Gentoo Bug 194606 - x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})

First Last Prev Next No search results available Search page Enter new bug

Bug#:	194606
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Arttu Valo <arttuv69@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 194606 depends on:			Show dependency tree
Bug 194606 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-10-03 13:38 0000

"Some vulnerabilities have been reported in the X.Org X11 X Font Server (XFS),
which can be exploited by malicious, local users to gain escalated privileges."

Reported to have been fixed in XFS 1.0.5.

http://secunia.com/advisories/27040/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://www.x.org/wiki/Development/Security?highlight=%28xfs%29

Reproducible: Didn't try

Steps to Reproduce:

------- Comment #1 From Robert Buchholz 2007-10-03 22:46:06 0000 -------

Thanks Artuu.

x11, please advise.

------- Comment #2 From Donnie Berkholz 2007-10-03 23:27:19 0000 -------

Yeah, I saw this stuff. Was thinking it might be convenient to just push 
out a single GLSA for xfs, combined with the previous fix to the init 
script. I'll get something in the tree soon.

------- Comment #3 From Donnie Berkholz 2007-10-07 10:17:22 0000 -------

1.0.5 is in the tree.

------- Comment #4 From Robert Buchholz 2007-10-07 10:39:08 0000 -------

Arches, please test and mark stable.
Targets: "alpha amd64 arm hppa mips ppc ppc64 s390 sh sparc x86"

------- Comment #5 From Tobias Scherbaum 2007-10-07 16:45:26 0000 -------

ppc stable

------- Comment #6 From Christian Faulhammer 2007-10-08 14:25:19 0000 -------

x86 stable

------- Comment #7 From Raúl Porcel 2007-10-08 15:34:23 0000 -------

alpha/sparc stable

------- Comment #8 From Jeroen Roovers 2007-10-08 16:01:02 0000 -------

Stable for HPPA.

------- Comment #9 From Steve Dibb 2007-10-09 02:05:25 0000 -------

amd64 stable

------- Comment #10 From Markus Rothe 2007-10-11 08:16:46 0000 -------

ppc64 stable

------- Comment #11 From Tobias Heinlein 2007-10-11 17:49:09 0000 -------

All arches done, please file a GLSA request.

------- Comment #12 From Robert Buchholz 2007-10-11 20:30:28 0000 -------

(In reply to comment #11)
> All arches done, please file a GLSA request.

filed.

------- Comment #13 From Pierre-Yves Rofes 2007-10-12 21:53:50 0000 -------

GLSA 200710-11

------- Comment #14 From Joshua Kinard 2007-11-20 05:19:29 0000 -------

mips stable.

------- Comment #15 From Jakub Moc (RETIRED) 2007-12-11 13:04:09 0000 -------

11:55:52 <+CIA-23> vapier * gentoo-x86/x11-apps/xfs/ (xfs-1.0.5.ebuild
xfs-1.0.4-r1.ebuild): 
11:55:52 <+CIA-23> arm/s390/sh stable

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 194606

x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})

Last modified: 2007-12-11 13:04:09 0000