Updated: June 09, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Fedora Project security team has published Fedora Legacy Update Advisory FLSA:190777 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: June 08, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Gentoo security team has published Gentoo Linux Security Advisory GLSA 200605-02 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: June 08, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva, Inc. has published Mandriva Linux Security Advisory MDKSA-2006:081-1 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: June 08, 2006
Affected
A security vulnerability has been found in the X.Org server -- CVE-2006-1526. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server. Patches for the respective releases: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/007_xorg.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/013_xorg.patch
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD's fix for this issue was committed to the head of their CVS repository on 2006-05-03.
Updated: June 08, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. has published Red Hat Security Advisory RHSA-2006:0451 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: June 09, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Slackware has published Slackware security advisory SSA:2006-123-01 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: June 09, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Sun has published Sun Alert ID 102339 in response to this issue. Users are encouraged to review this document and apply the patches it refers to.
Updated: June 09, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SUSE has published SUSE Security Announcement SUSE-SA:2006:023 in response to this issue. Users are encouraged to review this announcement and apply the patches it refers to.
Updated: June 09, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Ubuntu Linux security team has published Ubuntu Security Notice USN-280-1 in response to this issue. Users are encouraged to review this notice and apply the patches it refers to.
Updated: June 09, 2006
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 X.Org security advisory, May 2nd 2006 Buffer overflow in the Xrender extension of the X.Org server CVE-ID: CVE-2006-1526 Overview: A client of the X server using the X render extension is able to send requests that will cause a buffer overflow in the server side of the extension. This overflow can be exploited by an authorized client to execute malicious code inside the X server, which is generally running with root privileges. Vulnerability details: An unfortunate typo ('&' instead of '*' in an expression) causes the code to mis-compute the size of memory allocations in the XRenderCompositeTriStrip and XRenderCompositeTriFan requests. Thus a buffer that may be too small is used to store the parameters of the request. On platforms where the ALLOCATE_LOCAL() macro is using alloca(), this is a stack overflow, on other platforms this is a heap overflow. Affected versions: X.Org 6.8.0 and later versions are vulnerable, as well as all individual releases of the modular xorg-xserver package. To check which version you have, run Xorg -version: % Xorg -version X Window System Version 7.0.0 Release Date: 21 December 2005 X Protocol Version 11, Revision 0, Release 7.0 Fix: Apply the patch below to the source tree for the modular xorg-server source package: 9a9356f86fe2c10985f1008d459fb272 xorg-server-1.0.x-mitri.diff d6eba2bddac69f12f21785ea94397b206727ba93 xorg-server-1.0.x-mitri.diff http://xorg.freedesktop.org/releases/X11R7.0/patches/ For X.Org 6.8.x or 6.9.0, apply one of the patches below: d666925bfe3d76156c399091578579ae x11r6.9.0-mitri.diff 3d9da8bb9b28957c464d28ea194d5df50e2a3e5c x11r6.9.0-mitri.diff http://xorg.freedesktop.org/releases/X11R6.9.0/patches/ d5b46469a65972786b57ed2b010c3eb2 xorg-68x-CVE-2006-1526.patch f764a77a0da4e3af88561805c5c8e28d5c5b3058 xorg-68x-CVE-2006-1526.patch http://xorg.freedesktop.org/releases/X11R6.8.2/patches/ Thanks: We would like to thank Bart Massey who reported the issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iQCVAwUBRFdnIXKGCS6JWssnAQJe5gP/cP29g04rwqZil8tYD4bGpjb/cW1tAlyd T47I9qBg8asATow0HROiq8SuoG2B4g07InAZfvbdCERebYpk6lEO2L4os/4bmRW2 qG2n29a8+WfRJ0hiLwVEiLxeMtNTnK/Rh3Qsb2dhTvSWhpnuiji2IzVqVjurwCyu RKDGgq6q/k8= =IA5Z -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.