Severity: High Title: X.Org X server and Xfont library: Multiple vulnerabilities Date: January 20, 2008 Updated: March 05, 2008 Bugs: #204362, #208343 ID: 200801-09:03
The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths.
All users of the X.Org X server package should upgrade to x11-base/xorg-server-1.3.0.0-r5.
The corrected sections appear below.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-server < 1.3.0.0-r5 >= 1.3.0.0-r5 2 x11-libs/libXfont < 1.3.1-r1 >= 1.3.1-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. -------------------------------------------------------------------
Resolution ==========
All X.Org X server users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License =======
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.