Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 05 Apr 2007 09:56:06 +0200
Type : VULN
Sujet : CERT-Renater : 2007/VULN180 (OpenBSD: Multiple vulnerabilities have been discovered in X.Org)
====================================================================                                     CERT-Renater

                          Note d'Information No. 2007/VULN180
_____________________________________________________________________

DATE                      : 05/04/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : OpenBSD running X.Org.

======================================================================

Multiple vulnerabilities have been discovered in X.Org:

- - XC-MISC CVE-2007-1003

   XC-MISC Extension ProcXCMiscGetXIDList Memory Corruption
   Vulnerability

This vulnerability was discovered by Sean Larsson, iDefense Labs.


- - bdf CVE-2007-1351

    BDFFont Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.

- - fontdir CVE-2007-1352

fonts.dir File Parsing Integer Overflow Vulnerability

The discoverer of this vulnerability wishes to remain anonymous.


- - libX11 CVE-2007-1667

Multiple integer overflows in the XGetPixel() and XInitImage functions
in ImUtil.c


These vulnerabilities have been fixed in the OpenBSD CVS repository
in the -current and -stable branches.  The -current snapshots of X11
contain these fixes as well.

It is recommended that users of X11 on OpenBSD update their X11
installation using cvs or manually apply the source code patches listed
below.

A source code patch for OpenBSD 4.0-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/011_xorg.patch.

A source code patch for OpenBSD 3.9-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/021_xorg.patch.


======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================