Gentoo Bug 206633 - x11-base/xorg-server <1.4.1 multiple vulnerabilities (CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006)

Flags:

Requestee:

Pending

Approved

Assigned_To

()

Filename

Description

Type

Creator

Created

Size

Actions

Create a New Attachment (proposed patch, testcase, etc.)

View All

Bug 206633 depends on:

Show dependency tree

Bug 206633 blocks:

Description:

Opened: 2008-01-19 13:13 0000

Overview

Several vulnerabilities have been identified in server code of the X
window system caused by lack of proper input validation on user
controlled data in various parts of the software, causing various
kinds of overflows.


Impact

Exploiting these overflows will crash the X server or,
under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case
for the Xorg server and for most kdrive based servers), these
vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited succesfully, require either
an already established connection to a running X server (and normally
running X servers are only accepting authenticated connections), or a
shell access with a valid user on the machine where the vulnerable
server is installed.

Solution: update to 1.4.1

------- Comment #1 From Lars Hartmann 2008-01-19 13:18:22 0000 -------

maintainers - please provide an updated ebuild

------- Comment #2 From Jakub Moc (RETIRED) 2008-01-19 14:17:00 0000 -------

Well hum, it's already fixed in the tree.

*** This bug has been marked as a duplicate of bug 204362 ***

Bugzilla Bug 206633

x11-base/xorg-server <1.4.1 multiple vulnerabilities (CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006)

Last modified: 2008-01-19 14:17:00 0000