Description: | Description:
The remote host is missing updates announced in advisory RHSA-2007:0125.
XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)
Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2007-0125.html http://www.redhat.com/security/updates/classification/#important
Risk factor : Critical
CVSS Score: 9.3
|