef82512b42910d88408 2007.0/x86_64/lib64modplug0-devel-0.7-7.1mdv2007.0.x86_64.rpm
68181a6907f78b10d3b0c379ca3fd76b 2007.0/SRPMS/libmodplug-0.7-7.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFmnIzmqjQ0CJFipgRAvXJAKCZgqDu2+ZEfIKMCK5eK+9ZRXSl0wCg8yjL
xLoJFnjhI1dTrOo4FGnqcaw=
=eJpG
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:004
http://www.mandriva.com/security/
_______________________________________________________________________

Package : geoip
Date : January 8, 2007
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Dean Gaudet discovered the geoipupdate utility fails to do sanity checking on the filename returned by "GET /app/update_getfilename?product_id=%s".

Updated packages are patched to address this issue.
_______________________________________________________________________

References:

http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
fa1f121647c2537c612bd06cb696bf45 corporate/4.0/i586/geoip-1.4.0-2.1.20060mlcs4.i586.rpm
b7121479dd6061d651e1596d6d088742 corporate/4.0/i586/libgeoip1-1.4.0-2.1.20060mlcs4.i586.rpm
4672680cd19c237b0972c31428b5643d corporate/4.0/i586/libgeoip1-devel-1.4.0-2.1.20060mlcs4.i586.rpm
e5df2bdfcdcf1da47ff30756fe6515cb corporate/4.0/i586/libgeoipupdate0-1.4.0-2.1.20060mlcs4.i586.rpm
2ebfd111dd8511dc3cec4ade7ce39f73 corporate/4.0/SRPMS/geoip-1.4.0-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
fee7fd2c73be1c3a8b86c83e9b614192 corporate/4.0/x86_64/geoip-1.4.0-2.1.20060mlcs4.x86_64.rpm
0232c0ff1b9463ccddb155de4095fd47 corporate/4.0/x86_64/lib64geoip1-1.4.0-2.1.20060mlcs4.x86_64.rpm
a29ebe06132643a78ae9948fff1eb0bd corporate/4.0/x86_64/lib64geoip1-devel-1.4.0-2.1.20060mlcs4.x86_64.rpm
97ef3b059e9771b7c0783c66f0106f29 corporate/4.0/x86_64/lib64geoipupdate0-1.4.0-2.1.20060mlcs4.x86_64.rpm
2ebfd111dd8511dc3cec4ade7ce39f73 corporate/4.0/SRPMS/geoip-1.4.0-2.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFor7NmqjQ0CJFipgRApAZAKCLDkSuruaD63NgUa0pea3XDipthACgrAzC
CXwcpZmSUfcLoJTYUBffvkA=
=knVQ
- -----END PGP SIGNATURE-----



5.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007-005
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xorg-x11
Date : January 9, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________

Problem Description:

Sean Larsson of iDefense Labs discovered several vulnerabilities in
X.Org/XFree86:

Local exploitation of a memory corruption vulnerability in the 'ProcRenderAddGlyphs()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6101)

Local exploitation of a memory corruption vulnerability in the 'ProcDbeGetVisualInfo()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6102)

Local exploitation of a memory corruption vulnerability in the 'ProcDbeSwapBuffers()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6103)

