X11 6.7.0_x86: Xorg patch.
Date this patch was last updated by Sun : Sep/23/08

Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

[Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug.

The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server.
(CVE-2007-6429)

A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006)

A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427)

An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760)

An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428)

An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server.
(CVE-2007-4568, CVE-2007-4990)

A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)

Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.

An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760).

A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958).

A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427).

An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428).

Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429).

The updated packages have been patched to correct these issues.

Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

[Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug.

X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server.
(CVE-2007-6429)

A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427)

An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760)

An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428)

A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)

Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues.

This update fixes various Xserver security issues.

  - File existence disclosure vulnerability. (CVE-2007-5958)

  - XInput Extension Memory Corruption Vulnerability     [IDEF2888 CVE-2007-6427].

  - TOG-CUP Extension Memory Corruption Vulnerability     [IDEF2901 CVE-2007-6428].

  - EVI Extension Integer Overflow Vulnerability [IDEF2902     CVE-2007-6429].

  - MIT-SHM Extension Integer Overflow Vulnerability     [IDEF2904 CVE-2007-6429].

  - XFree86-MISC Extension Invalid Array Index Vulnerability     [IDEF2903 CVE-2007-5760].

  - PCF font parser vulnerability.

This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958).

XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427].

TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428].

EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429].

MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. 

XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. 

PCF font parser vulnerability.

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200801-09 (X.Org X server and Xfont library: Multiple vulnerabilities)

    regenrecht reported multiple vulnerabilities in various X server     extension via iDefense:
    The XFree86-Misc extension does not properly sanitize a parameter     within a PassMessage request, allowing the modification of a function     pointer (CVE-2007-5760).
    Multiple functions in the XInput extension do not properly sanitize     client requests for swapping bytes, leading to corruption of heap     memory (CVE-2007-6427).
    Integer overflow vulnerabilities in the EVI extension and in the     MIT-SHM extension can lead to buffer overflows (CVE-2007-6429).
    The TOG-CUP extension does not sanitize an index value in the     ProcGetReservedColormapEntries() function, leading to arbitrary memory     access (CVE-2007-6428).
    A buffer overflow was discovered in the Xfont library when     processing PCF font files (CVE-2008-0006).
    The X server does not enforce restrictions when a user specifies a     security policy file and attempts to open it (CVE-2007-5958).
  Impact :

    Remote attackers could exploit the vulnerability in the Xfont library     by enticing a user to load a specially crafted PCF font file resulting     in the execution of arbitrary code with the privileges of the user     running the X server, typically root. Local attackers could exploit     this and the vulnerabilities in the X.org extensions to gain elevated     privileges. If the X server allows connections from the network, these     vulnerabilities could be exploited remotely. A local attacker could     determine the existence of arbitrary files by exploiting the last     vulnerability or possibly cause a Denial of Service.
  Workaround :

    Workarounds for some of the vulnerabilities can be found in the X.Org     security advisory as listed under References.

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

We apologize for the inconvenience.

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when attempting to open security policy files.
Local attackers could exploit this to probe for files in directories they would not normally be able to access.
(CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont.

Contains updated fix for MITSHM from ajax.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
23609	Solaris 9 (x86) : 118908-06	Nessus	Solaris Local Security Checks	11/6/2006	1/14/2021	high
43667	CentOS 4 : xorg-x11 (CESA-2008:0030)	Nessus	CentOS Local Security Checks	1/6/2010	1/4/2021	high
37567	Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)	Nessus	Mandriva Local Security Checks	4/23/2009	1/6/2021	high
43668	CentOS 5 : xorg-x11-server (CESA-2008:0031)	Nessus	CentOS Local Security Checks	1/6/2010	1/4/2021	high
41182	SuSE9 Security Update : XFree86-libs (YOU Patch Number 12040)	Nessus	SuSE Local Security Checks	9/24/2009	1/14/2021	high
41183	SuSE9 Security Update : XFree86-Xnest (YOU Patch Number 12043)	Nessus	SuSE Local Security Checks	9/24/2009	1/14/2021	high
30017	openSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)	Nessus	SuSE Local Security Checks	1/18/2008	1/14/2021	high
30019	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)	Nessus	Ubuntu Local Security Checks	1/18/2008	1/19/2021	high
30033	GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/21/2008	1/6/2021	high
30042	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)	Nessus	Ubuntu Local Security Checks	1/21/2008	1/19/2021	high
30073	Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)	Nessus	Fedora Local Security Checks	1/27/2008	1/11/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

high