The X windows system is vulnerable to several kind of vulner- abilities that are caused due to insufficient input validation. The bugs range from crashing the X server to executing arbitrary code with the privilges of the X server process. For a successful attack the opponent needs shell access to the vulnerable system (local) or an already established connection to the X server. Thanks to US CERT and iDefense for reporting this vulnerabilities and to the Xorg-Security folks for fixing it. The Fixes are: - CVE-2007-5760: XFree86 Misc extension out of bounds array index - CVE-2007-5958: File existence disclosure - CVE-2007-6427: Xinput extension memory corruption - CVE-2007-6428: TOG-cup extension memory corruption - CVE-2007-6429: MIT-SHM and EVI extensions integer overflows - CVE-2008-0006: PCF Font parser buffer overflow
none
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Linux Enterprise Server | 10.1 | s390x | xorg-x11-xvfb | <Β 6.9.0-50.54.5 | xorg-x11-Xvfb-6.9.0-50.54.5.s390x.rpm |
openSUSE | 10.3 | i586 | xorg-x11-libs | <Β 7.2-103.4 | xorg-x11-libs-7.2-103.4.i586.rpm |
openSUSE | 10.1 | x86_64 | xorg-x11-devel | <Β 6.9.0-50.54.5 | xorg-x11-devel-6.9.0-50.54.5.x86_64.rpm |
openSUSE | 10.2 | ppc | xorg-x11-server | <Β 7.2-30.11 | xorg-x11-server-7.2-30.11.ppc.rpm |
openSUSE | 10.1 | ppc | xorg-x11-devel | <Β 6.9.0-50.54.5 | xorg-x11-devel-6.9.0-50.54.5.ppc.rpm |
openSUSE | 10.1 | x86_64 | xorg-x11-xvfb | <Β 6.9.0-50.54.5 | xorg-x11-Xvfb-6.9.0-50.54.5.x86_64.rpm |
openSUSE | 10.2 | i586 | xorg-x11-server-sdk | <Β 7.2-30.11 | xorg-x11-server-sdk-7.2-30.11.i586.rpm |
openSUSE | 10.3 | i586 | xorg-x11-server-extra | <Β 7.2-143.9 | xorg-x11-server-extra-7.2-143.9.i586.rpm |
openSUSE | 10.3 | i586 | xorg-x11-server | <Β 7.2-143.9 | xorg-x11-server-7.2-143.9.i586.rpm |
openSUSE | 10.2 | x86_64 | xorg-x11-server-sdk | <Β 7.2-30.11 | xorg-x11-server-sdk-7.2-30.11.x86_64.rpm |