Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Ubuntu alert USN-571-2 (xorg-server)
| From: | Kees Cook <kees@ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-571-2] X.org regression | |
| Date: | Fri, 18 Jan 2008 23:33:40 -0800 | |
| Message-ID: | <20080119073340.GI13993@outflux.net> | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-571-2 January 19, 2008 xorg-server regression https://launchpad.net/bugs/183969 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: xserver-xorg-core 1:1.0.2-0ubuntu10.10 Ubuntu 6.10: xserver-xorg-core 1:1.1.1-0ubuntu12.5 Ubuntu 7.04: xserver-xorg-core 2:1.2.0-3ubuntu8.3 Ubuntu 7.10: xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.3 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 36728 c261109447714cba74712651b53bdbd1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1806 dc7cc2874ade7da9169691bb91c5edc8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 7966941 f44f0f07136791ed7a4028bd0dd5eae3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1415044 c0a72a91c6eda2d22936d4d149060c53 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 4049278 7759626a4f675b4d5392ca3a7663a107 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 295262 0ec4c6649462103b07f3f0c8d84ce12c http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1565834 c773721faf85d4c1c646304f88f4d963 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 50612 d4df8a3dc9c3872ccb6fb52a166c3f9a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 849490 54ee357cf67323d543a7013f262e44bb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1242618 9fd49606b4947207ddd4309d55bfaeeb http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3532676 dbeb88e8f6f9b90c73a626fd0096b514 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 295264 3184777b506ff0a5730c62900a97772a http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1383684 a876060427cb696f6da945ae9c591c4a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 43132 d6ad2a9d465f34deac1007f2a2015e01 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 749644 4f0324c95ac9c4d8152637b045cf13ff powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1369398 d974dca890909d7cba860c90e431b407 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 4076008 b4bf851c2bc2c44008956c907997fe66 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 295280 da7cd9250cdf9b9c9c42f51f4016e393 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1507572 896dcfcb2c499a596b14c6c006957ae0 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 55802 c033f095455f9b8a0f5c6f0b1fd5771b http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 826040 bd347d419664823cc50f94361336795a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1314540 6d67012961db3539c72f17fed1392711 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3790072 cb3b5fdb78b936e31b97e8c8e279e6db http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 295666 53526ac7d8dc5825513b959e52d017c0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1446704 2d0ff0d1be6ddb23eb83691b5b4eaa1b http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 44540 2e7ae1f9d036384bd4a1112166958635 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 759358 00173ba83b31df6447c6007f9c433ad3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 96873 eaf7d707e5897f05328272fe33382a8c http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 2020 87a39ba14db28920c02d29b7a43f50e2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 8388609 15852049050e49f380f953d8715500b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1427686 32f67610a61fd8195640a0d5f5fbb0f5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3918584 4ed2babdf3e82b1742db20d847fd1930 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 298024 6bf3db0effe0262dfdc533af27752b25 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1579962 4a8e48d846b68405e608bd15d8fe9107 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 58012 9b828a8eac19052aadfbd348958097b7 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 814094 e7d320d9b6ea567c926bfaf94e7a183f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1608774 e82e6e90b23971d31da5325e5bd9f02a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1327942 c277240f1c03c9eb49198cee06985e86 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3563170 5bb1443dd817735c1c690a07ef086716 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 298044 de013bef34d9d5b5cdfab3fbb97b7fa3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1475818 8b2685f1090ca4610007a09b52f91367 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 51236 02a7da3ec510265f21d1abba7cd4d600 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 752096 a1b27f7a81c750325bd715837103248d http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1499558 991607e20c6da6f40dee995fedb05387 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1402642 4966494d6c941b1c4938ac9e29089721 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3984614 61298d5401a90f4166a18954907bbd02 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 298062 8426d951907c373d2f980606a3ea10cb http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1542060 1c9072daad4e71a4fd5d85a61d772aa2 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 64040 664429807be094a8488e30803959a491 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 798426 e1ab1ef849253b755408a83600662be8 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1566822 6c705936fa66907ff993e21e4dfdff63 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1345214 316b3b7a2b053974fadaeef264a1fdbe http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3697410 5082b277500840285d8f8fd77d357adc http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 298408 b53eff32d4468b10f72e6168db3797ac http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1478686 537a8ba8a499b4793e9210096d7e6918 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 50928 b76fb921beedaf1c15793d7e0495d057 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 734624 bc9713327eb4acb8dce9e318f1603388 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1501038 8cc8f95f9860191e40d744296b1310db Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 461716 efc88772ceede675d2d1ec779cba8b2b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 2117 b6e64d5792b86281d94d62d7c4f7b6a4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 8106829 8cc04a469a7d3911441ac9028c13bcb6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1490046 f8e9df51c645c18bf406beefceea4857 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3937310 a78c504597f32fec704c564f1106ad3a http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 296690 9ba2d52e59d9bcc9b9f2724dc0833156 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1644812 7a48f3d762143de42dcdb6f0cb7dcced http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 95928 b61c16479c65576b9fd668cee8a7d26a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 866474 fc1ca6c4b26d37564c3806d472c0abb0 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1676648 6dadaddddbb2145d4ff622e626de139b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1385770 322febb5e1330349898befc7289095ae http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3627706 7b07bdc1be72ece655afcc3c1ba111f5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 296682 39488ae0ce57182bd448fa0908dea7f4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1535066 ca2545b7f99672a4b59554b5b3385bbf http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 84818 65890a52ee576b41c08ace76bd64fcfe http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 800550 91c693f5e88327dcb7aaf6567d93528f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1560920 f4dd1bb5c74c2078b51120d1563a88bd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1460626 f21ea78a68f912cf24d02c346ef62d36 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 4057048 e60c94957a7e160cc0842406a3774ac2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 296724 5e2e1d3c9e8ca49bd49d603db6fc7424 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1598754 ef2f217370dfe0d217714058fb3a0531 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 109022 571393e974eb6e786cdc43ab36ed29cb http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 853424 348b4c3e23c83cdf908b29a4c61ca3d5 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1626130 892a8a736b4001bef4cd0516b838c907 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1405656 71d6a8c5696118f788c4cd199f072438 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3719416 3902a32f1e582e1504cf59d3e6aab2aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 297050 37e7ee47f82fcd40a2dd22823f9fad93 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1539928 c1961a9c899fa441a1ddc9b01f766e25 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 87738 a881202872d16940b7b1ce638d4d1721 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 785332 03740de7581f4587aa5b0237f3ccd94e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1565810 aa63339c5cc70073acde802de7159887 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 819335 9daf915bf45d3593119adabda250735f http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 2426 42c8ed553a2e4234f3160eee634211df http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 7995168 cbbc69f99b93172fde667f1241b5d5a4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 274260 974e91e4096f69c0cd9c41ea0dd02c7a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1511172 9a5ccdcc1aa4229f616c004d03be187c http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1702782 f6e29d20907fdad00b5c666ab9940fde http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 12743850 feab43f821f8700abb1d786c878e7b78 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3993802 ede520fcfa841cdf6770855638f3ae89 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 321932 39c76835f819d16320d8ea3dcedf716e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1666906 82c445f9883d7445a2c82d0068308b3a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 107080 c5055fdc988576743ede2ece3ac73cd8 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 882658 717a3c7dfb963e00862e6947c333305d http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1723444 e83849f04b803982f7080e6766a0bc1b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1407328 34c9f1df543a37508d894dfb58e7c3ed http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1587360 7aa3a852794a831e221687358bb4d4ec http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 12384852 c7b14b0b8d1837a6749a14004b837d2e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3676714 cf0826789b841d41dbf979497e70fbc4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 321958 69658c293ec068e6bf68baf9ec86a0b3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1557368 23b92f8e12d4d983434f13815259c373 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 94650 8055f67d59a07d78e0e6fc147e7426f8 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 817618 e261ac4df5974e4f56b54c4ed6c6973e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1621834 be4b275afcc1ba9b18b61ed12e83482f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1486332 eae5f119a2d55f898e2601dd94f8a0b1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1656438 4bcd35649b2091b3e540edcc1e1921a9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 13009888 b90b13eb54dc5e6f90295b4cf8b1242f http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 4099610 b438639f747db1c71926ce23b50102a6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 321958 945bd5ff8f4976f2f7da40f1a90520aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1625092 2e93090b5bd739b6d2ca99376e559714 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 120120 0224f8ed1b90e404db7901388aa9506c http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 868696 604024baa4a05ead98ad7305ae1451a1 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1653910 11302dc97e6671e6ab65259610dddf60 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1424824 98b295f9550cde94359cba7cbb65d0d7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1588248 994a0cb6b9badb3c80333eb97ac54386 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 12373926 03cac4bbad4b7bc2064ec97136862280 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 3771074 2d554be61882f8a7e2e0642bc7cc3b3f http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 322288 7f86348190211055e96c696e227e2d0d http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server... Size/MD5: 1558562 1a0420f9bfa26f1d03257b82c0c4bc74 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 98132 3d808a3887438d693e1566bfa19ca789 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 800344 fdb6b583b4e4352ea9779f87ab7d0651 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-se... Size/MD5: 1586088 614bc999d048287c6642b215901724e8 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
(Log in to post comments)