Lucene search

K
osvGoogleOSV:DSA-1466-2
HistoryJan 21, 2008 - 12:00 a.m.

libxfont xfree86 xorg-server - several vulnerabilities

2008-01-2100:00:00
Google
osv.dev
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.54 Medium

EPSS

Percentile

97.1%

The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM
extension, which prevented the start of a few applications. This update
provides updated packages for the xfree86 version included in Debian
old stable (sarge) in addition to the fixed packages for Debian stable
(etch), which were provided in DSA 1466-2.

For reference the original advisory text below:

Several local vulnerabilities have been discovered in the X.Org X
server. The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2007-5760
    regenrecht discovered that missing input sanitising within
    the XFree86-Misc extension may lead to local privilege escalation.
  • CVE-2007-5958
    It was discovered that error messages of security policy file
    handling may lead to a minor information leak disclosing the
    existence of files otherwise inaccessible to the user.
  • CVE-2007-6427
    regenrecht discovered that missing input sanitising within
    the XInput-Misc extension may lead to local privilege escalation.
  • CVE-2007-6428
    regenrecht discovered that missing input sanitising within
    the TOG-CUP extension may lead to disclosure of memory contents.
  • CVE-2007-6429
    regenrecht discovered that integer overflows in the EVI
    and MIT-SHM extensions may lead to local privilege escalation.
  • CVE-2008-0006
    It was discovered that insufficient validation of PCF fonts could lead
    to local privilege escalation.

For the oldstable distribution (sarge), this problem has been fixed in
version 4.3.0.dfsg.1-14sarge7 of xfree86.

For the stable distribution (etch), this problem has been fixed in
version 1.1.1-21etch3 of xorg-server and 1.2.2-2.etch1 of libxfont.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.4.1~git20080118-1 of xorg-server and version 1:1.3.1-2
of libxfont.

We recommend that you upgrade your X.org/Xfree86 packages.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.54 Medium

EPSS

Percentile

97.1%