Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:025 (x11-server-xgl)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.60253
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:025 (x11-server-xgl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to x11-server-xgl announced via advisory MDVSA-2008:025. An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427). An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428). Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:025 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5760 BugTraq ID: 27336 http://www.securityfocus.com/bid/27336 BugTraq ID: 27354 http://www.securityfocus.com/bid/27354 Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) http://www.securityfocus.com/archive/1/487335/100/0/threaded Debian Security Information: DSA-1466 (Google Search) http://www.debian.org/security/2008/dsa-1466 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html http://security.gentoo.org/glsa/glsa-200801-09.xml http://security.gentoo.org/glsa/glsa-200804-05.xml http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646 http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 http://www.mandriva.com/security/advisories?name=MDVSA-2008:023 http://www.mandriva.com/security/advisories?name=MDVSA-2008:025 http://lists.freedesktop.org/archives/xorg/2008-January/031918.html OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008 http://www.openbsd.org/errata41.html#012_xorg OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008 http://www.openbsd.org/errata42.html#006_xorg https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11718 http://www.redhat.com/support/errata/RHSA-2008-0030.html http://www.redhat.com/support/errata/RHSA-2008-0031.html http://securitytracker.com/id?1019232 http://secunia.com/advisories/28273 http://secunia.com/advisories/28532 http://secunia.com/advisories/28535 http://secunia.com/advisories/28536 http://secunia.com/advisories/28539 http://secunia.com/advisories/28540 http://secunia.com/advisories/28543 http://secunia.com/advisories/28550 http://secunia.com/advisories/28584 http://secunia.com/advisories/28592 http://secunia.com/advisories/28616 http://secunia.com/advisories/28693 http://secunia.com/advisories/28718 http://secunia.com/advisories/28843 http://secunia.com/advisories/28885 http://secunia.com/advisories/28941 http://secunia.com/advisories/29707 http://secunia.com/advisories/30161 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1 SuSE Security Announcement: SUSE-SA:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html https://usn.ubuntu.com/571-1/ http://www.vupen.com/english/advisories/2008/0179 http://www.vupen.com/english/advisories/2008/0184 http://www.vupen.com/english/advisories/2008/0497/references XForce ISS Database: xorg-xfree86misc-code-execution(39766) https://exchange.xforce.ibmcloud.com/vulnerabilities/39766 Common Vulnerability Exposure (CVE) ID: CVE-2007-5958 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 27356 http://www.securityfocus.com/bid/27356 https://www.exploit-db.com/exploits/5152 HPdes Security Advisory: HPSBUX02381 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HPdes Security Advisory: SSRT080083 http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5393 http://www.redhat.com/support/errata/RHSA-2008-0029.html http://secunia.com/advisories/28542 http://secunia.com/advisories/28997 http://secunia.com/advisories/29420 http://secunia.com/advisories/29622 http://secunia.com/advisories/32545 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1 SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/3000 XForce ISS Database: xorg-xsp-information-disclosure(39769) https://exchange.xforce.ibmcloud.com/vulnerabilities/39769 Common Vulnerability Exposure (CVE) ID: CVE-2007-6427 BugTraq ID: 27351 http://www.securityfocus.com/bid/27351 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372 http://secunia.com/advisories/28838 http://secunia.com/advisories/29139 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.vupen.com/english/advisories/2008/0703 XForce ISS Database: xorg-xinput-code-execution(39759) https://exchange.xforce.ibmcloud.com/vulnerabilities/39759 Common Vulnerability Exposure (CVE) ID: CVE-2007-6428 BugTraq ID: 27355 http://www.securityfocus.com/bid/27355 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11754 XForce ISS Database: xorg-togcup-information-disclosure(39761) https://exchange.xforce.ibmcloud.com/vulnerabilities/39761 Common Vulnerability Exposure (CVE) ID: CVE-2007-6429 BugTraq ID: 27350 http://www.securityfocus.com/bid/27350 BugTraq ID: 27353 http://www.securityfocus.com/bid/27353 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045 XForce ISS Database: xorg-evi-bo(39763) https://exchange.xforce.ibmcloud.com/vulnerabilities/39763 XForce ISS Database: xorg-mitshm-overflow(39764) https://exchange.xforce.ibmcloud.com/vulnerabilities/39764
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com