libgsf, xorg security update

2007-01-11T19:01:11
ID CESA-2007:0003
Type centos
Reporter CentOS Project
Modified 2007-01-12T06:14:11

Description

CentOS Errata and Security Advisory CESA-2007:0003

X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)

Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-January/025507.html http://lists.centos.org/pipermail/centos-announce/2007-January/025509.html http://lists.centos.org/pipermail/centos-announce/2007-January/025514.html http://lists.centos.org/pipermail/centos-announce/2007-January/025515.html

Affected packages: libgsf libgsf-devel xorg-x11 xorg-x11-Mesa-libGL xorg-x11-Mesa-libGLU xorg-x11-Xdmx xorg-x11-Xnest xorg-x11-Xvfb xorg-x11-deprecated-libs xorg-x11-deprecated-libs-devel xorg-x11-devel xorg-x11-doc xorg-x11-font-utils xorg-x11-libs xorg-x11-sdk xorg-x11-tools xorg-x11-twm xorg-x11-xauth xorg-x11-xdm xorg-x11-xfs

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0003.html