| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 03 Oct 2007 15:41:43 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
bugtraq@...urityfocus.com, lwn@....net
Subject: rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools
xorg-x11-xfs
rPath Security Advisory: 2007-0205-1
Published: 2007-10-03
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
Updated Versions:
xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1756
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990
Description:
Previous versions of the xorg-x11 package contain multiple
vulnerabilities in the xfs font server in which integer and heap
overflows may allow a local attacker to execute arbitrary code with
elevated privileges (as the "xfs" user on rPath Linux systems).
Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
Powered by blists - more mailing lists