__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN xorg-x11-server Security Update [Red Hat RHSA-2007:0127-2] April 4, 2007 17:00 GMT Number R-195 [REVISED 21 May 2007] [REVISED 22 May 2007] ______________________________________________________________________________ PROBLEM: There is an integer overflow flaw in X.org X11 server XC-MISC extension. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 3.1 (sarge) Solaris 8, 9, 10 Operating Systems DAMAGE: Could cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A malicious authorized client could exploit ASSESSMENT: this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privilegs on the X.org server. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-195.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0127.html ADDITIONAL LINKS: http://www.debian.org/security/2007/dsa-1294 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-1003 ______________________________________________________________________________ REVISION HISTORY: 05/21/2007 - revised R-195 to add a link to Debian Security Advisory DSA-1294-1 for Debian GNU/Linux 3.1 (sarge). 05/22/2007 - revised R-195 to add a link to Sun Alert ID: 102886 for Solaris 8, 9, 10 Operating Systems. [***** Start Red Hat RHSA-2007:0127-2 *****] Important: xorg-x11-server security update Advisory: RHSA-2007:0127-2 Type: Security Advisory Severity: Important Issued on: 2007-04-03 Last updated on: 2007-04-03 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) OVAL: com.redhat.rhsa-20070127.xml CVEs (cve.mitre.org): CVE-2007-1003 Details Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.i386.rpm 4b0fcea97774ed878cf8ec3d8229918e x86_64: xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.x86_64.rpm 45552f0cfc32826ec7f15ef2fe85ebce Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: xorg-x11-server-1.1.1-48.13.0.1.el5.src.rpm f165c646ef24bdf7aea35dcd02f3994e IA-32: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.i386.rpm 4ac82a4321e40c6e2315d91f273f03f6 xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.i386.rpm 15552fa4e7a6a1a1de0fc3f0e292ff9d xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.i386.rpm 6904668064a54569c0069ef84525244c xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.i386.rpm 35be18e2b2e480afcc7ef6ed783ccc51 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.i386.rpm a03d6baf97916deb19a038f44bbdc617 xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.i386.rpm 4b0fcea97774ed878cf8ec3d8229918e IA-64: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.ia64.rpm 1382c0813050cf03d7e08823c152d09b xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.ia64.rpm a4ced5410990effdde9931dda62693ad xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.ia64.rpm 1cb88ddefe5120343b601637159a582f xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.ia64.rpm f3b6ab243b698987ae3f52c3df9694e0 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.ia64.rpm 693e49f05f08f625414fbb4f0e2a43ef xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.ia64.rpm de9422348f37dddbed72d0ba099784f9 PPC: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.ppc.rpm e9a5bd06364e558805adef522547da38 xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.ppc.rpm c9c28a3edbdb88e17e9f315c5ebe6a0b xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.ppc.rpm 8ba30d162413630541a3e86f2e955acc xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.ppc.rpm 12407cf8ef84e30858e881d4ee956493 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.ppc.rpm 0ab6c48bb411139f4941b9976e5928c3 xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.ppc.rpm f24e4514ce2d6837954b99f6f5ce78a9 s390x: xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.s390x.rpm 2d0ebaf16c3d4e111c24bdcefd3dd775 xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.s390x.rpm 3aa5a53b66c679b6e65962cef215d479 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.s390x.rpm 49b504e4c01dad2303babbe272dc99b7 x86_64: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.x86_64.rpm 3c3cabed8f92625968704ff192793fc4 xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.x86_64.rpm 3d515fe01f61e31b6cd86bc20d4f1c05 xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.x86_64.rpm 7160f1f23ea3690f716e29e0e8c61e6e xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.x86_64.rpm 278835bdc3120b247360205c30a1d6b5 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.x86_64.rpm cab10df3473d826cd1aa6ad4af7dcdc1 xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.x86_64.rpm 45552f0cfc32826ec7f15ef2fe85ebce Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: xorg-x11-server-1.1.1-48.13.0.1.el5.src.rpm f165c646ef24bdf7aea35dcd02f3994e IA-32: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.i386.rpm 4ac82a4321e40c6e2315d91f273f03f6 xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.i386.rpm 15552fa4e7a6a1a1de0fc3f0e292ff9d xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.i386.rpm 6904668064a54569c0069ef84525244c xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.i386.rpm 35be18e2b2e480afcc7ef6ed783ccc51 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.i386.rpm a03d6baf97916deb19a038f44bbdc617 x86_64: xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.x86_64.rpm 3c3cabed8f92625968704ff192793fc4 xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.x86_64.rpm 3d515fe01f61e31b6cd86bc20d4f1c05 xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.x86_64.rpm 7160f1f23ea3690f716e29e0e8c61e6e xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.x86_64.rpm 278835bdc3120b247360205c30a1d6b5 xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.x86_64.rpm cab10df3473d826cd1aa6ad4af7dcdc1 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 233001 - CVE-2007-1003 xserver XC-MISC integer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0127-2 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-185: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilitites R-186: Lookup-el R-187: OpenOffice.org Security Update R-188: InterActual Player SyscheckObject ActiveX Vulnerability R-189: tcpdump Security Vulnerability R-190: Network Audio System Vulnerabilties R-191: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities R-192: Vulnerabilities in Graphics Rendering Engine (GDI) R-193: krb5 Security Update R-194: XFree86 Security Update