RHSA-2007:0125 - Security Advisory
Important: XFree86 security update
Security Advisory: Important
Updated XFree86 packages that fix a number of security issues are now
available for Red Hat Enterprise Linux 2.1 and 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
Users of XFree86 should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
- BZ - 231684 - CVE-2007-1667 XGetPixel() integer overflow
- BZ - 232996 - CVE-2007-1003 xserver XC-MISC integer overflow
- BZ - 234055 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
This erratum does not contain any packages.