libgsf, xorg security update

ID CESA-2007:0003
Type centos
Reporter CentOS Project
Modified 2007-01-12T06:14:11


CentOS Errata and Security Advisory CESA-2007:0003 is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

iDefense reported three integer overflow flaws in the Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)

Users of should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.

Merged security bulletin from advisories:

Affected packages: libgsf libgsf-devel xorg-x11 xorg-x11-Mesa-libGL xorg-x11-Mesa-libGLU xorg-x11-Xdmx xorg-x11-Xnest xorg-x11-Xvfb xorg-x11-deprecated-libs xorg-x11-deprecated-libs-devel xorg-x11-devel xorg-x11-doc xorg-x11-font-utils xorg-x11-libs xorg-x11-sdk xorg-x11-tools xorg-x11-twm xorg-x11-xauth xorg-x11-xdm xorg-x11-xfs

Upstream details at: