X.Org & iDefense have a series of security advisories this week:
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503
Sun is tracking these issues under these bug ids:
6526192 [X.Org Bug #10001] *Xorg* XC-MISC Extension
6538282 [IDEF741] *Xorg* fonts.dir File Parsing Integer Overflow
6538286 [IDEF739] *Xorg* BDF Font Parsing Integer Overflow
6526191 [X.Org Bug #10001] *Xsun* XC-MISC Extension
6538280 [IDEF741] *Xsun* fonts.dir File Parsing Integer Overflow
6538290 [IDEF739] *Xsun* BDF Font Parsing Integer Overflow
6539893 [IDEF739] *freetype* BDF Font Parsing Integer Overflow
6542279 [CVE-2007-1667] Multiple integer overflows in the XGetPixel()
and XInitImage() functions
[None of which you can see on bugs.opensolaris.org since security bugs are
still blocked from display there.]
The community patches for the first 6 will be included in Nevada build 62
when it is released - the last two will be in Nevada build 63.
Solaris Patches for earlier releases will be forthcoming, watch for a
Sun Alert with details on them from our support services team.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