Updated packages are patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
e9cfeae65ae50e767d8ccb17dddd71eb 2007.0/i586/x11-server-1.1.1-11.2mdv2007.0.i586.rpm
863a88c753a9d2d221fbac1b3310a65c 2007.0/i586/x11-server-common-1.1.1-11.2mdv2007.0.i586.rpm
52a30990b2bb31c6409c2d8d54bf86d3 2007.0/i586/x11-server-devel-1.1.1-11.2mdv2007.0.i586.rpm
3e1b9a8ddadf5096fff9dac82c578b1c 2007.0/i586/x11-server-xati-1.1.1-11.2mdv2007.0.i586.rpm
e99acd2df14c8328bc995433fad93324 2007.0/i586/x11-server-xchips-1.1.1-11.2mdv2007.0.i586.rpm
243ff8044e9c0e0770d736b2e2ffbdcd 2007.0/i586/x11-server-xdmx-1.1.1-11.2mdv2007.0.i586.rpm
2046ca8e10b87e2c357484c62d7ec745 2007.0/i586/x11-server-xephyr-1.1.1-11.2mdv2007.0.i586.rpm
3eaeb966c8a4484704efa87b470e9459 2007.0/i586/x11-server-xepson-1.1.1-11.2mdv2007.0.i586.rpm
9bf052af77fe144ee1b7b317f5c3bf94 2007.0/i586/x11-server-xfake-1.1.1-11.2mdv2007.0.i586.rpm
50012156051dd4080a42a2d3620d9623 2007.0/i586/x11-server-xfbdev-1.1.1-11.2mdv2007.0.i586.rpm
27e32328d5f2b4d6ad3ba8e72ade0b4b 2007.0/i586/x11-server-xi810-1.1.1-11.2mdv2007.0.i586.rpm
1739591ec6d79eeaa99216e1d1f5f50e 2007.0/i586/x11-server-xmach64-1.1.1-11.2mdv2007.0.i586.rpm
8f4c2520f8d5d046a23deff082ab301c 2007.0/i586/x11-server-xmga-1.1.1-11.2mdv2007.0.i586.rpm
64209b3e7013c2acee4c6dfe13688d03 2007.0/i586/x11-server-xneomagic-1.1.1-11.2mdv2007.0.i586.rpm
5a69978a79ba5893fcfabf779c877163 2007.0/i586/x11-server-xnest-1.1.1-11.2mdv2007.0.i586.rpm
857b758e0b246cc42824166e5f37c1e2 2007.0/i586/x11-server-xnvidia-1.1.1-11.2mdv2007.0.i586.rpm
b2ad469ef5e89b71b8ecef82d2272ebe 2007.0/i586/x11-server-xorg-1.1.1-11.2mdv2007.0.i586.rpm
2aeba4167d8668a01910b91553f9ae71 2007.0/i586/x11-server-xpm2-1.1.1-11.2mdv2007.0.i586.rpm
169b0ac813d81830f52e7b8e9b1cc639 2007.0/i586/x11-server-xprt-1.1.1-11.2mdv2007.0.i586.rpm
feeb76d3b0f116ee7dfe3ac0391ad050 2007.0/i586/x11-server-xr128-1.1.1-11.2mdv2007.0.i586.rpm
50167c3c324a2dd52a9eb4213f437d43 2007.0/i586/x11-server-xsdl-1.1.1-11.2mdv2007.0.i586.rpm
1623181b5bd6a0abf68929b9bd12b70f 2007.0/i586/x11-server-xsmi-1.1.1-11.2mdv2007.0.i586.rpm
6a8b39a6f4c0f10d2ec6e5cb217f56a2 2007.0/i586/x11-server-xvesa-1.1.1-11.2mdv2007.0.i586.rpm
37d90882ac4864086a54f619cd037b9e 2007.0/i586/x11-server-xvfb-1.1.1-11.2mdv2007.0.i586.rpm
7622c3a9b1ab0a62d6046324081f1e46 2007.0/i586/x11-server-xvia-1.1.1-11.2mdv2007.0.i586.rpm
991736d620094e091cd09658881fd7f8 2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
624a8b074db6605206d0a7b16cb01892 2007.0/x86_64/x11-server-1.1.1-11.2mdv2007.0.x86_64.rpm
52f61bd6297e082b93d42492dc7c9920 2007.0/x86_64/x11-server-common-1.1.1-11.2mdv2007.0.x86_64.rpm
843eeac61cba5d88654c24e1464e94c6 2007.0/x86_64/x11-server-devel-1.1.1-11.2mdv2007.0.x86_64.rpm
b3aeed35380974bd01c4078ee0b2b687 2007.0/x86_64/x11-server-xdmx-1.1.1-11.2mdv2007.0.x86_64.rpm
4de253b9405097c7bad41b7842a2827a 2007.0/x86_64/x11-server-xephyr-1.1.1-11.2mdv2007.0.x86_64.rpm
ddeeaf830dce542cfbef3f8e236e9216 2007.0/x86_64/x11-server-xfake-1.1.1-11.2mdv2007.0.x86_64.rpm
88e5e3f7c453ab113705a3b3b528862f 2007.0/x86_64/x11-server-xfbdev-1.1.1-11.2mdv2007.0.x86_64.rpm
f0aea95d2330be1619434a6ca97ac6a0 2007.0/x86_64/x11-server-xnest-1.1.1-11.2mdv2007.0.x86_64.rpm
6f1da00becac710b69cbfe7d8df013b5 2007.0/x86_64/x11-server-xorg-1.1.1-11.2mdv2007.0.x86_64.rpm
bddf7d82635be497b546afe2c4d352c2 2007.0/x86_64/x11-server-xprt-1.1.1-11.2mdv2007.0.x86_64.rpm
d43d53671b7b05071dc7f5fc56ffad33 2007.0/x86_64/x11-server-xsdl-1.1.1-11.2mdv2007.0.x86_64.rpm
fd29c26ca80cdf0908ef06931e7ff54f 2007.0/x86_64/x11-server-xvfb-1.1.1-11.2mdv2007.0.x86_64.rpm
991736d620094e091cd09658881fd7f8 2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm

