Multiple vulnerabilities in X.Org

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Multiple vulnerabilities in X.Org

Marc Balmer
Multiple vulnerabilities have been discovered in X.Org:

- XC-MISC CVE-2007-1003

  XC-MISC Extension ProcXCMiscGetXIDList Memory Corruption
  Vulnerability

This vulnerability was discovered by Sean Larsson, iDefense Labs.


- bdf CVE-2007-1351

   BDFFont Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.

- fontdir CVE-2007-1352

fonts.dir File Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.


- libX11 CVE-2007-1667

Multiple integer overflows in the XGetPixel() and XInitImage functions
in ImUtil.c


These vulnerabilities have been fixed in the OpenBSD CVS repository
in the -current and -stable branches.  The -current snapshots of X11
contain these fixes as well.

It is recommended that users of X11 on OpenBSD update their X11
installation using cvs or manually apply the source code patches listed
below.

A source code patch for OpenBSD 4.0-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/011_xorg.patch.

A source code patch for OpenBSD 3.9-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/021_xorg.patch.