FrSIRT - Fedora Security Update Fixes xorg-x11-xfs Multiple Local Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes xorg-x11-xfs Multiple Local Vulnerabilities

Title : Fedora Security Update Fixes xorg-x11-xfs Multiple Local Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-4134
CVE ID : CVE-2007-4568 - CVE-2007-4990
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-12-10

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been idenitified in Fedora, which could be exploited by local attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

3c9573b08ad82aaef14a71abd9ef3996e2609880 SRPMS/xorg-x11-xfs-1.0.5-1.fc6.src.rpm
3c9573b08ad82aaef14a71abd9ef3996e2609880 noarch/xorg-x11-xfs-1.0.5-1.fc6.src.rpm
ca2d5e5dc62448f881900c95ca26384cfca9431f ppc/xorg-x11-xfs-utils-1.0.5-1.fc6.ppc.rpm
cbce0c894e1f79b93b73bdeb3917a3689ca7693c ppc/debug/xorg-x11-xfs-debuginfo-1.0.5-1.fc6.ppc.rpm
42595b5d51cf33dc2452ac183ec7a25c447e34be ppc/xorg-x11-xfs-1.0.5-1.fc6.ppc.rpm
fdbc381d393eff096e7da03b82b8f813dad6db35 x86_64/debug/xorg-x11-xfs-debuginfo-1.0.5-1.fc6.x86_64.rpm
582b1962a8364825d2917a36b702d40c60e79096 x86_64/xorg-x11-xfs-1.0.5-1.fc6.x86_64.rpm
e9d78c971179afa414392f33a528c95e0a966dc2 x86_64/xorg-x11-xfs-utils-1.0.5-1.fc6.x86_64.rpm
692cbc9aea5c9eab6e3152cbcadb58fe4dd8561d i386/debug/xorg-x11-xfs-debuginfo-1.0.5-1.fc6.i386.rpm
79e8023adbb1352fc4612069982dd4678b9394bd i386/xorg-x11-xfs-1.0.5-1.fc6.i386.rpm
68f86a1998d9a39e60e4f14b67ee55b183fbf65c i386/xorg-x11-xfs-utils-1.0.5-1.fc6.i386.rpm

ChangeLog

2007-12-10 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Windows Kernel Local Integer Overflow Vulnerability
	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)

	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities
	IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM DB2 Universal Database Multiple Denial of Service
	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues