Update fixes multiple vulnerabilities in X.Org server
The developers of X.Org have indicated that there are a number of bugs in their X server that could allow system memory to be overwritten with external data. In the initial reports from iDefense, the discoverers of the vulnerabilities, it wasn't clear whether they could be used to inject code and execute commands. Now, according to iDefense, in addition to X.Org's X server, XFree86's X server product is also affected. The vulnerabilities apparently allow malicious code to be injected and executed with root privileges. In order to send prepared packets to the X server, an attacker must, however, have access to a console or a user account. The roots of the problems are integer overflows in the ProcDbeGetVisualInfo, ProcDbeSwapBuffer and ProcRenderAddGlyphs functions when processing prepared client requests to the DBE and render extensions. Such requests can be made either from the local application, or from the network, however the client must be authenticated.
All versions of the X server from X.Org, which support these extensions, are affected. An update fixes the problem. Because most Linux distributions use the X.Org server, Linux distribution updates can also be expected shortly. According to the error report, X servers other than X.Org servers may be affected if they use the X11R6 sample implementation.
- Multiple integer overflows in dbe and render extensions, security advisory from X.Org
- Advisory list from iDefense