Red Hat Product Errata RHSA-2007:0125 - Security Advisory
Issued:
2007-04-03
Updated:
2007-04-03

RHSA-2007:0125 - Security Advisory

Synopsis

Important: XFree86 security update

Type/Severity

Security Advisory: Important

Topic

Updated XFree86 packages that fix a number of security issues are now
available for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)

Users of XFree86 should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 231684 - CVE-2007-1667 XGetPixel() integer overflow
  • BZ - 232996 - CVE-2007-1003 xserver XC-MISC integer overflow
  • BZ - 234055 - CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.