Fedora Core 5 Update: xorg-x11-server-1.0.1-9 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

How strictly do your users obey your security policies?

	To the letter.
	For the most part.
	When it suits them.
	By chance.
	Not at all.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: November 21st, 2008

Linux Security Week: November 17th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 5 Update: xorg-x11-server-1.0.1-9

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Coverity scanned the X.Org source code for problems and reported their findings to the X.Org development team. Upon analysis, Alan Coopersmith, a member of the X.Org development team, noticed a couple of serious security issues in the findings. In particular, the Xorg server can be exploited for root privilege escalation by passing a path to malicious modules using the -modulepath command line argument. Also, the Xorg server can be exploited to overwrite any root writable file on the filesystem with the -logfile command line argument.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-172
2006-03-20
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : xorg-x11-server
Version     : 1.0.1                      
Release     : 9                  
Summary     : X.Org X11 X server
Description :
X.Org X11 X server

---------------------------------------------------------------------
Update Information:

Coverity scanned the X.Org source code for problems and
reported their findings to the X.Org development team. Upon
analysis, Alan Coopersmith, a member of the X.Org
development team, noticed a couple of serious security
issues in the findings.  In particular, the Xorg server can
be exploited for root privilege escalation by passing a path
to malicious modules using the -modulepath command line
argument.  Also, the Xorg server can be exploited to
overwrite any root writable file on the filesystem with the
-logfile command line argument.
---------------------------------------------------------------------
* Wed Mar 15 2006 Ray Strode  - 1.0.1-9
- CVE-2006-0745 (bug 185084)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

62c76f10a229a7acb1124f2fcd2bf09bc3d5f9c2  SRPMS/xorg-x11-server-1.0.1-9.src.rpm
b5aaa17856b44f1c9478fb57940053f8853fbdc7  ppc/xorg-x11-server-Xorg-1.0.1-9.ppc.rpm
d522b711623540752dab0285f3e6e9af5957e93e  ppc/xorg-x11-server-Xnest-1.0.1-9.ppc.rpm
30d539d1981ee371c3c23d37040f645e18cab3cb  ppc/xorg-x11-server-Xdmx-1.0.1-9.ppc.rpm
105129cb3df40edefa427a3079b01723796b78e3  ppc/xorg-x11-server-Xvfb-1.0.1-9.ppc.rpm
47cac9878371cda596282f1312097391b63e6f5c  ppc/xorg-x11-server-sdk-1.0.1-9.ppc.rpm
c9b2e112fbb160304fe88687d786f7a296c12e67  ppc/debug/xorg-x11-server-debuginfo-1.0.1-9.ppc.rpm
c1354391868e4d65dec1fde4df901c663977529e  x86_64/xorg-x11-server-Xorg-1.0.1-9.x86_64.rpm
4e75a20403dd8aa89b1c40334694b7d7dccfc0db  x86_64/xorg-x11-server-Xnest-1.0.1-9.x86_64.rpm
86f7afcdacf79cccdf12f8c013bef03d84a2420b  x86_64/xorg-x11-server-Xdmx-1.0.1-9.x86_64.rpm
cf4fb466fe5c3cca5a1360c6f70a7e0b04fa0080  x86_64/xorg-x11-server-Xvfb-1.0.1-9.x86_64.rpm
3448d6e446fdf245b805e731ade54c6801daaa53  x86_64/xorg-x11-server-sdk-1.0.1-9.x86_64.rpm
5a6e70aef827c124c7ef660c544f78def11a498e  x86_64/debug/xorg-x11-server-debuginfo-1.0.1-9.x86_64.rpm
dc08e7f253ba49a6bc0ca5b29d988a78b928dba2  i386/xorg-x11-server-Xorg-1.0.1-9.i386.rpm
2235e42c5ffe9255f4cc18f68e19b0652e2a52ec  i386/xorg-x11-server-Xnest-1.0.1-9.i386.rpm
0babd4a06f0ac57eb8ea2730022b9cb5e49abe5d  i386/xorg-x11-server-Xdmx-1.0.1-9.i386.rpm
4ac6d2ef90052d965f0d23abb27ea5d7128c51c9  i386/xorg-x11-server-Xvfb-1.0.1-9.i386.rpm
afbdac912fa0cc580f18c4ff3eccff444f89595f  i386/xorg-x11-server-sdk-1.0.1-9.i386.rpm
b36a9dd6eed098a3c8f55d5415ee07d1a893b5ba  i386/debug/xorg-x11-server-debuginfo-1.0.1-9.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

< Prev		Next >

Partner:

Latest Features

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Yesterday's Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital