LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

xorg-server: multiple vulnerabilities

Package(s):xorg-server CVE #(s):CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362
Created:June 12, 2008 Updated:September 26, 2008
Description: From the Debian alert:

CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption.

CVE-2008-1379 An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space.

CVE-2008-2360 An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow.

CVE-2008-2361 An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server.

CVE-2008-2362 Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.

Alerts:
Mandriva MDVSA-2008:179 2008-08-21
Slackware SSA:2008-183-01 2008-07-02
CentOS CESA-2008:0504 2008-06-26
rPath rPSA-2008-0201-1 2008-06-21
rPath rPSA-2008-0200-1 2008-06-20
Gentoo 200806-07 2008-06-19
Mandriva MDVSA-2008:116 2007-06-16
Mandriva MDVSA-2008:115 2008-06-16
Fedora FEDORA-2008-5254 2008-06-14
Fedora FEDORA-2008-5279 2008-06-14
CentOS CESA-2008:0503 2008-06-14
Ubuntu USN-616-1 2008-06-13
SuSE SUSE-SA:2008:027 2008-06-13
Fedora FEDORA-2008-5285 2008-06-12
CentOS CESA-2008:0512 2008-06-13
Red Hat RHSA-2008:0504-01 2008-06-11
Red Hat RHSA-2008:0503-01 2008-06-11
Red Hat RHSA-2008:0512-01 2008-06-11
Red Hat RHSA-2008:0502-01 2008-06-11
CentOS CESA-2008:0502 2008-06-12
Debian DSA-1595-1 2008-06-11
SuSE SUSE-SR:2008:019 2008-09-26
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds