XFree86 security update

2008-01-20T22:56:55
ID CESA-2008:0029-01
Type centos
Reporter CentOS Project
Modified 2008-01-20T22:56:55

Description

CentOS Errata and Security Advisory CESA-2008:0029-01

XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop.

Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429)

A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006)

A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427)

An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428)

An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990)

A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)

Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-January/014630.html

Affected packages: XFree86 XFree86-100dpi-fonts XFree86-75dpi-fonts XFree86-ISO8859-15-100dpi-fonts XFree86-ISO8859-15-75dpi-fonts XFree86-ISO8859-2-100dpi-fonts XFree86-ISO8859-2-75dpi-fonts XFree86-ISO8859-9-100dpi-fonts XFree86-ISO8859-9-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-libs XFree86-tools XFree86-twm XFree86-xdm XFree86-xf86cfg XFree86-xfs

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html