Bug#485860: xserver-xorg-core: iDefense Security Advisory 06.11.08
Package: xserver-xorg-core
Version: 2:1.1.1-21etch4
Severity: grave
Tags: security
Justification: user security hole
iDefense has reported Xorg security issues:
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062770.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062771.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062772.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062773.html
iDefense Security Advisory 06.11.08: Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062774.html
They all refer to:
X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
I wonder if Debian is affected by these issues.
Thanks,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- Package-specific info:
[Snipped: checks, listings of xorg.conf and Xorg.0.log]
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-pk02.15-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages xserver-xorg-core depends on:
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libfontenc1 1:1.0.2-2 X11 font encoding library
ii libgcc1 1:4.1.1-21 GCC support library
ii libxau6 1:1.0.1-2 X11 authorisation library
ii libxdmcp6 1:1.0.1-2 X11 Display Manager Control Protoc
ii libxfont1 1:1.2.2-2.etch1 X11 font rasterisation library
ii x11-common 1:7.1.0-19 X Window System (X.Org) infrastruc
ii xserver-xorg 1:7.1.0-19 the X.Org X server
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages xserver-xorg-core recommends:
ii xfonts-base 1:1.0.0-4 standard fonts for X
ii xkb-data 0.9-4 X Keyboard Extension (XKB) configu
-- no debconf information
Reply to: