-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthieu Herrb wrote: | X.Org security advisory, January 17th, 2008 | Multiple vulnerabilities in the X server | CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, | CVE-2007-6429, CVE-2008-0006 | | Overview | | Several vulnerabilities have been identified in server code of the X | window system caused by lack of proper input validation on user | controlled data in various parts of the software, causing various | kinds of overflows. |
Update: The patch for the MIT-SHM vulnerability (CVE-2007-6429) introduced a regression for applications that allocate pixmaps with a less than 8 bits depth. New patches are available for xserver 1.2 and xserver 1.4: ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff MD5: 8e3f74c2cabddd3d629018924140e413 xorg-xserver-1.2-multiple-overflows-v2.diff[[BR]] SHA1: 38ad95d97e83861c309276a27296787e6d0d1b54 xorg-xserver-1.2-multiple-overflows-v2.diff MD5: ded4bc31104aedada0155514a968b45f xorg-xserver-1.4-multiple-overflows-v2.diff[[BR]] SHA1: af92fd389e72a3bb59d25dbf9cbb06e827b75d7d xorg-xserver-1.4-multiple-overflows-v2.diff - -- Matthieu Herrb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBR5RvIHKGCS6JWssnAQJSnwQA3UMGjwMJRf8fQ9nSuKFuURGmpShKbX1B 5V3e9yGnP22LLrrVO46QpZN7v2Gww1ezM7DhQSsGIdwPJAFxJgLPkIaydaerThtv GsAoeTvITyv0hkNYBEh4+RNXuviz6m5vLIFaIhrx8UiuYwWRFCYDmeRLlsxpmhoM DLSU0ByLlCU= =unHW -----END PGP SIGNATURE----- _______________________________________________ xorg-announce mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xorg-announce