Corporate 3.0:
9148c6038e8c967aba90a92a1a8958c1 corporate/3.0/i586/X11R6-contrib-4.3-32.10.C30mdk.i586.rpm
89211ef83bfad6813228f0f27b9ef817 corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.10.C30mdk.i586.rpm
5faeb0a6e17115455c47f6fb166ba7eb corporate/3.0/i586/XFree86-4.3-32.10.C30mdk.i586.rpm
ce5906b0b96e0bcd9d4ed63bfd9d7016 corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.10.C30mdk.i586.rpm
0cadc3a5cd34d63dc5c1afbd5897fa20 corporate/3.0/i586/XFree86-Xnest-4.3-32.10.C30mdk.i586.rpm
3b003d55b3e46df3d3a14f173e42bbb1 corporate/3.0/i586/XFree86-Xvfb-4.3-32.10.C30mdk.i586.rpm
bfd0693e954aae7aee49d0e4399ba4e0 corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.i586.rpm
1a4c609b26c26c99848340cc40b407bc corporate/3.0/i586/XFree86-doc-4.3-32.10.C30mdk.i586.rpm
3fd3517036524b311646a882164a7d30 corporate/3.0/i586/XFree86-glide-module-4.3-32.10.C30mdk.i586.rpm
44f0e5d20c7ee87552d2e746f6dfa534 corporate/3.0/i586/XFree86-server-4.3-32.10.C30mdk.i586.rpm
937aec7feb3b3d4da364e320c1f758fc corporate/3.0/i586/XFree86-xfs-4.3-32.10.C30mdk.i586.rpm
75c05caec92af135695ae8f15a2488fb corporate/3.0/i586/libxfree86-4.3-32.10.C30mdk.i586.rpm
6fc75fe45b1245d54cc4fb06bfe762bb corporate/3.0/i586/libxfree86-devel-4.3-32.10.C30mdk.i586.rpm
d1c3a5fc42a38516b5834a8e35b6f49e corporate/3.0/i586/libxfree86-static-devel-4.3-32.10.C30mdk.i586.rpm
1b8bceb7a2642f2e3a971d531b193007 corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm

Corporate 3.0/X86_64:
7ee0237dc34c37d4c73388d57a2d3c52 corporate/3.0/x86_64/X11R6-contrib-4.3-32.10.C30mdk.x86_64.rpm
e3f5145bc9a2ccbc0b9d9b30e54969c3 corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
5e9c303e5690eb4a9109e7935eb50a85 corporate/3.0/x86_64/XFree86-4.3-32.10.C30mdk.x86_64.rpm
b0808240fe585b84dc2aed1324d1fd27 corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
2e2c1b00c7a4287d87a33723c23ef11a corporate/3.0/x86_64/XFree86-Xnest-4.3-32.10.C30mdk.x86_64.rpm
6c326e1c535ca70df484ae34b80fcf0d corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.10.C30mdk.x86_64.rpm
34def7b4bd2ed971f9a69e7fe26a7372 corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.x86_64.rpm
1b9e3720b03e0ffca7944bfcd9536e3b corporate/3.0/x86_64/XFree86-doc-4.3-32.10.C30mdk.x86_64.rpm
a3df7a48a2f25edc0efa27234dfb2128 corporate/3.0/x86_64/XFree86-server-4.3-32.10.C30mdk.x86_64.rpm
5f8fcba19fc2fe479ed557dc4125ef6c corporate/3.0/x86_64/XFree86-xfs-4.3-32.10.C30mdk.x86_64.rpm
2d01f64e908ce7dd1411001e23018c24 corporate/3.0/x86_64/lib64xfree86-4.3-32.10.C30mdk.x86_64.rpm
9ec4b9cc7c4117305de1e0cbb17ea8b3 corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.10.C30mdk.x86_64.rpm
b77985da421c22202680742b4ccc5447 corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.10.C30mdk.x86_64.rpm
1b8bceb7a2642f2e3a971d531b193007 corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm

