xorg-server - several vulnerabilities

Several local vulnerabilities have been discovered in the X Window system.
The Common Vulnerabilities and Exposures project identifies the following
problems:

• CVE-2008-1377
  Lack of validation of the parameters of the
  SProcSecurityGenerateAuthorization and SProcRecordCreateContext
  functions makes it possible for a specially crafted request to trigger
  the swapping of bytes outside the parameter of these requests, causing
  memory corruption.
• CVE-2008-1379
  An integer overflow in the validation of the parameters of the
  ShmPutImage() request makes it possible to trigger the copy of
  arbitrary server memory to a pixmap that can subsequently be read by
  the client, to read arbitrary parts of the X server memory space.
• CVE-2008-2360
  An integer overflow may occur in the computation of the size of the
  glyph to be allocated by the AllocateGlyph() function which will cause
  less memory to be allocated than expected, leading to later heap
  overflow.
• CVE-2008-2361
  An integer overflow may occur in the computation of the size of the
  glyph to be allocated by the ProcRenderCreateCursor() function which
  will cause less memory to be allocated than expected, leading later
  to dereferencing un-mapped memory, causing a crash of the X server.
• CVE-2008-2362
  Integer overflows can also occur in the code validating the parameters
  for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient
  and SProcRenderCreateConicalGradient functions, leading to memory
  corruption by swapping bytes outside of the intended request
  parameters.

For the stable distribution (etch), these problems have been fixed in version
2:1.1.1-21etch5.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.4.1~git20080517-2.

We recommend that you upgrade your xorg-server package.