 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.57875 |
| Kategorie: | Gentoo Local Security Checks |
| Titel: | Gentoo Security Advisory GLSA 200608-25 (xorg-x11, xorg-server, xtrans, xload, xinit, xterm, xf86dga, xdm, libX11) |
| Zusammenfassung: | The remote host is missing updates announced in;advisory GLSA 200608-25. |
| Beschreibung: | Summary: The remote host is missing updates announced in advisory GLSA 200608-25. Vulnerability Insight: X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls. Solution: All X.Org xdm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xdm-1.0.4-r1' All X.Org xinit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.0.2-r6' All X.Org xload users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xload-1.0.1-r1' All X.Org xf86dga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xf86dga-1.0.1-r1' All X.Org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-x11-6.9.0-r2' All X.Org X servers users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.0-r1' All X.Org X11 library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/libx11-1.0.1-r1' All X.Org xtrans library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/xtrans-1.0.1-r1' All xterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-terms/xterm-215' All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-xlibs-7.0-r2' Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-4447 BugTraq ID: 19742 http://www.securityfocus.com/bid/19742 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 CERT/CC vulnerability note: VU#300368 http://www.kb.cert.org/vuls/id/300368 Debian Security Information: DSA-1193 (Google Search) http://www.debian.org/security/2006/dsa-1193 http://security.gentoo.org/glsa/glsa-200608-25.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:160 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://lists.freedesktop.org/archives/xorg/2006-June/016146.html http://secunia.com/advisories/21650 http://secunia.com/advisories/21660 http://secunia.com/advisories/21693 http://secunia.com/advisories/22332 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://www.vupen.com/english/advisories/2006/3409 http://www.vupen.com/english/advisories/2007/0409 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |