LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: X.org vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-453-1             April 18, 2007
libx11 vulnerability
CVE-2007-1667
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libx11-6                                 2:1.0.0-0ubuntu9.1

Ubuntu 6.10:
  libx11-6                                 2:1.0.3-0ubuntu4.1

After a standard system upgrade you need to restart your session or 
reboot your computer to effect the necessary changes.

Details follow:

Multiple integer overflows were found in the XGetPixel function of 
libx11.  If a user were tricked into opening a specially crafted XWD 
image, remote attackers could execute arbitrary code with user 
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0-0ubuntu9.1.diff.gz
      Size/MD5:   296713 c02907c6ee1ea4d7de17ec328eb3a2ec
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0-0ubuntu9.1.dsc
      Size/MD5:      904 910682e8e8471c93b9c7f350bde18309
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.0.orig.tar.gz
      Size/MD5:  1864594 67c938b93d52b71d350f8bb61c4ffd98

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.0-0ubuntu9.1_amd64.deb
      Size/MD5:  2516010 f7ccc4a58bb4d231b24f7625efbd62fb
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-0ubuntu9.1_amd64.deb
      Size/MD5:   753850 23e06d9506f145819681b46663f64a63
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.0-0ubuntu9.1_amd64.deb
      Size/MD5:  1309144 363c492cab8c189f64e435b11f61cd4f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.0-0ubuntu9.1_i386.deb
      Size/MD5:  2357296 37bcfc960b9659eecd4f18e341d042e0
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-0ubuntu9.1_i386.deb
      Size/MD5:   709932 a8590be9cb19a19f2e2c5a1a5e77891e
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.0-0ubuntu9.1_i386.deb
      Size/MD5:  1239616 7ea6287c6c20e3fc7574bc4ece4a6f8a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.0-0ubuntu9.1_powerpc.deb
      Size/MD5:  2556312 7b0cbce8570ffb1a28d4db1b4cafea4c
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-0ubuntu9.1_powerpc.deb
      Size/MD5:   739432 f5bb7c9015bb78a8028fe8ea610f56eb
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.0-0ubuntu9.1_powerpc.deb
      Size/MD5:  1278756 cf9f2f37c22e556d944f6770e7245ec3

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.0-0ubuntu9.1_sparc.deb
      Size/MD5:  2422854 6c4445eefac1d5db0351c1099076d0f6
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.0-0ubuntu9.1_sparc.deb
      Size/MD5:   708368 e4b90a1837c3ac6225ffae953c96c5b6
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.0-0ubuntu9.1_sparc.deb
      Size/MD5:  1247782 649b7509afa1fff166aded5c29589727

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3-0ubuntu4.1.diff.gz
      Size/MD5:    95653 63f1ad8426d56ec2b0bf1f06970a5213
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3-0ubuntu4.1.dsc
      Size/MD5:      998 b8f1fcb2a7439eed68327677488c52b7
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11_1.0.3.orig.tar.gz
      Size/MD5:  1927173 d734dacf32abebc4001bd7d63076994a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-data_1.0.3-0ubuntu4.1_all.deb
      Size/MD5:   196810 7fe93ec08c95dae145b50ef747645ac1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.3-0ubuntu4.1_amd64.deb
      Size/MD5:  2610148 8b40eb73bfe3e7f2cf4c051176b34ca6
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-0ubuntu4.1_amd64.deb
      Size/MD5:   611674 146a9b05faf5693e3d2fd434ca96fe0e
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.3-0ubuntu4.1_amd64.deb
      Size/MD5:  1224324 0729fc93822f37b6abc336fcce3f35ff

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.3-0ubuntu4.1_i386.deb
      Size/MD5:  2551504 884f521b2ff4b92e59ff3b8caef774c2
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-0ubuntu4.1_i386.deb
      Size/MD5:   581756 a33f587eb982916ae95ca7f8f433b21d
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.3-0ubuntu4.1_i386.deb
      Size/MD5:  1181490 998fa42dbe413a679f4ab90a894ca6e7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  2655500 ffba7f335c5e51d869a963742398cddc
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-0ubuntu4.1_powerpc.deb
      Size/MD5:   606146 cd238fe13446b96c55204a6e598bb126
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  1206196 a66f92c6944f62d1508051bf0e67f4d1

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6-dbg_1.0.3-0ubuntu4.1_sparc.deb
      Size/MD5:  2551334 f29ccc071861a182e6cbc82d9cb3ccb8
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-6_1.0.3-0ubuntu4.1_sparc.deb
      Size/MD5:   569312 2f9bc45693e648a4d7b871f9e73b9615
    http://security.ubuntu.com/ubuntu/pool/main/libx/libx11/libx11-dev_1.0.3-0ubuntu4.1_sparc.deb
      Size/MD5:  1182732 6cb6272593218030c3f38c49c1006025


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.