[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#485860: xserver-xorg-core: iDefense Security Advisory 06.11.08

Package: xserver-xorg-core
Version: 2:1.1.1-21etch4
Severity: grave
Tags: security
Justification: user security hole

iDefense has reported Xorg security issues:

iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062770.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062771.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062772.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062773.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062774.html

They all refer to:

X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

I wonder if Debian is affected by these issues.

Thanks,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- Package-specific info:
[Snipped: checks, listings of xorg.conf and Xorg.0.log]

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-pk02.15-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages xserver-xorg-core depends on:
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libfontenc1            1:1.0.2-2         X11 font encoding library
ii  libgcc1                1:4.1.1-21        GCC support library
ii  libxau6                1:1.0.1-2         X11 authorisation library
ii  libxdmcp6              1:1.0.1-2         X11 Display Manager Control Protoc
ii  libxfont1              1:1.2.2-2.etch1   X11 font rasterisation library
ii  x11-common             1:7.1.0-19        X Window System (X.Org) infrastruc
ii  xserver-xorg           1:7.1.0-19        the X.Org X server
ii  zlib1g                 1:1.2.3-13        compression library - runtime

Versions of packages xserver-xorg-core recommends:
ii  xfonts-base                   1:1.0.0-4  standard fonts for X
ii  xkb-data                      0.9-4      X Keyboard Extension (XKB) configu

-- no debconf information
Reply to: