LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New xorg-server packages fix privilege escalation Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1372-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 9th, 2007                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xorg-server
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-4730

Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation.

The oldstable distribution (sarge) is not affected by this problem.

For the stable distribution (etch) this problem has been fixed in
version 1.1.1-21etch1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xorg-server packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.dsc
      Size/MD5 checksum:     1989 040b7079792c41cf036ab6c53dc9b4a4
    http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.diff.gz
      Size/MD5 checksum:   623510 e631fd8b61a97e7f86acc8163e66877e
    http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
      Size/MD5 checksum:  8388609 15852049050e49f380f953d8715500b9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1028658 3d80f46705d75293dfdfc660b8c43bc0
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:   136746 c5b34af1931488d30258c4d1e9583590
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1762540 663078c6df56758348ae1643ef77f5a8
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1960320 d94c2f8cb88bb818ae853d4d711c5560
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  4453854 5ebd60f215bd68c9efb6cdb053cee5bb
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:   352544 f1dfdbdb4c14ac681148bff5f94a0d93
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1928424 610d3c3ed15d840b94997120d6e63a29

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   859102 da077a3b9ee01a66b3de1651d932acaf
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   130182 fbf76362c4261ff534cc8c529d323c08
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1472862 696e796f15ca561b6b07256814b13e5f
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1654590 995dddb3246c71bfb8bae0018cdd836c
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  3902396 1a8798118bead94e4b5572852f137569
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   345012 e1f5e1251d2107812b375c3a13312252
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1624188 6bf3205815c23651eef568640c3cf5ad

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   853576 dd529d80b55d4562c0c3b066987e08ae
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   125000 ac5ac4ac699f0cc1ca754016c722b043
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1445032 fa50381c5e6a40d082b905b2755735f9
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1621736 dc41c8ed286afeabb52e7af6ff83dca9
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  3777108 1af110b3dff919310791ec415d379066
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   351798 eb3703d019453582e8bb5ee2443de793
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1597628 22bdaf4d92a7e89b6c0906fc8fddf6a7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   909394 6b68fbf9ba66a39caa6236f120b490b9
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   131004 b0a37659a706e06c1915c34b6a827299
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1659468 2b7b8c24497dfd6427c5ede94f58a6a5
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1851080 ce9e56c1a863a9a562f8909328995adc
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  4384138 3bdc12e98ad1f384b309a39108d65ea5
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   345102 0d946eb1724bd7edd92c9a0914872e2e
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1819054 22408df158a6767f615d5ccd170e3a84

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   807370 f2ad4edec31adf075abe75f10643de7f
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   121352 c7a7d4de270399449afea857221b7f91
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1387858 19cf74099c6676b309b724b8414963f9
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1562444 dd469c7c4890339fa0bb43c9301a310f
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  3653718 6d648db6d7fe48f00f431ee5e86d7c86
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   345064 b1b629661823fb8730f161c731fc15fc
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1537096 4cefefec714244f78a28233bac11e418

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  1305428 f2ece147ad1b907995838bed86cb6577
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:   161196 c9180372fa91bf36126c1ea0ba7ab4d8
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2220142 3948c693f89b3182dd60f040e2d5abf7
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2496064 54444a1894c6bc2337b041fe08861bfa
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  5490490 e5bfa8cff919b6648119e344035bde66
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:   345034 9ff6c816d7e97ed6c5ad0bae1e399c39
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2447228 6859f398dfc87427937c49327e1100d4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   861486 9c2f72a576c8dbdba86fc9a77abc053a
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   134272 11b71d18b8909c78b4020f6107ab271e
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1536414 213eb32db439e80c012c8a5d5a40b42b
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1714128 cc75575b305b20884cfeb02faf756bb1
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  3826698 54b6877358b09310f70c4ed4904ad99e
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   345106 6fd5696caf0762c71259ec214bdc9146
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1681582 df0a9fcdc80b5885684ec12aea0c683b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   861548 35bd5a4bbfcc1c7ddbf582e8d064263f
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   134468 61b299727ef2918e29971781840e7499
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1527816 391158af638344327b186b4ee778d211
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1708056 1fc6708d75015836f96bfa8ff1d903c6
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  3710050 75c0fb7ef3b9a07ea3cca95675d06fa2
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   345116 805a2ca25c5b57248b3f21412ecd979f
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1673676 6f3ef4a748e1a703bf92c5da8a2631cc

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   841884 88cafc03c5997e08840f95426408c89d
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   136524 6aec5091c60835267a90e15a8c895207
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1447622 80c31af3c0c4069bde9a97b752c3849d
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1611484 6d6b6b0db0c78b64b77e7ec6ad7f05d2
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  3982304 80dd36c211d5afa6ec9955ed45dadbdb
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   345112 d2a04f508028e198a9c6340363c3dfbd
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1586774 d2f352dd71026a0d4e32f8dfab60b851

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   884036 be073e9c2ffce513729c899debf10cdf
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   130306 fd6db02b490ea4e52e194c9f302da6ec
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1565678 90815bb6a3c3b724e2a12e19f45bde62
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1739724 286ebfdff522a7b33442b703324836fa
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  4131780 4d58bef9651779a82c4422a132c299cd
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   345040 d101698d0486d09f03f5e459b4b78000
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1708700 ea5d1db09bd3e93682c9074fc7dd88a6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   778726 b744728a203c9db59fd524402fbc3790
    http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   119604 47c0eb32e0bccbf494a2c6342c0f3936
    http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1391256 37fbe9b2727722e2d2048cb035cff08f
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1547784 ca26dfab45daf960b947793f243444fa
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  3697216 ea5b1e30bd4b77ddb4b75238a694ce62
    http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   345556 6f66832f1b9f7c41f7d6c4200b4a7329
    http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1523874 c78486f12cf98694ceafd8ec74805699


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.