-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:164 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xorg-x11 Date : September 14, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740). Updated packages are patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 870f66da912af0a4fad28efb9b88c90e 2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm 0a8ff15caa27d78680f54486c67737e6 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm e66de8e6c72f5b47ea0b56e32d75e46e 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm 4520ffe2166ef729c9b717571a0f858e 2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.i586.rpm 2288439bb004dfc1cbb9b1e1463a8e8a 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm 278c8e53603e73b09877d6939d29d281 2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.i586.rpm 6dd626b751c738c91f5a60fbabe1f3ca 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.i586.rpm a166e90cc89070fb053aec43c96bd9de 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.i586.rpm 46941ea873fd4a47b43e32517671ba8d 2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.i586.rpm 45f99f735dcac5987c0bcf0bcdf86456 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.i586.rpm dd6d86b93bdd5742674cfb3c49260542 2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.i586.rpm f97eb010ee04a03365607e952d0cb3be 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.i586.rpm 103b774cb9a79c0adaf4c5949b9269ca 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.i586.rpm ee5ba6d107047df4552cc06e0e0d9932 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.i586.rpm 4734479179fc2b8df8a9383123cbe43d 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.i586.rpm 5aa7daf002ee73a61d719c318cc7fb0f 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.i586.rpm 399f003f1545c4a6f003f26f197264f6 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.i586.rpm d76d29e580eaea46f06e9031c4678a16 2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 44500ad48fab3741a6cd201e3e0c8e44 x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm 873c4f00872045e369d68b6c6bf0e9f4 x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.10.20060mdk.x86_64.rpm cf34abe58bce0f1cb39d279c1825f28d x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.10.20060mdk.x86_64.rpm 870f66da912af0a4fad28efb9b88c90e x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.10.20060mdk.i586.rpm 0a8ff15caa27d78680f54486c67737e6 x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.10.20060mdk.i586.rpm e66de8e6c72f5b47ea0b56e32d75e46e x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.10.20060mdk.i586.rpm ea646502e846d806b676425d73489bc6 x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.10.20060mdk.x86_64.rpm bb96282af5687aec3e671c5c6b715162 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm 9554339037de4d0ca8decaf3030b94c1 x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.10.20060mdk.x86_64.rpm e03bf5aaffd4ff3d918226069404c88c x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mdk.x86_64.rpm 9cb232babce28cf0a9c9dbc3542c632a x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mdk.x86_64.rpm 56ec5996265c951aee954105c3227809 x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.10.20060mdk.x86_64.rpm 900e0f2251e6c81afcc37a2c585720d7 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.10.20060mdk.x86_64.rpm e0f617bd52b0d50aa78a8b70316922cf x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.10.20060mdk.x86_64.rpm e6610f07a1424051b95059afe5beb385 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.10.20060mdk.x86_64.rpm 05bfc5d4703ca7f181cf7b57c4569e4a x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.10.20060mdk.x86_64.rpm 169612fa75a90697f98372aa87185cb7 x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.10.20060mdk.x86_64.rpm 51cda78610735e801d8b5d53043b831f x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.10.20060mdk.x86_64.rpm 1b8416070f1ef2d307e5d00a3af8773b x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.10.20060mdk.x86_64.rpm 6c9314505699669efb32190a5f7c76f0 x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.10.20060mdk.x86_64.rpm d76d29e580eaea46f06e9031c4678a16 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.10.20060mdk.src.rpm Corporate 3.0: aca392ef1cba20ee479740f6b0f89b0e corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm c329ed9ddb46c518de8cbf5106856e9d corporate/3.0/RPMS/libxfree86-devel-4.3-32.8.C30mdk.i586.rpm afdd3d25a20100d4017836024a779a80 corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.8.C30mdk.i586.rpm 2932393ed9723b87a36d0ead89a40f93 corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.i586.rpm b414fa6a159e692e4b8e2e971b15f637 corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.i586.rpm ac3e76f867137470151c1d5ec2c10eb4 corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.i586.rpm 361e8fb0f2ac0df06b445c8628058059 corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.i586.rpm 17850cde32471176216776f98a5bb64d corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.i586.rpm 87044502c0610247d325a1fd5045a167 corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.i586.rpm 7f783680a13c9df80bb002fa464ee4bf corporate/3.0/RPMS/XFree86-glide-module-4.3-32.8.C30mdk.i586.rpm d4c6ad726d8c8da11c20eb87e426d3ee corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.i586.rpm 97a8e6f430cd09eb421b236063043118 corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.i586.rpm d79bcae17843c8f5a2338111f3e877b7 corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.i586.rpm a196843c331826c4ac34fba5608decdb corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.i586.rpm 68d29cd668b3781e1bbd5c4bc11f7ed1 corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm Corporate 3.0/X86_64: 089b47176efe8d4464e238dd132930c4 x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.8.C30mdk.x86_64.rpm 6798c3411909923b51f5004fa6560662 x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.8.C30mdk.x86_64.rpm 645cbe061d51046a3bd60cdf36e9b960 x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.8.C30mdk.x86_64.rpm aca392ef1cba20ee479740f6b0f89b0e x86_64/corporate/3.0/RPMS/libxfree86-4.3-32.8.C30mdk.i586.rpm 6c028e2f95e7009268e1eaf8bf927d18 x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.8.C30mdk.x86_64.rpm 18af4e6eb23e8639110590a0c6515a8f x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm 3c429b80b2ccd9d7bffa87523f24413f x86_64/corporate/3.0/RPMS/XFree86-4.3-32.8.C30mdk.x86_64.rpm 561109df5169fa01e8b7f9577f0f35d3 x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.8.C30mdk.x86_64.rpm dd3f5aa1245db2d2e2ff95922c7fbf61 x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.8.C30mdk.x86_64.rpm f782bfb68f950892795a513128b3f4d5 x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.8.C30mdk.x86_64.rpm 9e44ebf57f4cb3a7daddf1ea5b811210 x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.8.C30mdk.x86_64.rpm cfd13b82f1e179ff55750984f1a2df44 x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.8.C30mdk.x86_64.rpm b0720a8b494fc145096783bcdf1a5e54 x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.8.C30mdk.x86_64.rpm b3f4c24c5cc395962a0bfa7a6c9dba3c x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.8.C30mdk.x86_64.rpm 68d29cd668b3781e1bbd5c4bc11f7ed1 x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.8.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFCTNrmqjQ0CJFipgRAsOMAJ4l5VDVJY4LFiyDcWoYKDxdbMMZ2wCeNaH2 NcnjdxHtJ1QT0mc7yT8ClYU= =JKZ2 -----END PGP SIGNATURE-----