Test ID:	1.3.6.1.4.1.25623.1.0.58609
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0898
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0898. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way X.Org's composite extension handles 32 bit color depth windows while running in 16 bit color depth mode. If an X.org server has enabled the composite extension, it may be possible for a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-4730) Please note this flaw can only be triggered when using a compositing window manager. Red Hat Enterprise Linux 4 does not ship with a compositing window manager. Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0898.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4730 BugTraq ID: 25606 http://www.securityfocus.com/bid/25606 Debian Security Information: DSA-1372 (Google Search) http://www.debian.org/security/2007/dsa-1372 http://security.gentoo.org/glsa/glsa-200710-16.xml http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:178 http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html http://osvdb.org/37726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430 http://www.redhat.com/support/errata/RHSA-2007-0898.html http://www.securitytracker.com/id?1018665 http://secunia.com/advisories/26743 http://secunia.com/advisories/26755 http://secunia.com/advisories/26763 http://secunia.com/advisories/26823 http://secunia.com/advisories/26859 http://secunia.com/advisories/26897 http://secunia.com/advisories/27147 http://secunia.com/advisories/27179 http://secunia.com/advisories/27228 http://secunia.com/advisories/30161 SuSE Security Announcement: SUSE-SA:2007:054 (Google Search) http://www.novell.com/linux/security/advisories/2007_54_xorg.html http://www.ubuntu.com/usn/usn-514-1 http://www.vupen.com/english/advisories/2007/3098 XForce ISS Database: xorg-composite-bo(36535) https://exchange.xforce.ibmcloud.com/vulnerabilities/36535
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.