Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: regression Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)
Ubuntu Security Notice USN-571-2           January 19, 2008
xorg-server regression

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xserver-xorg-core               1:1.0.2-0ubuntu10.10

Ubuntu 6.10:
  xserver-xorg-core               1:1.1.1-0ubuntu12.5

Ubuntu 7.04:
  xserver-xorg-core               2:1.2.0-3ubuntu8.3

Ubuntu 7.10:
  xserver-xorg-core               2:

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-571-1 fixed vulnerabilities in  The upstream fixes were
incomplete, and under certain situations, applications using the MIT-SHM
extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
 TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
 function arguments.  An authenticated attacker could send specially
 crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427,
 CVE-2007-6428, CVE-2007-6429)
 It was discovered that the server did not use user privileges when
 attempting to open security policy files.  Local attackers could exploit
 this to probe for files in directories they would not normally be able
 to access.  (CVE-2007-5958)
 It was discovered that the PCF font handling code did not correctly
 validate the size of fonts.  An authenticated attacker could load a
 specially crafted font and gain additional privileges.  (CVE-2008-0006)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    36728 c261109447714cba74712651b53bdbd1
      Size/MD5:     1806 dc7cc2874ade7da9169691bb91c5edc8
      Size/MD5:  7966941 f44f0f07136791ed7a4028bd0dd5eae3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1415044 c0a72a91c6eda2d22936d4d149060c53
      Size/MD5:  4049278 7759626a4f675b4d5392ca3a7663a107
      Size/MD5:   295262 0ec4c6649462103b07f3f0c8d84ce12c
      Size/MD5:  1565834 c773721faf85d4c1c646304f88f4d963
      Size/MD5:    50612 d4df8a3dc9c3872ccb6fb52a166c3f9a
      Size/MD5:   849490 54ee357cf67323d543a7013f262e44bb

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1242618 9fd49606b4947207ddd4309d55bfaeeb
      Size/MD5:  3532676 dbeb88e8f6f9b90c73a626fd0096b514
      Size/MD5:   295264 3184777b506ff0a5730c62900a97772a
      Size/MD5:  1383684 a876060427cb696f6da945ae9c591c4a
      Size/MD5:    43132 d6ad2a9d465f34deac1007f2a2015e01
      Size/MD5:   749644 4f0324c95ac9c4d8152637b045cf13ff

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1369398 d974dca890909d7cba860c90e431b407
      Size/MD5:  4076008 b4bf851c2bc2c44008956c907997fe66
      Size/MD5:   295280 da7cd9250cdf9b9c9c42f51f4016e393
      Size/MD5:  1507572 896dcfcb2c499a596b14c6c006957ae0
      Size/MD5:    55802 c033f095455f9b8a0f5c6f0b1fd5771b
      Size/MD5:   826040 bd347d419664823cc50f94361336795a

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1314540 6d67012961db3539c72f17fed1392711
      Size/MD5:  3790072 cb3b5fdb78b936e31b97e8c8e279e6db
      Size/MD5:   295666 53526ac7d8dc5825513b959e52d017c0
      Size/MD5:  1446704 2d0ff0d1be6ddb23eb83691b5b4eaa1b
      Size/MD5:    44540 2e7ae1f9d036384bd4a1112166958635
      Size/MD5:   759358 00173ba83b31df6447c6007f9c433ad3

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    96873 eaf7d707e5897f05328272fe33382a8c
      Size/MD5:     2020 87a39ba14db28920c02d29b7a43f50e2
      Size/MD5:  8388609 15852049050e49f380f953d8715500b9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1427686 32f67610a61fd8195640a0d5f5fbb0f5
      Size/MD5:  3918584 4ed2babdf3e82b1742db20d847fd1930
      Size/MD5:   298024 6bf3db0effe0262dfdc533af27752b25
      Size/MD5:  1579962 4a8e48d846b68405e608bd15d8fe9107
      Size/MD5:    58012 9b828a8eac19052aadfbd348958097b7
      Size/MD5:   814094 e7d320d9b6ea567c926bfaf94e7a183f
      Size/MD5:  1608774 e82e6e90b23971d31da5325e5bd9f02a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1327942 c277240f1c03c9eb49198cee06985e86
      Size/MD5:  3563170 5bb1443dd817735c1c690a07ef086716
      Size/MD5:   298044 de013bef34d9d5b5cdfab3fbb97b7fa3
      Size/MD5:  1475818 8b2685f1090ca4610007a09b52f91367
      Size/MD5:    51236 02a7da3ec510265f21d1abba7cd4d600
      Size/MD5:   752096 a1b27f7a81c750325bd715837103248d
      Size/MD5:  1499558 991607e20c6da6f40dee995fedb05387

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1402642 4966494d6c941b1c4938ac9e29089721
      Size/MD5:  3984614 61298d5401a90f4166a18954907bbd02
      Size/MD5:   298062 8426d951907c373d2f980606a3ea10cb
      Size/MD5:  1542060 1c9072daad4e71a4fd5d85a61d772aa2
      Size/MD5:    64040 664429807be094a8488e30803959a491
      Size/MD5:   798426 e1ab1ef849253b755408a83600662be8
      Size/MD5:  1566822 6c705936fa66907ff993e21e4dfdff63

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1345214 316b3b7a2b053974fadaeef264a1fdbe
      Size/MD5:  3697410 5082b277500840285d8f8fd77d357adc
      Size/MD5:   298408 b53eff32d4468b10f72e6168db3797ac
      Size/MD5:  1478686 537a8ba8a499b4793e9210096d7e6918
      Size/MD5:    50928 b76fb921beedaf1c15793d7e0495d057
      Size/MD5:   734624 bc9713327eb4acb8dce9e318f1603388
      Size/MD5:  1501038 8cc8f95f9860191e40d744296b1310db

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   461716 efc88772ceede675d2d1ec779cba8b2b
      Size/MD5:     2117 b6e64d5792b86281d94d62d7c4f7b6a4
      Size/MD5:  8106829 8cc04a469a7d3911441ac9028c13bcb6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1490046 f8e9df51c645c18bf406beefceea4857
      Size/MD5:  3937310 a78c504597f32fec704c564f1106ad3a
      Size/MD5:   296690 9ba2d52e59d9bcc9b9f2724dc0833156
      Size/MD5:  1644812 7a48f3d762143de42dcdb6f0cb7dcced
      Size/MD5:    95928 b61c16479c65576b9fd668cee8a7d26a
      Size/MD5:   866474 fc1ca6c4b26d37564c3806d472c0abb0
      Size/MD5:  1676648 6dadaddddbb2145d4ff622e626de139b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1385770 322febb5e1330349898befc7289095ae
      Size/MD5:  3627706 7b07bdc1be72ece655afcc3c1ba111f5
      Size/MD5:   296682 39488ae0ce57182bd448fa0908dea7f4
      Size/MD5:  1535066 ca2545b7f99672a4b59554b5b3385bbf
      Size/MD5:    84818 65890a52ee576b41c08ace76bd64fcfe
      Size/MD5:   800550 91c693f5e88327dcb7aaf6567d93528f
      Size/MD5:  1560920 f4dd1bb5c74c2078b51120d1563a88bd

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1460626 f21ea78a68f912cf24d02c346ef62d36
      Size/MD5:  4057048 e60c94957a7e160cc0842406a3774ac2
      Size/MD5:   296724 5e2e1d3c9e8ca49bd49d603db6fc7424
      Size/MD5:  1598754 ef2f217370dfe0d217714058fb3a0531
      Size/MD5:   109022 571393e974eb6e786cdc43ab36ed29cb
      Size/MD5:   853424 348b4c3e23c83cdf908b29a4c61ca3d5
      Size/MD5:  1626130 892a8a736b4001bef4cd0516b838c907

