RHSA-2007:0520 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: xorg-x11-xfs security update

Type/Severity

Security Advisory: Moderate

Topic

Updated X.org packages that address a flaw in the way the X.Org X11 xfs
font server starts are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The X.Org X11 xfs font server provides a standard mechanism for an X server
to communicate with a font renderer.

A temporary file flaw was found in the way the X.Org X11 xfs font server
startup script executes. A local user could modify the permissions of a
file of their choosing, possibly elevating their local privileges.
(CVE-2007-3103)

Users of the X.org X11 xfs font server should upgrade to these updated
packages, which contain a backported patch and are not vulnerable to this
issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 242903 - CVE-2007-3103 init.d xfs script chown race condition vulnerability

CVEs

CVE-2007-3103

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
ia64
xorg-x11-xfs-1.0.2-4.ia64.rpm	SHA-256: 599c3992cabb90608f9f18201caa3d6856742dec7e61926ecbae5f658993153a
xorg-x11-xfs-utils-1.0.2-4.ia64.rpm	SHA-256: 9e625c25ede5bb42d9c6017d0d8f7f978eb4900dda6514f7a4f9985e69600e03

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories