[Technik] [SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities

[Noèl Köthe]

Am Donnerstag, den 17.05.2007, 23:22 +0200 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA 1294-1                    security at debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> May 17th, 2007                          http://www.debian.org/security/faq
> 
> Package        : xfree86
> Vulnerability  : several
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667

xfree86 auf h01, h02, h03, h04 und cupa aktualisiert.

> For the old stable distribution (sarge) these problems have been fixed in
> version 4.3.0.dfsg.1-14sarge4. This update lacks builds for the Sparc

changelog:
xfree86 (4.3.0.dfsg.1-14sarge4) oldstable-security; urgency=high

  * Security upload, fixes several vulnerabilities:
    + CVE-2007-1351, CVE-2007-1352: integer overflows in the BDF font and
      fonts.dir parsing components of libXfont;
    + CVE-2007-1667: integer overflows in the XGetPixel() and XInitImage()
      functions in libX11 (closes: #414046);
    + CVE-2007-1003: integer overflow in the ProcXCMiscGetXIDList() function
      in the XC-MISC extension in the X server.

 -- Julien Cristau <jcristau at debian.org>  Wed,  4 Apr 2007 14:47:14 +0200

(Die DSA E-Mail kam verspätet, weil sie aufgrund der Größe im
Mailinglistenmanager manuell akzeptiert werden musste)

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070615/d9df40e8/attachment.pgp