XFree86 security update

ID CESA-2006:0635-01
Type centos
Reporter CentOS Project
Modified 2006-08-22T00:31:14


CentOS Errata and Security Advisory CESA-2006:0635-01

XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop.

An integer overflow flaw in the way the XFree86 server processes PCF files was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-3467)

Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-August/013140.html

Affected packages: XFree86 XFree86-100dpi-fonts XFree86-75dpi-fonts XFree86-ISO8859-15-100dpi-fonts XFree86-ISO8859-15-75dpi-fonts XFree86-ISO8859-2-100dpi-fonts XFree86-ISO8859-2-75dpi-fonts XFree86-ISO8859-9-100dpi-fonts XFree86-ISO8859-9-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-libs XFree86-tools XFree86-twm XFree86-xdm XFree86-xf86cfg XFree86-xfs

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html