===================================================================== CERT-Renater Note d'Information No. 2007/VULN180 _____________________________________________________________________ DATE : 05/04/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : OpenBSD running X.Org. ====================================================================== Multiple vulnerabilities have been discovered in X.Org: - - XC-MISC CVE-2007-1003 XC-MISC Extension ProcXCMiscGetXIDList Memory Corruption Vulnerability This vulnerability was discovered by Sean Larsson, iDefense Labs. - - bdf CVE-2007-1351 BDFFont Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. - - fontdir CVE-2007-1352 fonts.dir File Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. - - libX11 CVE-2007-1667 Multiple integer overflows in the XGetPixel() and XInitImage functions in ImUtil.c These vulnerabilities have been fixed in the OpenBSD CVS repository in the -current and -stable branches. The -current snapshots of X11 contain these fixes as well. It is recommended that users of X11 on OpenBSD update their X11 installation using cvs or manually apply the source code patches listed below. A source code patch for OpenBSD 4.0-stable can be downloaded from ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/011_xorg.patch. A source code patch for OpenBSD 3.9-stable can be downloaded from ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/021_xorg.patch. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================