LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: X.org vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Aaron Plattner discovered that the Composite extension did not correctly calculate the size of buffers when copying between different bit depths. An authenticated user could exploit this to execute arbitrary code with root privileges.
=========================================================== 
Ubuntu Security Notice USN-514-1         September 18, 2007
xorg-server vulnerability
CVE-2007-4730
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xserver-xorg-core               1:1.0.2-0ubuntu10.7

After a standard system upgrade you need to restart your session to affect
the necessary changes.

Details follow:

Aaron Plattner discovered that the Composite extension did not correctly
calculate the size of buffers when copying between different bit depths.
An authenticated user could exploit this to execute arbitrary code with
root privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.7.diff.gz
      Size/MD5:    32472 6a6d37635fc4ea64383125476f12125f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.7.dsc
      Size/MD5:     1804 721150a166cc2624006d393b50b7efdd
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2.orig.tar.gz
      Size/MD5:  7966941 f44f0f07136791ed7a4028bd0dd5eae3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  1414612 b040adf842f4808332b1c2ae9398fd35
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  4048390 34e71f9f1dc217e59defadaf11005c9d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:   294578 53bd2b029db77a964f95740f9b156476
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  1564722 2097c92c355d4353a035c7c70063b937
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:    49962 3bc71c9ae003ab40f1b79488278994d1
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:   849026 3347c6029df6a0e39d3f71e4691f4760

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  1241798 eecebed99b8d63b9b7caa562a228638f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  3531696 a5c73e04b5f17546deb0dd688dfe2743
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:   294620 aa2bc63cf7effea51e6867a8d866c508
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  1382916 30246f435cc61b20243bea831673a3c3
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:    42502 8d0e1cd2999487dd86a67082ca04e4c1
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:   748778 129c73ea8525ba80211c5ba2dab196ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  1368488 89e2dfd7dd992227131fc34786068797
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  4076120 5ed11b5c4784173687107fa13762928f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:   294634 071a6282d870a46df34f3fa13466eaa3
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  1506792 97b2fc49134d81c1956cb21e15b2292b
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:    55218 bd239e1bd4ff9a6700569fcf9f8e5826
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:   825392 120bb955450c27103b72174be816ad09

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  1313534 b8d8b442473a36f3df11ba6c11132b86
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  3789634 d44baec0b8f7b1f2b7de12eecc4f11ef
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:   295044 e64f3fa2265dd31ad60e126e9d5fb33b
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  1445910 48715a64bdd21fa226d482a11fb9542d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:    43944 64852f714a49d1fce9c070ccc7598623
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:   758650 2eb14130350612ee86f3a6dbe4b462bc


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Home router security holes to be exposed at Def Con 22 hacker meet up
Edward Snowden Calls on Hackers to Help Whistleblowers Leak More Secrets
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.