MandrivaUsers.org > Advisories MDVSA-2008:179: metisse

Full Version: Advisories MDVSA-2008:179: metisse

MandrivaUsers.org > Announcements > Mandriva Security Advisories

paul

Aug 21 2008, 10:37 PM

An input validation flaw was found in X.org's MIT-SHM extension.
A client connected to the X.org server could read arbitrary server
memory, resulting in the disclosure of sensitive data of other users
of the X.org server (CVE-2008-1379).

Multiple integer overflows were found in X.org's Render extension.
A malicious authorized client could explot these issues to cause a
denial of service (crash) or possibly execute arbitrary code with
root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362).

The Metisse program is likewise affected by these issues; the updated
packages have been patched to prevent them.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.