xorg-x11-server-1.1.1-48.26.5.3AXS3
エラータID: AXSA:2008-80:01
リリース日:
2008/08/26 Tuesday - 12:03
題名:
xorg-x11-server-1.1.1-48.26.5.3AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
X.Org の X server における レコード拡張の SProcRecordCreateContext 関数 および SProcRecordRegisterClients 関数、セキュリティ拡張の SProcSecurityGenerateAuthorization 関数には、任意のコードが実行される脆弱性が存在します。(CVE-2008-1377)
X.Org の X server における MIT-SHM 拡張の fbShmPutImage 関数には、任意のプロセスメモリが読み取られる整数オーバーフローの脆弱性が存在します。 (CVE-2008-1379)
X.Org の X server における Render 拡張の AllocateGlyph 関数には、ヒーブバッファのサイズ計算処理に不備があるため、任意のコードを実行される整数オーバーフローの脆弱性が存在します。(CVE-2008-2360)
X.Org の X server における Render 拡張の ProcRenderCreateCursor 関数には、グリフのバッファサイズの計算に不備があるため、サービス運用妨害 (DoS)の脆弱性が存在します。(CVE-2008-2361)
X.Org の X server における Render 拡張には、任意のコードが実行される複数の整数オーバーフローの脆弱性が存在します。 (CVE-2008-2362)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください
CVE:
CVE-2008-1377
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
CVE-2008-1379
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
CVE-2008-2360
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
CVE-2008-2361
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
CVE-2008-2362
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- xorg-x11-server-sdk-1.1.1-48.26.5.3AXS3.i386.rpm
MD5: ea11bcca17a126fc33c29e8656c5319b
SHA-256: 3e2b090d40de666ede88b21ccc5346ee36d5af89deb6edc598f81c9894e91636
Size: 374.15 kB - xorg-x11-server-Xdmx-1.1.1-48.26.5.3AXS3.i386.rpm
MD5: f667a17713ef680e3cb474bdbc8c6b32
SHA-256: e8e274afaa451a3ea7de86ab9806ec843977a68ed35ebb9198c81d7432a673f2
Size: 919.39 kB - xorg-x11-server-Xnest-1.1.1-48.26.5.3AXS3.i386.rpm
MD5: 0f95a6c4a4a05e0e6867445a253ccf50
SHA-256: 8a18ed49f9c18d3831280873d2de3bfab164899c2eb666fb9a65f95b7a33b316
Size: 1.45 MB - xorg-x11-server-Xorg-1.1.1-48.26.5.3AXS3.i386.rpm
MD5: 3a3c022828bdf75184257702bce5c23c
SHA-256: 919a6d92b39a7b9ee63e1f9cd5bd217043abdf253aab4b14b1bf9fef85ce4148
Size: 3.24 MB - xorg-x11-server-Xvfb-1.1.1-48.26.5.3AXS3.i386.rpm
MD5: bd32d8e2ba515bda290ebdf3fb5fa4c6
SHA-256: 3875c14b4b245153b6dccd8c4b7ead423eca7b288552d481f8f107c9e5ee476b
Size: 1.60 MB
Asianux Server 3 for x86_64
- xorg-x11-server-sdk-1.1.1-48.26.5.3AXS3.x86_64.rpm
MD5: 0ba8f6c0ec02e68c5f6868cef31e71d1
SHA-256: 5b090bab40e35bf6c6a6ea5d290f44930d9f62ac6aced3729fafca1a530d1441
Size: 377.04 kB - xorg-x11-server-Xdmx-1.1.1-48.26.5.3AXS3.x86_64.rpm
MD5: 8433afe347f415b94d79f72e563e2c90
SHA-256: 6e1d85b5cbb3fafa29faf0f3c7ff270b2c5768f300c77f5ac12fe465e4774a0f
Size: 932.46 kB - xorg-x11-server-Xnest-1.1.1-48.26.5.3AXS3.x86_64.rpm
MD5: 7c328b09e77948c1a54abb99a76701c0
SHA-256: fb3797985aedad9d4b279e4a74997a5e4395fe05de6d599de557610bd81d85f4
Size: 1.44 MB - xorg-x11-server-Xorg-1.1.1-48.26.5.3AXS3.x86_64.rpm
MD5: f6f99c78a3860332d2e296acf60cad73
SHA-256: a05f44efbca223dec02567406b65ffb598bc403818954eebcf6ad76add1ed079
Size: 3.35 MB - xorg-x11-server-Xvfb-1.1.1-48.26.5.3AXS3.x86_64.rpm
MD5: 92fd4fa3cf61ff74464c4319efaf9d30
SHA-256: d3659e820d88a8b67ae81a0502b88cca71f544fb594b32549792d72aa8c599e2
Size: 1.58 MB