[ MDVSA-2008:022 ] - Updated xorg-x11 packages fix multiple

[dude67]

Updated xorg-x11 packages fix multiple vulnerabilities

Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which if exploited could lead to local privilege
escalation (CVE-2007-4730).

An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause
a denial of service (crash), or potentially execute arbitrary code
with root privileges on the X.org server (CVE-2007-5760).

A flaw was found in the X.org server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).

A memory corruption flaw was found in the X.org server's XInput
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-6427).

An information disclosure flaw was found in the X.org server's TOG-CUP
extension that could allow a malicious authorized client to cause
a denial of service (crash) or potentially view arbitrary memory
content within the X.org server's address space (CVE-2007-6428).

Two integer overflow flaws were found in the X.org server's EVI and
MIT-SHM modules that could allow a malicious authorized client to
cause a denial of service (crash) or potentially execute arbitrary
code with the privileges of the X.org server (CVE-2007-6429).

A heap-based buffer overflow flaw was found in how the X.org server
handled malformed font files that could allow a malicious local user
to potentially execute arbitrary code with the privileges of the
X.org server (CVE-2008-0006).

The updated packages have been patched to correct these issues.