[Technik] [SECURITY] [DSA 1466-2] New xorg-server packages fix regression

Noèl Köthe noel at debian.org
Sun Jan 20 22:40:14 CET 2008 

Am Samstag, den 19.01.2008, 14:10 +0100 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA-1466-2                  security at debian.org
> http://www.debian.org/security/                       Moritz Muehlenhoff
> January 19, 2008                      http://www.debian.org/security/faq
> 
> Package        : xorg-server, libxfont, xfree86
> Vulnerability  : several
> Problem type   : local
> Debian-specific: no
> CVE Id(s)      : CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006

libxfont/xfree auf h01, h02, h03. h04, h51 und cupa aktualisiert.

> For the stable distribution (etch), this problem has been fixed in
> version 1.1.1-21etch3 or xorg-server and 1.2.2-2.etch1 of libxfont.

changelog:
libxfont (1:1.2.2-2.etch1) stable-security; urgency=high

  * Security update
  * Fix a buffer overflow in the PCF font handler (fd.o bug#13526).

 -- Julien Cristau <jcristau at debian.org>  Tue, 08 Jan 2008 12:03:42 +0100

> For the oldstable distribution (etch), this problem has been fixed in
> version 4.3.0.dfsg.1-14sarge6 of xfree86.

changelog(cupa):
xfree86 (4.3.0.dfsg.1-14sarge6) oldstable-security; urgency=high

  * Security update, fixes the following vulnerabilities:
    + CVE-2007-6427: XInput Extension Memory Corruption (fd.o bug#13522)
    + CVE-2007-6428: TOG-CUP Extension Memory Corruption (fd.o bug#13523)
    + CVE-2007-6429: EVI Extension Integer Overflow (fd.o bug#13519),
                     MIT-SHM Extension Integer Overflow (fd.o bug#13520)
    + CVE-2007-5760: XFree86-Misc Extension Invalid Array Index (fd.o bug#13524)
    + CVE-2008-0006: PCF font parser buffer overflow (fd.o bug#13526)
    + CVE-2007-5958: file existence disclosure (fd.o bug#13706)

 -- Julien Cristau <jcristau at debian.org>  Fri, 11 Jan 2008 13:59:33 +0100

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080120/056c3a4e/attachment.pgp

More information about the Technik mailing list