spurious.biz::> IT Department ::> News ::> News-flash 86 close print view

 News-flash 86 

2004-02-23: xfree86 security fixes

xfree86 (4.1.0-16woody3) stable-security; urgency=high * Security update release. Resolves the following issues: + CAN-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084. + CAN-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083. + CAN-2004-0106: Miscellaneous additional flaws in XFree86's handling of font files. * Fix multiple buffer overflows and insufficiently rigorous input validation in the X11R6 fontfile library. (Closes: #232378) - debian/patches/075_SECURITY_libfontfile_vulnerabilities.diff -- Branden Robinson Sat, 14 Feb 2004 13:44:41 -0500 xfree86 (4.1.0-16woody2) stable-security; urgency=high * Security update release. Resolves the following issues: + CAN-2003-0690: xdm does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. + CAN-2004-0093, CAN-2003-0094: Denial-of-service attacks against the X server by clients using the GLX extension and Direct Rendering Infrastructure are possible due to unchecked client data (out-of-bounds array indexes [CAN-2004-0093] and integer signedness errors [CAN-2004-0094]). * Patch xdm to call pam_strerror(), log the returned error, and exit the StartClient() function with a zero exit status (failure) if pam_setcred() returns a value other than PAM_SUCCESS. - debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff * Add validation for the screen number parameter received over the wire by the X server's DRI extension code, and fix some similar checks in the GLX code. This fixes X server segfaults when an invalid screen value is provided (#A.1434, Felix K├╝hling). - debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff -- Branden Robinson Thu, 22 Jan 2004 20:07:06 -0500

Duration: none Priority: critical Problem type: unknown Affected host(s): bikr,darourat

Back to News

25 May 2024, 06:23:31
© 2002-2022 spurious.biz