Test ID:	1.3.6.1.4.1.25623.1.0.70067
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2011:1154
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2011:1154. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2011-2895) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1154.html Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2895 1025920 http://securitytracker.com/id?1025920 45544 http://secunia.com/advisories/45544 45568 http://secunia.com/advisories/45568 45599 http://secunia.com/advisories/45599 45986 http://secunia.com/advisories/45986 46127 http://secunia.com/advisories/46127 48951 http://secunia.com/advisories/48951 49124 http://www.securityfocus.com/bid/49124 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2015-12-08-1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html APPLE-SA-2015-12-08-2 http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html APPLE-SA-2015-12-08-3 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html APPLE-SA-2015-12-08-4 http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html DSA-2293 http://www.debian.org/security/2011/dsa-2293 MDVSA-2011:153 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 NetBSD-SA2011-007 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc RHSA-2011:1154 http://www.redhat.com/support/errata/RHSA-2011-1154.html RHSA-2011:1155 http://www.redhat.com/support/errata/RHSA-2011-1155.html RHSA-2011:1161 http://www.redhat.com/support/errata/RHSA-2011-1161.html RHSA-2011:1834 http://www.redhat.com/support/errata/RHSA-2011-1834.html SUSE-SU-2011:1035 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html USN-1191-1 http://www.ubuntu.com/usn/USN-1191-1 [oss-security] 20110810 LZW decompression issues http://www.openwall.com/lists/oss-security/2011/08/10/10 [xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html [xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4 http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 openSUSE-SU-2011:1299 http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html xorg-lzw-bo(69141) https://exchange.xforce.ibmcloud.com/vulnerabilities/69141
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.