Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1466-2 (xorg-server, libxfont, xfree86)
The remote host is missing an update to xorg-server, libxfont, xfree86
announced via advisory DSA 1466-2.

The fix for CVE-2007-6429 introduced a regression in the MIT-SHM
extension, which prevented the start of a few applications. This update
fixes this problem and also references the patch for CVE-2008-0006,
which was included in the previous update, but not mentioned in the
advisory text.

Several local vulnerabilities have been discovered in the X.Org X
server. The Common Vulnerabilities and Exposures project identifies the
following problems:


regenrecht discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.


It was discovered that error messages of security policy file
handling may lead to a minor information leak disclosing the
existance of files otherwise unaccessible to the user.


regenrecht discovered that missing input sanitising within
the XInput-Misc extension may lead to local privilege escalation.


regenrecht discovered that missing input sanitising within
the TOG-CUP extension may lead to disclosure of memory contents.


regenrecht discovered that integer overflows in the EVI
and MIT-SHM extensions may lead to local privilege escalation.


It was discovered that insufficient validation of PCF fonts could lead
to local privilege escalation.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.4.1~
git20080118-1 of xorg-server and version 1:1.3.1-2
of libxfont.

For the stable distribution (etch), this problem has been fixed in
version 1.1.1-21etch3 or xorg-server and 1.2.2-2.etch1 of libxfont.

For the oldstable distribution (etch), this problem has been fixed in
version 4.3.0.dfsg.1-14sarge6 of xfree86.

We recommend that you upgrade your libxfont abd xorg-server packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5760
BugTraq ID: 27336
BugTraq ID: 27354
Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
Debian Security Information: DSA-1466 (Google Search)
OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008
OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008
SuSE Security Announcement: SUSE-SA:2008:003 (Google Search)
XForce ISS Database: xorg-xfree86misc-code-execution(39766)
Common Vulnerability Exposure (CVE) ID: CVE-2007-5958
BugTraq ID: 27356
HPdes Security Advisory: HPSBUX02381
HPdes Security Advisory: SSRT080083
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
XForce ISS Database: xorg-xsp-information-disclosure(39769)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6427
BugTraq ID: 27351
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
XForce ISS Database: xorg-xinput-code-execution(39759)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6428
BugTraq ID: 27355
XForce ISS Database: xorg-togcup-information-disclosure(39761)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6429
BugTraq ID: 27350
BugTraq ID: 27353
XForce ISS Database: xorg-evi-bo(39763)
XForce ISS Database: xorg-mitshm-overflow(39764)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0006
BugTraq ID: 27352
CERT/CC vulnerability note: VU#203220
XForce ISS Database: xorg-pcffont-bo(39767)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2023 E-Soft Inc. All rights reserved.