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1405656 71d6a8c5696118f788c4cd199f072438
      Size/MD5:  3719416 3902a32f1e582e1504cf59d3e6aab2aa
      Size/MD5:   297050 37e7ee47f82fcd40a2dd22823f9fad93
      Size/MD5:  1539928 c1961a9c899fa441a1ddc9b01f766e25
      Size/MD5:    87738 a881202872d16940b7b1ce638d4d1721
      Size/MD5:   785332 03740de7581f4587aa5b0237f3ccd94e
      Size/MD5:  1565810 aa63339c5cc70073acde802de7159887

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   819335 9daf915bf45d3593119adabda250735f
      Size/MD5:     2426 42c8ed553a2e4234f3160eee634211df
      Size/MD5:  7995168 cbbc69f99b93172fde667f1241b5d5a4

  Architecture independent packages:
      Size/MD5:   274260 974e91e4096f69c0cd9c41ea0dd02c7a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1511172 9a5ccdcc1aa4229f616c004d03be187c
      Size/MD5:  1702782 f6e29d20907fdad00b5c666ab9940fde
      Size/MD5: 12743850 feab43f821f8700abb1d786c878e7b78
      Size/MD5:  3993802 ede520fcfa841cdf6770855638f3ae89
      Size/MD5:   321932 39c76835f819d16320d8ea3dcedf716e
      Size/MD5:  1666906 82c445f9883d7445a2c82d0068308b3a
      Size/MD5:   107080 c5055fdc988576743ede2ece3ac73cd8
      Size/MD5:   882658 717a3c7dfb963e00862e6947c333305d
      Size/MD5:  1723444 e83849f04b803982f7080e6766a0bc1b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1407328 34c9f1df543a37508d894dfb58e7c3ed
      Size/MD5:  1587360 7aa3a852794a831e221687358bb4d4ec
      Size/MD5: 12384852 c7b14b0b8d1837a6749a14004b837d2e
      Size/MD5:  3676714 cf0826789b841d41dbf979497e70fbc4
      Size/MD5:   321958 69658c293ec068e6bf68baf9ec86a0b3
      Size/MD5:  1557368 23b92f8e12d4d983434f13815259c373
      Size/MD5:    94650 8055f67d59a07d78e0e6fc147e7426f8
      Size/MD5:   817618 e261ac4df5974e4f56b54c4ed6c6973e
      Size/MD5:  1621834 be4b275afcc1ba9b18b61ed12e83482f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1486332 eae5f119a2d55f898e2601dd94f8a0b1
      Size/MD5:  1656438 4bcd35649b2091b3e540edcc1e1921a9
      Size/MD5: 13009888 b90b13eb54dc5e6f90295b4cf8b1242f
      Size/MD5:  4099610 b438639f747db1c71926ce23b50102a6
      Size/MD5:   321958 945bd5ff8f4976f2f7da40f1a90520aa
      Size/MD5:  1625092 2e93090b5bd739b6d2ca99376e559714
      Size/MD5:   120120 0224f8ed1b90e404db7901388aa9506c
      Size/MD5:   868696 604024baa4a05ead98ad7305ae1451a1
      Size/MD5:  1653910 11302dc97e6671e6ab65259610dddf60

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1424824 98b295f9550cde94359cba7cbb65d0d7
      Size/MD5:  1588248 994a0cb6b9badb3c80333eb97ac54386
      Size/MD5: 12373926 03cac4bbad4b7bc2064ec97136862280
      Size/MD5:  3771074 2d554be61882f8a7e2e0642bc7cc3b3f
      Size/MD5:   322288 7f86348190211055e96c696e227e2d0d
      Size/MD5:  1558562 1a0420f9bfa26f1d03257b82c0c4bc74
      Size/MD5:    98132 3d808a3887438d693e1566bfa19ca789
      Size/MD5:   800344 fdb6b583b4e4352ea9779f87ab7d0651
      Size/MD5:  1586088 614bc999d048287c6642b215901724e8

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.