LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated xfs package prevents arbitrary code Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:210
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xfs
 Date    : November 6, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflow in the build_range function in X.Org X Font Server
 (xfs) before 1.0.5 allows context-dependent attackers to execute
 arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol
 requests with crafted size values, which triggers a heap-based buffer
 overflow. (CVE-2007-4568)
 
 The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5
 allows context-dependent attackers to execute arbitrary code via (1)
 QueryXBitmaps and (2) QueryXExtents protocol requests with crafted
 size values that specify an arbitrary number of bytes to be swapped
 on the heap, which triggers heap corruption. (CVE-2007-4990)
 
 Updated package fixes these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 21577d9fef7ac045d14cecab380d6a04  2007.0/i586/xfs-1.0.2-13.1mdv2007.0.i586.rpm 
 d45b4bc4ce1d33ae435c67daf6efa400  2007.0/SRPMS/xfs-1.0.2-13.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 58c165973eb6df6f262bf23f5cbd80ba  2007.0/x86_64/xfs-1.0.2-13.1mdv2007.0.x86_64.rpm 
 d45b4bc4ce1d33ae435c67daf6efa400  2007.0/SRPMS/xfs-1.0.2-13.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 f73dea74c26fe8e0611b23821e433531  2007.1/i586/xfs-1.0.4-2.1mdv2007.1.i586.rpm 
 5dd43d23c5fed11c45378481a727637a  2007.1/SRPMS/xfs-1.0.4-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 ad3cae19550a54c895efedea7032a3cb  2007.1/x86_64/xfs-1.0.4-2.1mdv2007.1.x86_64.rpm 
 5dd43d23c5fed11c45378481a727637a  2007.1/SRPMS/xfs-1.0.4-2.1mdv2007.1.src.rpm

 Corporate 3.0:
 1dd2d97460752a1b300c706d93f140d1  corporate/3.0/i586/X11R6-contrib-4.3-32.14.C30mdk.i586.rpm
 316164ba32538409428ce18edc644482  corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.14.C30mdk.i586.rpm
 9e614219a1af764b5525a8178326e5c5  corporate/3.0/i586/XFree86-4.3-32.14.C30mdk.i586.rpm
 217941a341643324278dc00d6b28f811  corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.14.C30mdk.i586.rpm
 9507389b32a370f73de2688055f442de  corporate/3.0/i586/XFree86-Xnest-4.3-32.14.C30mdk.i586.rpm
 64257ccc6c62660ab507e54f0aade452  corporate/3.0/i586/XFree86-Xvfb-4.3-32.14.C30mdk.i586.rpm
 9932134b6f5cd1f0b4b42af00b2d0c19  corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.14.C30mdk.i586.rpm
 a869f06221d4798001b5e0730e07f5d4  corporate/3.0/i586/XFree86-doc-4.3-32.14.C30mdk.i586.rpm
 a88e481c01667fe7b959997a82f308af  corporate/3.0/i586/XFree86-glide-module-4.3-32.14.C30mdk.i586.rpm
 f989fbe1aaeb563e7aa3937afc0b3c2e  corporate/3.0/i586/XFree86-server-4.3-32.14.C30mdk.i586.rpm
 c3fcc3cbf418d72458eb1b3519df6128  corporate/3.0/i586/XFree86-xfs-4.3-32.14.C30mdk.i586.rpm
 3b50f12dffa4954b04a1afd72ffd33fb  corporate/3.0/i586/libxfree86-4.3-32.14.C30mdk.i586.rpm
 73dc00eb6eef1569ac15bf21e3ef5a46  corporate/3.0/i586/libxfree86-devel-4.3-32.14.C30mdk.i586.rpm
 5d2d5571bb25d30da8fed656316b0119  corporate/3.0/i586/libxfree86-static-devel-4.3-32.14.C30mdk.i586.rpm 
 4b161e98248c3609c592923cfc61ee6c  corporate/3.0/SRPMS/XFree86-4.3-32.14.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1ba6de4e92648fa32baf2816fd6f3c88  corporate/3.0/x86_64/X11R6-contrib-4.3-32.14.C30mdk.x86_64.rpm
 4c0da3e2ce7950f5b9a44f5e7fd494a0  corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.14.C30mdk.x86_64.rpm
 bc0929571d98237f97bc20657ecef53a  corporate/3.0/x86_64/XFree86-4.3-32.14.C30mdk.x86_64.rpm
 608c78bc7c6d0664261b6fb92fe6ac30  corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.14.C30mdk.x86_64.rpm
 986107647d3c9d420fca8fbcc8adf59f  corporate/3.0/x86_64/XFree86-Xnest-4.3-32.14.C30mdk.x86_64.rpm
 208183ffb9e903e1daaac88a7bbd187f  corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.14.C30mdk.x86_64.rpm
 4cb369ef6917e128e12fdb15879d541e  corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.14.C30mdk.x86_64.rpm
 b93c13ae721849fa369b85600d7adfd0  corporate/3.0/x86_64/XFree86-doc-4.3-32.14.C30mdk.x86_64.rpm
 249822b05377c3235ddd6f102f318430  corporate/3.0/x86_64/XFree86-server-4.3-32.14.C30mdk.x86_64.rpm
 6dd115f2aa4c969b1826876d9fe5d63f  corporate/3.0/x86_64/XFree86-xfs-4.3-32.14.C30mdk.x86_64.rpm
 87089390ff5f4c324aa0082335bda9e8  corporate/3.0/x86_64/lib64xfree86-4.3-32.14.C30mdk.x86_64.rpm
 c57ed444262fbe52c4dbf0e9f939b0fd  corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.14.C30mdk.x86_64.rpm
 ba95772e6f5189088f6b07768ac24ddf  corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.14.C30mdk.x86_64.rpm 
 4b161e98248c3609c592923cfc61ee6c  corporate/3.0/SRPMS/XFree86-4.3-32.14.C30mdk.src.rpm

 Corporate 4.0:
 ef79d0cbe2d7c5621b08ef969f0c1aca  corporate/4.0/i586/X11R6-contrib-6.9.0-5.16.20060mlcs4.i586.rpm
 751bad32e2d6ac87dbeb0b9fc815c4c1  corporate/4.0/i586/libxorg-x11-6.9.0-5.16.20060mlcs4.i586.rpm
 d25eb7bceacb1a7c6d72c1393ada1e36  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.16.20060mlcs4.i586.rpm
 a6be13009f62f195fd4bfbed29e1f542  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.16.20060mlcs4.i586.rpm
 dbb84b20f86d7fb8cf1ca897aa7ac08f  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.16.20060mlcs4.i586.rpm
 29c8d2dbce66ce0dff7886bb39f2ab54  corporate/4.0/i586/xorg-x11-6.9.0-5.16.20060mlcs4.i586.rpm
 ffd9c3dfc821d762f0701e54c643a6d2  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.16.20060mlcs4.i586.rpm
 924958f5cb459abb36e920f29acd96a6  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.16.20060mlcs4.i586.rpm
 8d21907a4c5c98db3d1c107e1685ba8a  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.16.20060mlcs4.i586.rpm
 a6a822349e4ad69948e85cf8170de3b5  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.16.20060mlcs4.i586.rpm
 2acc0570bbfb3c6a64f2cb10f2975af0  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.16.20060mlcs4.i586.rpm
 153150b6bb867058fe9dc317f1d70b9d  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.16.20060mlcs4.i586.rpm
 d21ee1d7e9d2874b4db950c7326bdfc9  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.16.20060mlcs4.i586.rpm
 895e011f3ee5ce512e429d8a838d9485  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.16.20060mlcs4.i586.rpm
 a594bf547804f504fdcab5421b1ea6f2  corporate/4.0/i586/xorg-x11-server-6.9.0-5.16.20060mlcs4.i586.rpm
 fbaa268d36d81c5beb6a0681dd482095  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.16.20060mlcs4.i586.rpm
 e450494d7a103233a20bb4793daf5237  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.16.20060mlcs4.i586.rpm 
 ece261e302ed0dc227583c687d397612  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.16.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6f36c441864d33a5680bab26a9ecca0f  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.16.20060mlcs4.x86_64.rpm
 25d24d2c61f6ceb40b86d7bbd7e80f7b  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.16.20060mlcs4.x86_64.rpm
 41feffaed15eb24da21e563b26f19e2a  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.16.20060mlcs4.x86_64.rpm
 d13e85c6c95f099f39ecc4a06e41063c  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.16.20060mlcs4.x86_64.rpm
 97c5716329d954a2d6ed071b6cb21b47  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.16.20060mlcs4.x86_64.rpm
 efd795d5ae67ae5f2fb465a12d9e6fab  corporate/4.0/x86_64/xorg-x11-6.9.0-5.16.20060mlcs4.x86_64.rpm
 562ee0687920068cc2add2a121a62c49  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.16.20060mlcs4.x86_64.rpm
 da5f39e73a9aeee548c265c412231dd8  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.16.20060mlcs4.x86_64.rpm
 27d95e9a5bb335d31ddb515d330b7d6a  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.16.20060mlcs4.x86_64.rpm
 c67ee1e79b971e398d0765cc443835c9  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.16.20060mlcs4.x86_64.rpm
 7d92729584524024f172f2b7acb14563  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.16.20060mlcs4.x86_64.rpm
 f58f5c7bc53e47751a670a08a207036b  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.16.20060mlcs4.x86_64.rpm
 03b8b69a7ae9ee061fc0d057f0279b98  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.16.20060mlcs4.x86_64.rpm
 f38eaddfc7f99c3b3206d8c9594bff85  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.16.20060mlcs4.x86_64.rpm
 736b4fcc2e3a2f085fed511ddcc780f4  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.16.20060mlcs4.x86_64.rpm
 58e2cb309bfbc5f93aa4ebd96ccd99b5  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.16.20060mlcs4.x86_64.rpm
 9bde01cd650a7e0cf35366150b4fda22  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.16.20060mlcs4.x86_64.rpm 
 ece261e302ed0dc227583c687d397612  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.16.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.