Linux Security
Linux Security
Linux Security

Debian: New xorg-server packages fix privilege escalation

Date 09 Sep 2007
4529
Posted By LinuxSecurity Advisories
Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1372-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                         Moritz Muehlenhoff
September 9th, 2007                     https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xorg-server
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-4730

Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation.

The oldstable distribution (sarge) is not affected by this problem.

For the stable distribution (etch) this problem has been fixed in
version 1.1.1-21etch1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xorg-server packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.dsc
      Size/MD5 checksum:     1989 040b7079792c41cf036ab6c53dc9b4a4
    https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.diff.gz
      Size/MD5 checksum:   623510 e631fd8b61a97e7f86acc8163e66877e
    https://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
      Size/MD5 checksum:  8388609 15852049050e49f380f953d8715500b9

  Alpha architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1028658 3d80f46705d75293dfdfc660b8c43bc0
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:   136746 c5b34af1931488d30258c4d1e9583590
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1762540 663078c6df56758348ae1643ef77f5a8
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1960320 d94c2f8cb88bb818ae853d4d711c5560
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  4453854 5ebd60f215bd68c9efb6cdb053cee5bb
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:   352544 f1dfdbdb4c14ac681148bff5f94a0d93
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_alpha.deb
      Size/MD5 checksum:  1928424 610d3c3ed15d840b94997120d6e63a29

  AMD64 architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   859102 da077a3b9ee01a66b3de1651d932acaf
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   130182 fbf76362c4261ff534cc8c529d323c08
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1472862 696e796f15ca561b6b07256814b13e5f
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1654590 995dddb3246c71bfb8bae0018cdd836c
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  3902396 1a8798118bead94e4b5572852f137569
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:   345012 e1f5e1251d2107812b375c3a13312252
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_amd64.deb
      Size/MD5 checksum:  1624188 6bf3205815c23651eef568640c3cf5ad

  ARM architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   853576 dd529d80b55d4562c0c3b066987e08ae
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   125000 ac5ac4ac699f0cc1ca754016c722b043
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1445032 fa50381c5e6a40d082b905b2755735f9
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1621736 dc41c8ed286afeabb52e7af6ff83dca9
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  3777108 1af110b3dff919310791ec415d379066
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:   351798 eb3703d019453582e8bb5ee2443de793
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_arm.deb
      Size/MD5 checksum:  1597628 22bdaf4d92a7e89b6c0906fc8fddf6a7

  HP Precision architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   909394 6b68fbf9ba66a39caa6236f120b490b9
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   131004 b0a37659a706e06c1915c34b6a827299
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1659468 2b7b8c24497dfd6427c5ede94f58a6a5
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1851080 ce9e56c1a863a9a562f8909328995adc
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  4384138 3bdc12e98ad1f384b309a39108d65ea5
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:   345102 0d946eb1724bd7edd92c9a0914872e2e
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_hppa.deb
      Size/MD5 checksum:  1819054 22408df158a6767f615d5ccd170e3a84

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   807370 f2ad4edec31adf075abe75f10643de7f
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   121352 c7a7d4de270399449afea857221b7f91
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1387858 19cf74099c6676b309b724b8414963f9
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1562444 dd469c7c4890339fa0bb43c9301a310f
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  3653718 6d648db6d7fe48f00f431ee5e86d7c86
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:   345064 b1b629661823fb8730f161c731fc15fc
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_i386.deb
      Size/MD5 checksum:  1537096 4cefefec714244f78a28233bac11e418

  Intel IA-64 architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  1305428 f2ece147ad1b907995838bed86cb6577
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:   161196 c9180372fa91bf36126c1ea0ba7ab4d8
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2220142 3948c693f89b3182dd60f040e2d5abf7
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2496064 54444a1894c6bc2337b041fe08861bfa
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  5490490 e5bfa8cff919b6648119e344035bde66
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:   345034 9ff6c816d7e97ed6c5ad0bae1e399c39
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_ia64.deb
      Size/MD5 checksum:  2447228 6859f398dfc87427937c49327e1100d4

  Big endian MIPS architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   861486 9c2f72a576c8dbdba86fc9a77abc053a
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   134272 11b71d18b8909c78b4020f6107ab271e
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1536414 213eb32db439e80c012c8a5d5a40b42b
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1714128 cc75575b305b20884cfeb02faf756bb1
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  3826698 54b6877358b09310f70c4ed4904ad99e
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:   345106 6fd5696caf0762c71259ec214bdc9146
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mips.deb
      Size/MD5 checksum:  1681582 df0a9fcdc80b5885684ec12aea0c683b

  Little endian MIPS architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   861548 35bd5a4bbfcc1c7ddbf582e8d064263f
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   134468 61b299727ef2918e29971781840e7499
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1527816 391158af638344327b186b4ee778d211
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1708056 1fc6708d75015836f96bfa8ff1d903c6
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  3710050 75c0fb7ef3b9a07ea3cca95675d06fa2
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:   345116 805a2ca25c5b57248b3f21412ecd979f
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mipsel.deb
      Size/MD5 checksum:  1673676 6f3ef4a748e1a703bf92c5da8a2631cc

  PowerPC architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   841884 88cafc03c5997e08840f95426408c89d
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   136524 6aec5091c60835267a90e15a8c895207
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1447622 80c31af3c0c4069bde9a97b752c3849d
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1611484 6d6b6b0db0c78b64b77e7ec6ad7f05d2
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  3982304 80dd36c211d5afa6ec9955ed45dadbdb
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:   345112 d2a04f508028e198a9c6340363c3dfbd
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_powerpc.deb
      Size/MD5 checksum:  1586774 d2f352dd71026a0d4e32f8dfab60b851

  IBM S/390 architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   884036 be073e9c2ffce513729c899debf10cdf
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   130306 fd6db02b490ea4e52e194c9f302da6ec
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1565678 90815bb6a3c3b724e2a12e19f45bde62
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1739724 286ebfdff522a7b33442b703324836fa
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  4131780 4d58bef9651779a82c4422a132c299cd
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:   345040 d101698d0486d09f03f5e459b4b78000
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_s390.deb
      Size/MD5 checksum:  1708700 ea5d1db09bd3e93682c9074fc7dd88a6

  Sun Sparc architecture:

    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   778726 b744728a203c9db59fd524402fbc3790
    https://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   119604 47c0eb32e0bccbf494a2c6342c0f3936
    https://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1391256 37fbe9b2727722e2d2048cb035cff08f
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1547784 ca26dfab45daf960b947793f243444fa
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  3697216 ea5b1e30bd4b77ddb4b75238a694ce62
    https://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:   345556 6f66832f1b9f7c41f7d6c4200b4a7329
    https://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_sparc.deb
      Size/MD5 checksum:  1523874 c78486f12cf98694ceafd8ec74805699


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":80,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"8","type":"x","order":"2","pct":12.31,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":7.69,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.