Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0003

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 105790 CVE descriptions and 56160 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.57768

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2007:0003

Summary: Redhat Security Advisory RHSA-2007:0003

Description: Description:

The remote host is missing updates announced in
advisory RHSA-2007:0003.

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

iDefense reported three integer overflow flaws in the X.org Render and DBE
extensions. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)

Users of X.org should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0003.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6101
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
Debian Security Information: DSA-1249 (Google Search)
https://www.debian.org/security/2007/dsa-1249
http://security.gentoo.org/glsa/glsa-200701-25.xml
HPdes Security Advisory: HPSBUX02225
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678
HPdes Security Advisory: SSRT071295
http://www.mandriva.com/security/advisories?name=MDKSA-2007:005
NETBSD Security Advisory: NetBSD-SA2007-002
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc
http://www.redhat.com/support/errata/RHSA-2007-0002.html
http://www.redhat.com/support/errata/RHSA-2007-0003.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
SuSE Security Announcement: SUSE-SA:2007:008 (Google Search)
http://www.novell.com/linux/security/advisories/2007_08_x.html
http://www.ubuntu.com/usn/usn-403-1
BugTraq ID: 21968
http://www.securityfocus.com/bid/21968
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10490
http://www.vupen.com/english/advisories/2007/0108
http://www.vupen.com/english/advisories/2007/0109
http://www.vupen.com/english/advisories/2007/0589
http://www.vupen.com/english/advisories/2007/0669
http://www.vupen.com/english/advisories/2007/2233
http://osvdb.org/32084
http://securitytracker.com/id?1017495
http://secunia.com/advisories/23633
http://secunia.com/advisories/23670
http://secunia.com/advisories/23684
http://secunia.com/advisories/23689
http://secunia.com/advisories/23705
http://secunia.com/advisories/23698
http://secunia.com/advisories/23758
http://secunia.com/advisories/23789
http://secunia.com/advisories/23966
http://secunia.com/advisories/24168
http://secunia.com/advisories/24210
http://secunia.com/advisories/24247
http://secunia.com/advisories/24401
http://secunia.com/advisories/25802
XForce ISS Database: xorg-xserver-render-overflow(31337)
http://xforce.iss.net/xforce/xfdb/31337
Common Vulnerability Exposure (CVE) ID: CVE-2006-6102
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9991
http://osvdb.org/32085
XForce ISS Database: xorg-xserver-dbe-overflow(31376)
http://xforce.iss.net/xforce/xfdb/31376
Common Vulnerability Exposure (CVE) ID: CVE-2006-6103
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11011
http://osvdb.org/32086
XForce ISS Database: xorg-xserver-dbe-swap-overflow(31379)
http://xforce.iss.net/xforce/xfdb/31379

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 56160 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.57768
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0003
Summary:	Redhat Security Advisory RHSA-2007:0003
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0003. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0003.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6101 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463 http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html Debian Security Information: DSA-1249 (Google Search) https://www.debian.org/security/2007/dsa-1249 http://security.gentoo.org/glsa/glsa-200701-25.xml HPdes Security Advisory: HPSBUX02225 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678 HPdes Security Advisory: SSRT071295 http://www.mandriva.com/security/advisories?name=MDKSA-2007:005 NETBSD Security Advisory: NetBSD-SA2007-002 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc http://www.redhat.com/support/errata/RHSA-2007-0002.html http://www.redhat.com/support/errata/RHSA-2007-0003.html http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1 SuSE Security Announcement: SUSE-SA:2007:008 (Google Search) http://www.novell.com/linux/security/advisories/2007_08_x.html http://www.ubuntu.com/usn/usn-403-1 BugTraq ID: 21968 http://www.securityfocus.com/bid/21968 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10490 http://www.vupen.com/english/advisories/2007/0108 http://www.vupen.com/english/advisories/2007/0109 http://www.vupen.com/english/advisories/2007/0589 http://www.vupen.com/english/advisories/2007/0669 http://www.vupen.com/english/advisories/2007/2233 http://osvdb.org/32084 http://securitytracker.com/id?1017495 http://secunia.com/advisories/23633 http://secunia.com/advisories/23670 http://secunia.com/advisories/23684 http://secunia.com/advisories/23689 http://secunia.com/advisories/23705 http://secunia.com/advisories/23698 http://secunia.com/advisories/23758 http://secunia.com/advisories/23789 http://secunia.com/advisories/23966 http://secunia.com/advisories/24168 http://secunia.com/advisories/24210 http://secunia.com/advisories/24247 http://secunia.com/advisories/24401 http://secunia.com/advisories/25802 XForce ISS Database: xorg-xserver-render-overflow(31337) http://xforce.iss.net/xforce/xfdb/31337 Common Vulnerability Exposure (CVE) ID: CVE-2006-6102 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9991 http://osvdb.org/32085 XForce ISS Database: xorg-xserver-dbe-overflow(31376) http://xforce.iss.net/xforce/xfdb/31376 Common Vulnerability Exposure (CVE) ID: CVE-2006-6103 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11011 http://osvdb.org/32086 XForce ISS Database: xorg-xserver-dbe-swap-overflow(31379) http://xforce.iss.net/xforce/xfdb/31379
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com