LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740). Updated packages are patched to address this issue. Updated packages for Corporate Server 4.0 have been patched
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2006:164-2
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : December 14, 2006
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of an integer overflow vulnerability in the
 'CIDAFM()' function in the X.Org and XFree86 X server could allow an
 attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3739).

 Local exploitation of an integer overflow vulnerability in the
 'scan_cidfont()' function in the X.Org and XFree86 X server could allow
 an attacker to execute arbitrary code with privileges of the X server,
 typically root (CVE-2006-3740).

 Updated packages are patched to address this issue.

 Update:

 Updated packages for Corporate Server 4.0 have been patched
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 4.0:
 3658ca4cd8a4c6e9821c418a5ce7b4b3  corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 c98057d36ee6db65dd49bb540f2dfdb5  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 296d32cb0bb9a4361e5288cd0c136410  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 569c78c8b3842c72cfe361fb89d1989d  corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
 438e53654ce1c11d5e28cce7d8316c34  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 6cd2047a430d3e10f68062e9e2ed7bc3  corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 61d98fd62be172adc372ef7f10e8d0f0  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 c46a82d37cb2377f9d232ee10fb837b4  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 e5be10030bae448b24998d65a2be9f6c  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
 9122ac82818d37d54e096d128866c64f  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
 1bfaa8464fefa7515a9abc6a4ff1da01  corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
 4c274b747483a610e16677f019c150f6  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
 6d1fe79343156bbd680b3d60941380b3  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
 c7bdfd3abc0b711abe72e32ffa0b8e76  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
 a62d0994768a936bbdef00a42a40e114  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
 7e586568c538c87728f51cdee94ba050  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
 a4a6aabeae772da093d771695d350dc0  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm 
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 95d2a9ad359eb51d2c8743a8f2d8cc21  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 91629018178a74304f232c38b29ea831  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 93465357b9ff908de20c7448d501c1fa  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 4fe4964642e28e972c34c759d1e726d1  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
 461967ff7add4e31702460db4ee6e602  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 6f5fbabba03318860472c0ce5c0a65e4  corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 444fc50e3d9cccf09601026c7487d78e  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 20da8a1239bc532d7c45d32931360d7b  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 40af6535454c3ea73dc4f6473b9f24c0  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
 2c7d093af7530397c8b935409080c25c  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
 51b4f1d2ef0118a2ed84b430bc89242e  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
 66721b5e94867256724faf443ae1e8a3  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
 8e37a1b93e5ae3850d1259eea8aa3de3  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
 d705258a79d0cb500560de0f3babe596  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
 325bfc125311d543b8808133345afb00  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
 ae37ee6f2b895664bfddb06798180907  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
 897a5a32aa8e71cd3b644bc75e33f98a  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm 
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.