Corporate 4.0:
8e089a4ef68aff1789ed2c4cef972d24 corporate/4.0/i586/X11R6-contrib-6.9.0-5.12.20060mlcs4.i586.rpm
0dac18db189becad7a67346cede0183e corporate/4.0/i586/libxorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
0dc25305748b721645175c5caf75689c corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.12.20060mlcs4.i586.rpm
c5490bd924f095a0e22a50e96aad80a0 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.12.20060mlcs4.i586.rpm
12da75d63b793a02a7b77f938f297a82 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
d6ecee6c2985b18775451d513bd1a493 corporate/4.0/i586/xorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
da73771814b81998f776a169734f0a20 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
35249bddab011696dba37b0565eff898 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.i586.rpm
55a0dff2f82b465538027f7e0e91a964 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.i586.rpm
144603da06de8d39336e007557b9f0b2 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.i586.rpm
cd27e5f31b7250b1a4c4ce925029abf8 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.i586.rpm
b0ead40c84ce739ca1d24e50b5868b27 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
4683f1fb09d96f0c0b450cccd4e9f5c6 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.12.20060mlcs4.i586.rpm
0090f847fef749717d1bc91b98ddc422 corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.i586.rpm
220f2da365172f202119f574dfab4d63 corporate/4.0/i586/xorg-x11-server-6.9.0-5.12.20060mlcs4.i586.rpm
d12721c806bcd7a9c56c83e7784727ba corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.i586.rpm
b6a8bbd3f577c9896c3bae077300815c corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.i586.rpm
f2d6cf5768697c0fbdedd0bbd135e5b9 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
f18da535850b7efdb893643149b6995a corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.12.20060mlcs4.x86_64.rpm
66cb4d3742369b513f267dd161680ae6 corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
1e817400f6a8518f50c85d01ca6948a6 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
e6865185911db47e1e1fcd070518bc66 corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
72ede3d265866735cd2fea75a0231f3e corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
8b74da5fe3e5c3d818e260b2cb0f15b1 corporate/4.0/x86_64/xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
bd44c5154c7f13b55e7ede7b8ee3ed3e corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
b42ead884af565eab5ae9c2ef8fb2ef8 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.x86_64.rpm
df09a744989a85f1fb89def14439593d corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.x86_64.rpm
ef662618647d0b780866fec114bd7f4a corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.x86_64.rpm
816ea88bd0adff1ba57ee83efe7c53bd corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.x86_64.rpm
806c2a631d90b61df24881da03d5ad91 corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
edbad883642363e64c55d520d162f2b9 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.12.20060mlcs4.x86_64.rpm
7f328aefd48e2c60c7c2e87ad7639dcc corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.x86_64.rpm
57beb2c5e9a40c0c5634668df97387a1 corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.12.20060mlcs4.x86_64.rpm
69f4c61e918f7672c09bc9c286bdc5f8 corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.x86_64.rpm
3e6c1d7675edbcda662359608b7bed6a corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.x86_64.rpm
f2d6cf5768697c0fbdedd0bbd135e5b9 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFo+KZmqjQ0CJFipgRAuJ6AJ0QFWMIiYKUKpQfqe6QthWMADxSkgCg7yO/
/JXeS2QTgqHkyLh4zU+u3uo=
=iDxt
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |