MDVSA-2008:025 -- Mandriva x11-server-xglID: oval:org.secpod.oval:def:301304 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user . A memory corruption flaw was found in the X.org server"s XInput extension that could allow a malicious authorized client to cause a denial of service or potentially execute arbitrary code with root privileges on the X.org server . An information disclosure flaw was found in the X.org server"s TOG-CUP extension that could allow a malicious authorized client to cause a denial of service or potentially view arbitrary memory content within the X.org server"s address space . Two integer overflow flaws were found in the X.org server"s EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service or potentially execute arbitrary code with the privileges of the X.org server . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2007.0 |
Mandriva Linux 2007.1 |
Mandriva Linux 2008.0 |