Linux Security
    Linux Security
    Linux Security

    Debian: New xorg-server packages fix privilege escalation

    Date 09 Sep 2007
    4494
    Posted By LinuxSecurity Advisories
    Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1372-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Moritz Muehlenhoff
    September 9th, 2007                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : xorg-server
    Vulnerability  : buffer overflow
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2007-4730
    
    Aaron Plattner discovered a buffer overflow in the Composite extension
    of the X.org X server, which can lead to local privilege escalation.
    
    The oldstable distribution (sarge) is not affected by this problem.
    
    For the stable distribution (etch) this problem has been fixed in
    version 1.1.1-21etch1.
    
    For the unstable distribution (sid) this problem will be fixed soon.
    
    We recommend that you upgrade your xorg-server packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.dsc
          Size/MD5 checksum:     1989 040b7079792c41cf036ab6c53dc9b4a4
        https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.diff.gz
          Size/MD5 checksum:   623510 e631fd8b61a97e7f86acc8163e66877e
        https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
          Size/MD5 checksum:  8388609 15852049050e49f380f953d8715500b9
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:  1028658 3d80f46705d75293dfdfc660b8c43bc0
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:   136746 c5b34af1931488d30258c4d1e9583590
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:  1762540 663078c6df56758348ae1643ef77f5a8
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:  1960320 d94c2f8cb88bb818ae853d4d711c5560
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:  4453854 5ebd60f215bd68c9efb6cdb053cee5bb
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:   352544 f1dfdbdb4c14ac681148bff5f94a0d93
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_alpha.deb
          Size/MD5 checksum:  1928424 610d3c3ed15d840b94997120d6e63a29
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:   859102 da077a3b9ee01a66b3de1651d932acaf
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:   130182 fbf76362c4261ff534cc8c529d323c08
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:  1472862 696e796f15ca561b6b07256814b13e5f
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:  1654590 995dddb3246c71bfb8bae0018cdd836c
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:  3902396 1a8798118bead94e4b5572852f137569
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:   345012 e1f5e1251d2107812b375c3a13312252
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_amd64.deb
          Size/MD5 checksum:  1624188 6bf3205815c23651eef568640c3cf5ad
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:   853576 dd529d80b55d4562c0c3b066987e08ae
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:   125000 ac5ac4ac699f0cc1ca754016c722b043
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:  1445032 fa50381c5e6a40d082b905b2755735f9
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:  1621736 dc41c8ed286afeabb52e7af6ff83dca9
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:  3777108 1af110b3dff919310791ec415d379066
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:   351798 eb3703d019453582e8bb5ee2443de793
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_arm.deb
          Size/MD5 checksum:  1597628 22bdaf4d92a7e89b6c0906fc8fddf6a7
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:   909394 6b68fbf9ba66a39caa6236f120b490b9
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:   131004 b0a37659a706e06c1915c34b6a827299
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:  1659468 2b7b8c24497dfd6427c5ede94f58a6a5
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:  1851080 ce9e56c1a863a9a562f8909328995adc
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:  4384138 3bdc12e98ad1f384b309a39108d65ea5
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:   345102 0d946eb1724bd7edd92c9a0914872e2e
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_hppa.deb
          Size/MD5 checksum:  1819054 22408df158a6767f615d5ccd170e3a84
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:   807370 f2ad4edec31adf075abe75f10643de7f
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:   121352 c7a7d4de270399449afea857221b7f91
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:  1387858 19cf74099c6676b309b724b8414963f9
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:  1562444 dd469c7c4890339fa0bb43c9301a310f
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:  3653718 6d648db6d7fe48f00f431ee5e86d7c86
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:   345064 b1b629661823fb8730f161c731fc15fc
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_i386.deb
          Size/MD5 checksum:  1537096 4cefefec714244f78a28233bac11e418
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:  1305428 f2ece147ad1b907995838bed86cb6577
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:   161196 c9180372fa91bf36126c1ea0ba7ab4d8
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:  2220142 3948c693f89b3182dd60f040e2d5abf7
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:  2496064 54444a1894c6bc2337b041fe08861bfa
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:  5490490 e5bfa8cff919b6648119e344035bde66
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:   345034 9ff6c816d7e97ed6c5ad0bae1e399c39
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_ia64.deb
          Size/MD5 checksum:  2447228 6859f398dfc87427937c49327e1100d4
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:   861486 9c2f72a576c8dbdba86fc9a77abc053a
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:   134272 11b71d18b8909c78b4020f6107ab271e
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:  1536414 213eb32db439e80c012c8a5d5a40b42b
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:  1714128 cc75575b305b20884cfeb02faf756bb1
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:  3826698 54b6877358b09310f70c4ed4904ad99e
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:   345106 6fd5696caf0762c71259ec214bdc9146
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mips.deb
          Size/MD5 checksum:  1681582 df0a9fcdc80b5885684ec12aea0c683b
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:   861548 35bd5a4bbfcc1c7ddbf582e8d064263f
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:   134468 61b299727ef2918e29971781840e7499
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:  1527816 391158af638344327b186b4ee778d211
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:  1708056 1fc6708d75015836f96bfa8ff1d903c6
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:  3710050 75c0fb7ef3b9a07ea3cca95675d06fa2
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:   345116 805a2ca25c5b57248b3f21412ecd979f
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mipsel.deb
          Size/MD5 checksum:  1673676 6f3ef4a748e1a703bf92c5da8a2631cc
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:   841884 88cafc03c5997e08840f95426408c89d
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:   136524 6aec5091c60835267a90e15a8c895207
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:  1447622 80c31af3c0c4069bde9a97b752c3849d
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:  1611484 6d6b6b0db0c78b64b77e7ec6ad7f05d2
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:  3982304 80dd36c211d5afa6ec9955ed45dadbdb
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:   345112 d2a04f508028e198a9c6340363c3dfbd
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_powerpc.deb
          Size/MD5 checksum:  1586774 d2f352dd71026a0d4e32f8dfab60b851
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:   884036 be073e9c2ffce513729c899debf10cdf
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:   130306 fd6db02b490ea4e52e194c9f302da6ec
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:  1565678 90815bb6a3c3b724e2a12e19f45bde62
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:  1739724 286ebfdff522a7b33442b703324836fa
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:  4131780 4d58bef9651779a82c4422a132c299cd
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:   345040 d101698d0486d09f03f5e459b4b78000
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_s390.deb
          Size/MD5 checksum:  1708700 ea5d1db09bd3e93682c9074fc7dd88a6
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:   778726 b744728a203c9db59fd524402fbc3790
        https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:   119604 47c0eb32e0bccbf494a2c6342c0f3936
        https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:  1391256 37fbe9b2727722e2d2048cb035cff08f
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:  1547784 ca26dfab45daf960b947793f243444fa
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:  3697216 ea5b1e30bd4b77ddb4b75238a694ce62
        https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:   345556 6f66832f1b9f7c41f7d6c4200b4a7329
        https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_sparc.deb
          Size/MD5 checksum:  1523874 c78486f12cf98694ceafd8ec74805699
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.