(RHSA-2007:0125) Important: XFree86 security update

2007-04-0300:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.06 Low

EPSS

Percentile

92.7%

JSON

XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)

Users of XFree86 should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64xfree86-font-utils< 4.3.0-120.ELXFree86-font-utils-4.3.0-120.EL.x86_64.rpm
RedHatanyi386xfree86-iso8859-14-75dpi-fonts< 4.3.0-120.ELXFree86-ISO8859-14-75dpi-fonts-4.3.0-120.EL.i386.rpm
RedHatanyia64xfree86-libs-data< 4.3.0-120.ELXFree86-libs-data-4.3.0-120.EL.ia64.rpm
RedHatanys390xfree86-cyrillic-fonts< 4.3.0-120.ELXFree86-cyrillic-fonts-4.3.0-120.EL.s390.rpm
RedHatanyia64xfree86-cyrillic-fonts< 4.1.0-82.ELXFree86-cyrillic-fonts-4.1.0-82.EL.ia64.rpm
RedHatanys390xxfree86-iso8859-15-75dpi-fonts< 4.3.0-120.ELXFree86-ISO8859-15-75dpi-fonts-4.3.0-120.EL.s390x.rpm
RedHatanys390xxfree86-base-fonts< 4.3.0-120.ELXFree86-base-fonts-4.3.0-120.EL.s390x.rpm
RedHatanyx86_64xfree86-xauth< 4.3.0-120.ELXFree86-xauth-4.3.0-120.EL.x86_64.rpm
RedHatanyia64xfree86-sdk< 4.3.0-120.ELXFree86-sdk-4.3.0-120.EL.ia64.rpm
RedHatanyppcxfree86-xnest< 4.3.0-120.ELXFree86-Xnest-4.3.0-120.EL.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	xfree86-font-utils	< 4.3.0-120.EL	XFree86-font-utils-4.3.0-120.EL.x86_64.rpm
RedHat	any	i386	xfree86-iso8859-14-75dpi-fonts	< 4.3.0-120.EL	XFree86-ISO8859-14-75dpi-fonts-4.3.0-120.EL.i386.rpm
RedHat	any	ia64	xfree86-libs-data	< 4.3.0-120.EL	XFree86-libs-data-4.3.0-120.EL.ia64.rpm
RedHat	any	s390	xfree86-cyrillic-fonts	< 4.3.0-120.EL	XFree86-cyrillic-fonts-4.3.0-120.EL.s390.rpm
RedHat	any	ia64	xfree86-cyrillic-fonts	< 4.1.0-82.EL	XFree86-cyrillic-fonts-4.1.0-82.EL.ia64.rpm
RedHat	any	s390x	xfree86-iso8859-15-75dpi-fonts	< 4.3.0-120.EL	XFree86-ISO8859-15-75dpi-fonts-4.3.0-120.EL.s390x.rpm
RedHat	any	s390x	xfree86-base-fonts	< 4.3.0-120.EL	XFree86-base-fonts-4.3.0-120.EL.s390x.rpm
RedHat	any	x86_64	xfree86-xauth	< 4.3.0-120.EL	XFree86-xauth-4.3.0-120.EL.x86_64.rpm
RedHat	any	ia64	xfree86-sdk	< 4.3.0-120.EL	XFree86-sdk-4.3.0-120.EL.ia64.rpm
RedHat	any	ppc	xfree86-xnest	< 4.3.0-120.EL	XFree86-Xnest-4.3.0-120.EL.ppc.rpm