194606 – x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})

Bug 194606 - x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})

Summary: x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/27040
Whiteboard:	B1? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-10-03 13:38 UTC by Arttu Valo
Modified:	2007-12-11 13:04 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arttu Valo 2007-10-03 13:38:58 UTC

"Some vulnerabilities have been reported in the X.Org X11 X Font Server (XFS), which can be exploited by malicious, local users to gain escalated privileges."

Reported to have been fixed in XFS 1.0.5.

http://secunia.com/advisories/27040/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://www.x.org/wiki/Development/Security?highlight=%28xfs%29

Reproducible: Didn't try

Steps to Reproduce:

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-10-03 22:46:06 UTC

Thanks Artuu.

x11, please advise.

Comment 2 Donnie Berkholz (RETIRED) gentoo-dev

2007-10-03 23:27:19 UTC

Yeah, I saw this stuff. Was thinking it might be convenient to just push 
out a single GLSA for xfs, combined with the previous fix to the init 
script. I'll get something in the tree soon.

Comment 3 Donnie Berkholz (RETIRED) gentoo-dev

2007-10-07 10:17:22 UTC

1.0.5 is in the tree.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2007-10-07 10:39:08 UTC

Arches, please test and mark stable.
Targets: "alpha amd64 arm hppa mips ppc ppc64 s390 sh sparc x86"

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-07 16:45:26 UTC

ppc stable

Comment 6 Christian Faulhammer (RETIRED) gentoo-dev

2007-10-08 14:25:19 UTC

x86 stable

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2007-10-08 15:34:23 UTC

alpha/sparc stable

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2007-10-08 16:01:02 UTC

Stable for HPPA.

Comment 9 Steve Dibb (RETIRED) gentoo-dev

2007-10-09 02:05:25 UTC

amd64 stable

Comment 10 Markus Rothe (RETIRED) gentoo-dev

2007-10-11 08:16:46 UTC

ppc64 stable

Comment 11 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-11 17:49:09 UTC

All arches done, please file a GLSA request.

Comment 12 Robert Buchholz (RETIRED) gentoo-dev

2007-10-11 20:30:28 UTC

(In reply to comment #11)
> All arches done, please file a GLSA request.

filed.

Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-12 21:53:50 UTC

GLSA 200710-11

Comment 14 Joshua Kinard gentoo-dev

2007-11-20 05:19:29 UTC

mips stable.

Comment 15 Jakub Moc (RETIRED) gentoo-dev

2007-12-11 13:04:09 UTC

11:55:52 <+CIA-23> vapier * gentoo-x86/x11-apps/xfs/ (xfs-1.0.5.ebuild xfs-1.0.4-r1.ebuild): 
11:55:52 <+CIA-23> arm/s390/sh stable