LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New xorg-server packages fix regression Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1466-2                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 19, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xorg-server, libxfont, xfree86
Vulnerability  : several
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006

The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM
extension, which prevented the start of a few applications. This update
fixes this problem and also references the patch for CVE-2008-0006,
which was included in the previous update, but not mentioned in the
advisory text.

Several local vulnerabilities have been discovered in the X.Org X
server. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-5760

    "regenrecht" discovered that missing input sanitising within
    the XFree86-Misc extension may lead to local privilege escalation.

CVE-2007-5958

    It was discovered that error messages of security policy file
    handling may lead to a minor information leak disclosing the
    existance of files otherwise unaccessible to the user.

CVE-2007-6427

    "regenrecht" discovered that missing input sanitising within
    the XInput-Misc extension may lead to local privilege escalation.

CVE-2007-6428

    "regenrecht" discovered that missing input sanitising within
    the TOG-CUP extension may lead to disclosure of memory contents.

CVE-2007-6429

    "regenrecht" discovered that integer overflows in the EVI
    and MIT-SHM extensions may lead to local privilege escalation.

CVE-2008-0006

   It was discovered that insufficient validation of PCF fonts could lead
   to local privilege escalation.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.4.1~git20080118-1 of xorg-server and version 1:1.3.1-2
of libxfont.

For the stable distribution (etch), this problem has been fixed in
version 1.1.1-21etch3 or xorg-server and 1.2.2-2.etch1 of libxfont.

For the oldstable distribution (etch), this problem has been fixed in
version 4.3.0.dfsg.1-14sarge6 of xfree86.

We recommend that you upgrade your libxfont abd xorg-server packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
    Size/MD5 checksum:  8388609 15852049050e49f380f953d8715500b9
  http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch3.dsc
    Size/MD5 checksum:     1989 119b43cf5228da9ad961872deb2d0c9d
  http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch3.diff.gz
    Size/MD5 checksum:   628625 9c0630bfcbb71de0dfea84e68ac456bb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:  4454468 60f2b9ad7ae4566d510b6c0b50204362
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:   352750 b0e52131018b7285e4c114bfa016e9f9
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:  1763170 dd54b9946db4631ada943eee0364c925
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:  1929118 5ec9778017b27ab173e2251938b61220
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:  1029150 966b29289f512ef793d203ed31262ee4
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:   137042 7e22737acb2aa983b069b814feb7b81e
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_alpha.deb
    Size/MD5 checksum:  1961118 e9f4270dbcf83c911d59352efa2a1908

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:  1653614 d3cda50e7c554cd016993cc841c71d75
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:  1472080 418d9f792aa9adfe914f157a45825222
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:  1622416 3e40f3065f4ba487d1a08e0ccaa065d0
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:   350678 48a83d1eb1a695c9352b6c628713d9b8
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:   133718 f9b35dc0bcce4c2ae91f90cb4f93bb9e
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:  3918472 8431290ddf457274980a211191903024
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_amd64.deb
    Size/MD5 checksum:   859466 ea9b9091c11d6054e56d4f913def0d55

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:   909802 b21c1f8de6dc4807206b39cba0e91220
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:  4384724 4cbae98cae61b969e55ba5c37357f663
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:   131256 033a1de1ae8814a9426837a73f48e583
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:  1851644 be73a338931d6fa4c90303a1b648f399
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:  1819784 a0af7f9fa8e9047f286c88f74120c1f9
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:   345320 8ac5a0dbaa98a5f82ce261d5ca91f767
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_hppa.deb
    Size/MD5 checksum:  1659928 8eada093e360830443db1edebdead01e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:  1563004 69f6360fb08efaad149162ce9a778897
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:  3654526 71dfc82c68f371d2896dca3398bfa5a9
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:  1537800 e09d61914b5ba848fe0c3836096ca047
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:   121584 399cc7a3f9a8f804ab8513b32954ed18
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:   345290 33f9335e9d5ee15e2b75c039e6bee60f
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:   807980 d792de8900e686ac39bde7a3ab2b74fc
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_i386.deb
    Size/MD5 checksum:  1388142 cb3c394b77f895cc988ef371ad6f5631

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:  1306300 3bb166a30d0d069b04c2ebd513b82b97
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:   161446 d26106fc6fe4af224d9b8df24240dc82
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:   345268 ab2bbc074e5a5ffeb6bc6f323960bd0d
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:  2220124 b4f01efed9b68ab50ba7e988e3e71678
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:  2448078 cdd739a53011c833d963516857e296f7
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:  5491246 3e58ff551a8d468572324cc72de4970f
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_ia64.deb
    Size/MD5 checksum:  2496210 dfc8bf018f2feef8489b0f68944ac400

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:  1536954 9d4cab19fe0c9e74aa54bbba89019134
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:  3827444 55bc181d66441e1f3a2060ef1f710336
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:  1682048 287625ffab364f59e9fc6b195e5a77ea
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:   862018 888827ac92b7e3b64be2e282d96c89f8
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:   134500 87ea99dba65c9ce99ae4980fc9f7e46c
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:  1714804 6a6667ff271d4c484504d65605d51bae
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_mips.deb
    Size/MD5 checksum:   345334 85bc6af2bdeb7a23d6e5aecff5d4cc37

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:   345368 7a958b0f22afd9871f6446bba4b3cf51
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:  1708774 33ce39e063c99fffb62a109e893bf931
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:  1674422 963fce8b933bb7f263d316385944251d
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:  1528380 f3d43ecd546e19c29b374a947f913079
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:  3710574 b8e618cd02cd73f1f53d03528c55d4ca
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:   134708 3754fea84213a6a114e0cae629ddc633
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_mipsel.deb
    Size/MD5 checksum:   862086 59564b2d93e31dd1e9fc03f93d9ef714

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:  1448230 1e6faf8eae4917726ea7663f34d220f9
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:  1587198 13581984ebc724c169ffe0b9300d65dc
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:   345356 52752d72eacbeaa1d9d3ec89e4863c86
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:   842324 0ae4dbac3f72004a88110017cf3c5eed
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:  1612102 7120d310a9901aead6849c1a7ca950c1
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:  3983080 f9ea8fa75a5584200a9d3617dc99902b
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_powerpc.deb
    Size/MD5 checksum:   136746 ce9d3866a4f1ae384c76371143c9624d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:   884868 4fb034b61177acb516d4f4096849d9fa
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:   345250 a8bea7bf8c643fadff197f7121d27b06
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:  1566278 bceff0a927797661f5b4a0c755e19475
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:  1709626 9b9344efb4f95676404b39b4613c1841
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:   130492 617803f3b3e9e9854ff850efb834bb37
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:  4132406 36921a15aa88e2c33552425ff7b408e4
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_s390.deb
    Size/MD5 checksum:  1740222 5d39b517eaa72af8e89521a240acbaf9

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:  1548492 6226fe67b76f3b53c1eefeb5ae6d1dd4
  http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:  1524274 84a62d94a293a95a5a8a720a90553f38
  http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:  1391724 8d3951e962c0d9cb4eac8f44f1668d48
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:   119832 d7808d2f3ad69513af621c24a64864a5
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:  3697578 45501c7fc690f8130f2cccd97014a3ca
  http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:   779216 bcceda76a9461e9a6633513c46fd3365
  http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch3_sparc.deb
    Size/MD5 checksum:   345748 2eccbc2e531b57c15fecad72f3ff44ac

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.