Test ID:	1.3.6.1.4.1.25623.1.0.58167
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0125
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0125. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0125.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1003 BugTraq ID: 23284 http://www.securityfocus.com/bid/23284 BugTraq ID: 23300 http://www.securityfocus.com/bid/23300 Bugtraq: 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) http://www.securityfocus.com/archive/1/464686/100/0/threaded Bugtraq: 20070405 FLEA-2007-0009-1: xorg-x11 freetype (Google Search) http://www.securityfocus.com/archive/1/464816/100/0/threaded Debian Security Information: DSA-1294 (Google Search) http://www.debian.org/security/2007/dsa-1294 http://security.gentoo.org/glsa/glsa-200705-10.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503 http://www.mandriva.com/security/advisories?name=MDKSA-2007:079 http://www.mandriva.com/security/advisories?name=MDKSA-2007:080 http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html OpenBSD Security Advisory: [3.9] 021: SECURITY FIX: April 4, 2007 http://www.openbsd.org/errata39.html#021_xorg OpenBSD Security Advisory: [4.0] 011: SECURITY FIX: April 4, 2007 http://www.openbsd.org/errata40.html#011_xorg https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1980 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9798 RedHat Security Advisories: RHSA-2007:0125 http://rhn.redhat.com/errata/RHSA-2007-0125.html http://www.redhat.com/support/errata/RHSA-2007-0126.html http://www.redhat.com/support/errata/RHSA-2007-0127.html http://www.securitytracker.com/id?1017857 http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/24756 http://secunia.com/advisories/24758 http://secunia.com/advisories/24765 http://secunia.com/advisories/24770 http://secunia.com/advisories/24771 http://secunia.com/advisories/24772 http://secunia.com/advisories/24791 http://secunia.com/advisories/25004 http://secunia.com/advisories/25006 http://secunia.com/advisories/25195 http://secunia.com/advisories/25216 http://secunia.com/advisories/25305 http://secunia.com/advisories/29622 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 SuSE Security Announcement: SUSE-SA:2007:027 (Google Search) http://www.novell.com/linux/security/advisories/2007_27_x.html SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://www.ubuntu.com/usn/usn-448-1 http://www.vupen.com/english/advisories/2007/1217 http://www.vupen.com/english/advisories/2007/1548 XForce ISS Database: xorg-xcmisc-overflow(33424) https://exchange.xforce.ibmcloud.com/vulnerabilities/33424 Common Vulnerability Exposure (CVE) ID: CVE-2007-1667 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Debian Security Information: DSA-1858 (Google Search) http://www.debian.org/security/2009/dsa-1858 http://security.gentoo.org/glsa/glsa-200705-06.xml http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1693 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9776 http://www.redhat.com/support/errata/RHSA-2007-0157.html http://www.securitytracker.com/id?1017864 http://secunia.com/advisories/24739 http://secunia.com/advisories/24953 http://secunia.com/advisories/24975 http://secunia.com/advisories/25072 http://secunia.com/advisories/25112 http://secunia.com/advisories/25131 http://secunia.com/advisories/25992 http://secunia.com/advisories/26177 http://secunia.com/advisories/30161 http://secunia.com/advisories/33937 http://secunia.com/advisories/36260 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102888-1 SuSE Security Announcement: SUSE-SR:2007:008 (Google Search) http://www.novell.com/linux/security/advisories/2007_8_sr.html http://www.ubuntu.com/usn/usn-453-1 http://www.ubuntu.com/usn/usn-453-2 http://www.ubuntu.com/usn/usn-481-1 http://www.vupen.com/english/advisories/2007/1531 Common Vulnerability Exposure (CVE) ID: CVE-2007-1351 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html BugTraq ID: 23283 http://www.securityfocus.com/bid/23283 BugTraq ID: 23402 http://www.securityfocus.com/bid/23402 Debian Security Information: DSA-1454 (Google Search) http://www.debian.org/security/2008/dsa-1454 http://security.gentoo.org/glsa/glsa-200705-02.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://www.mandriva.com/security/advisories?name=MDKSA-2007:081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810 http://www.redhat.com/support/errata/RHSA-2007-0132.html http://www.redhat.com/support/errata/RHSA-2007-0150.html http://secunia.com/advisories/24768 http://secunia.com/advisories/24776 http://secunia.com/advisories/24885 http://secunia.com/advisories/24889 http://secunia.com/advisories/24921 http://secunia.com/advisories/24996 http://secunia.com/advisories/25096 http://secunia.com/advisories/25495 http://secunia.com/advisories/28333 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733 SuSE Security Announcement: SUSE-SR:2007:006 (Google Search) http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.trustix.org/errata/2007/0013/ http://www.vupen.com/english/advisories/2007/1264 XForce ISS Database: xorg-bdf-font-bo(33417) https://exchange.xforce.ibmcloud.com/vulnerabilities/33417 Common Vulnerability Exposure (CVE) ID: CVE-2007-1352 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243 XForce ISS Database: xorg-fontsdir-bo(33419) https://exchange.xforce.ibmcloud.com/vulnerabilities/33419
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.