Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194606

Summary: x11-apps/xfs <1.0.5 Multiple Vulnerabilities (CVE-2007-{4568,4990})
Product: Gentoo Security Reporter: Arttu Valo <arttuv69>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: x11
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27040
Whiteboard: B1? [glsa]
Package list:
Runtime testing required: ---

Description Arttu Valo 2007-10-03 13:38:58 UTC 
"Some vulnerabilities have been reported in the X.Org X11 X Font Server (XFS), which can be exploited by malicious, local users to gain escalated privileges."

Reported to have been fixed in XFS 1.0.5.

http://secunia.com/advisories/27040/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://www.x.org/wiki/Development/Security?highlight=%28xfs%29

Reproducible: Didn't try

Steps to Reproduce:
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-03 22:46:06 UTC 
Thanks Artuu.

x11, please advise.
Comment 2 Donnie Berkholz (RETIRED) gentoo-dev 2007-10-03 23:27:19 UTC 
Yeah, I saw this stuff. Was thinking it might be convenient to just push 
out a single GLSA for xfs, combined with the previous fix to the init 
script. I'll get something in the tree soon.
Comment 3 Donnie Berkholz (RETIRED) gentoo-dev 2007-10-07 10:17:22 UTC 
1.0.5 is in the tree.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-10-07 10:39:08 UTC 
Arches, please test and mark stable.
Targets: "alpha amd64 arm hppa mips ppc ppc64 s390 sh sparc x86"
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-07 16:45:26 UTC 
ppc stable
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2007-10-08 14:25:19 UTC 
x86 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2007-10-08 15:34:23 UTC 
alpha/sparc stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2007-10-08 16:01:02 UTC 
Stable for HPPA.
Comment 9 Steve Dibb (RETIRED) gentoo-dev 2007-10-09 02:05:25 UTC 
amd64 stable
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2007-10-11 08:16:46 UTC 
ppc64 stable
Comment 11 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-11 17:49:09 UTC 
All arches done, please file a GLSA request.
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2007-10-11 20:30:28 UTC 
(In reply to comment #11)
> All arches done, please file a GLSA request.

filed.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-12 21:53:50 UTC 
GLSA 200710-11
Comment 14 Joshua Kinard gentoo-dev 2007-11-20 05:19:29 UTC 
mips stable.
Comment 15 Jakub Moc (RETIRED) gentoo-dev 2007-12-11 13:04:09 UTC 
11:55:52 <+CIA-23> vapier * gentoo-x86/x11-apps/xfs/ (xfs-1.0.5.ebuild xfs-1.0.4-r1.ebuild): 
11:55:52 <+CIA-23> arm/s390/sh stable